From 0d44abff8a5254eeaf9c6bd5cd445dc206906382 Mon Sep 17 00:00:00 2001 From: arnoldna Date: Mon, 18 Dec 2023 16:42:32 -0700 Subject: [PATCH 01/21] Initial commit --- avm/res/app/managed-environment/README.md | 616 ++++++++++++++++++ avm/res/app/managed-environment/main.bicep | 200 ++++++ avm/res/app/managed-environment/main.json | 395 +++++++++++ .../tests/e2e/defaults/dependencies.bicep | 22 + .../tests/e2e/defaults/main.test.bicep | 57 ++ .../tests/e2e/max/dependencies.bicep | 59 ++ .../tests/e2e/max/main.test.bicep | 87 +++ .../tests/e2e/waf-aligned/dependencies.bicep | 59 ++ .../tests/e2e/waf-aligned/main.test.bicep | 86 +++ avm/res/app/managed-environment/version.json | 7 + 10 files changed, 1588 insertions(+) create mode 100644 avm/res/app/managed-environment/README.md create mode 100644 avm/res/app/managed-environment/main.bicep create mode 100644 avm/res/app/managed-environment/main.json create mode 100644 avm/res/app/managed-environment/tests/e2e/defaults/dependencies.bicep create mode 100644 avm/res/app/managed-environment/tests/e2e/defaults/main.test.bicep create mode 100644 avm/res/app/managed-environment/tests/e2e/max/dependencies.bicep create mode 100644 avm/res/app/managed-environment/tests/e2e/max/main.test.bicep create mode 100644 avm/res/app/managed-environment/tests/e2e/waf-aligned/dependencies.bicep create mode 100644 avm/res/app/managed-environment/tests/e2e/waf-aligned/main.test.bicep create mode 100644 avm/res/app/managed-environment/version.json diff --git a/avm/res/app/managed-environment/README.md b/avm/res/app/managed-environment/README.md new file mode 100644 index 0000000000..7bf9b6de60 --- /dev/null +++ b/avm/res/app/managed-environment/README.md @@ -0,0 +1,616 @@ +# App ManagedEnvironments `[Microsoft.App/managedEnvironments]` + +This module deploys an App Managed Environment (also known as a Container App Environment). + +## Navigation + +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) +- [Parameters](#Parameters) +- [Outputs](#Outputs) +- [Cross-referenced modules](#Cross-referenced-modules) + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.App/managedEnvironments` | [2023-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.App/2023-05-01/managedEnvironments) | +| `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | + +## Usage examples + +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. + +>**Note**: To reference the module, please use the following syntax `br/public:avm/res/app/managed-environment:`. + +- [Using only defaults](#example-1-using-only-defaults) +- [Using large parameter set](#example-2-using-large-parameter-set) +- [WAF-aligned](#example-3-waf-aligned) + +### Example 1: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. + + +
+ +via Bicep module + +```bicep +module managedEnvironment 'br/public:avm/res/app/managed-environment:' = { + name: '${uniqueString(deployment().name, location)}-test-amemin' + params: { + // Required parameters + enableDefaultTelemetry: '' + logAnalyticsWorkspaceResourceId: '' + name: 'amemin001' + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "enableDefaultTelemetry": { + "value": "" + }, + "logAnalyticsWorkspaceResourceId": { + "value": "" + }, + "name": { + "value": "amemin001" + } + } +} +``` + +
+

+ +### Example 2: _Using large parameter set_ + +This instance deploys the module with most of its features enabled. + + +

+ +via Bicep module + +```bicep +module managedEnvironment 'br/public:avm/res/app/managed-environment:' = { + name: '${uniqueString(deployment().name, location)}-test-amemax' + params: { + // Required parameters + enableDefaultTelemetry: '' + logAnalyticsWorkspaceResourceId: '' + name: 'amemax001' + // Non-required parameters + dockerBridgeCidr: '172.16.0.1/28' + infrastructureResourceGroupName: '' + infrastructureSubnetId: '' + internal: true + location: '' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } + platformReservedCidr: '172.17.17.0/24' + platformReservedDnsIP: '172.17.17.17' + tags: { + Env: 'test' + 'hidden-title': 'This is visible in the resource name' + } + workloadProfiles: '' + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "enableDefaultTelemetry": { + "value": "" + }, + "logAnalyticsWorkspaceResourceId": { + "value": "" + }, + "name": { + "value": "amemax001" + }, + // Non-required parameters + "dockerBridgeCidr": { + "value": "172.16.0.1/28" + }, + "infrastructureResourceGroupName": { + "value": "" + }, + "infrastructureSubnetId": { + "value": "" + }, + "internal": { + "value": true + }, + "location": { + "value": "" + }, + "lock": { + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } + }, + "platformReservedCidr": { + "value": "172.17.17.0/24" + }, + "platformReservedDnsIP": { + "value": "172.17.17.17" + }, + "tags": { + "value": { + "Env": "test", + "hidden-title": "This is visible in the resource name" + } + }, + "workloadProfiles": { + "value": "" + } + } +} +``` + +
+

+ +### Example 3: _WAF-aligned_ + +This instance deploys the module in alignment with the best-practices of the Azure Well-Architected Framework. + + +

+ +via Bicep module + +```bicep +module managedEnvironment 'br/public:avm/res/app/managed-environment:' = { + name: '${uniqueString(deployment().name, location)}-test-amewaf' + params: { + // Required parameters + enableDefaultTelemetry: '' + logAnalyticsWorkspaceResourceId: '' + name: 'amewaf001' + // Non-required parameters + dockerBridgeCidr: '172.16.0.1/28' + infrastructureResourceGroupName: '' + infrastructureSubnetId: '' + internal: true + location: '' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } + platformReservedCidr: '172.17.17.0/24' + platformReservedDnsIP: '172.17.17.17' + tags: { + Env: 'test' + 'hidden-title': 'This is visible in the resource name' + } + workloadProfiles: '' + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "enableDefaultTelemetry": { + "value": "" + }, + "logAnalyticsWorkspaceResourceId": { + "value": "" + }, + "name": { + "value": "amewaf001" + }, + // Non-required parameters + "dockerBridgeCidr": { + "value": "172.16.0.1/28" + }, + "infrastructureResourceGroupName": { + "value": "" + }, + "infrastructureSubnetId": { + "value": "" + }, + "internal": { + "value": true + }, + "location": { + "value": "" + }, + "lock": { + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } + }, + "platformReservedCidr": { + "value": "172.17.17.0/24" + }, + "platformReservedDnsIP": { + "value": "172.17.17.17" + }, + "tags": { + "value": { + "Env": "test", + "hidden-title": "This is visible in the resource name" + } + }, + "workloadProfiles": { + "value": "" + } + } +} +``` + +
+

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`logAnalyticsWorkspaceResourceId`](#parameter-loganalyticsworkspaceresourceid) | string | Existing Log Analytics Workspace resource ID. Note: This value is not required as per the resource type. However, not providing it currently causes an issue that is tracked [here](https://github.com/Azure/bicep/issues/9990). | +| [`name`](#parameter-name) | string | Name of the Container Apps Managed Environment. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`infrastructureSubnetId`](#parameter-infrastructuresubnetid) | string | Resource ID of a subnet for infrastructure components. This is used to deploy the environment into a virtual network. Must not overlap with any other provided IP ranges. Required if "internal" is set to true. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`certificatePassword`](#parameter-certificatepassword) | securestring | Password of the certificate used by the custom domain. | +| [`certificateValue`](#parameter-certificatevalue) | securestring | Certificate to use for the custom domain. PFX or PEM. | +| [`daprAIConnectionString`](#parameter-dapraiconnectionstring) | securestring | Application Insights connection string used by Dapr to export Service to Service communication telemetry. | +| [`daprAIInstrumentationKey`](#parameter-dapraiinstrumentationkey) | securestring | Azure Monitor instrumentation key used by Dapr to export Service to Service communication telemetry. | +| [`dnsSuffix`](#parameter-dnssuffix) | string | DNS suffix for the environment domain. | +| [`dockerBridgeCidr`](#parameter-dockerbridgecidr) | string | CIDR notation IP range assigned to the Docker bridge, network. It must not overlap with any other provided IP ranges and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`infrastructureResourceGroupName`](#parameter-infrastructureresourcegroupname) | string | Name of the infrastructure resource group. If not provided, it will be set with a default value. | +| [`internal`](#parameter-internal) | bool | Boolean indicating the environment only has an internal load balancer. These environments do not have a public static IP resource. If set to true, then "infrastructureSubnetId" must be provided. | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | +| [`logsDestination`](#parameter-logsdestination) | string | Logs destination. | +| [`platformReservedCidr`](#parameter-platformreservedcidr) | string | IP range in CIDR notation that can be reserved for environment infrastructure IP addresses. It must not overlap with any other provided IP ranges and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform. | +| [`platformReservedDnsIP`](#parameter-platformreserveddnsip) | string | An IP address from the IP range defined by "platformReservedCidr" that will be reserved for the internal DNS server. It must not be the first address in the range and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignments to create. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`workloadProfiles`](#parameter-workloadprofiles) | array | Workload profiles configured for the Managed Environment. | +| [`zoneRedundant`](#parameter-zoneredundant) | bool | Whether or not this Managed Environment is zone-redundant. | + +### Parameter: `logAnalyticsWorkspaceResourceId` + +Existing Log Analytics Workspace resource ID. Note: This value is not required as per the resource type. However, not providing it currently causes an issue that is tracked [here](https://github.com/Azure/bicep/issues/9990). + +- Required: Yes +- Type: string + +### Parameter: `name` + +Name of the Container Apps Managed Environment. + +- Required: Yes +- Type: string + +### Parameter: `infrastructureSubnetId` + +Resource ID of a subnet for infrastructure components. This is used to deploy the environment into a virtual network. Must not overlap with any other provided IP ranges. Required if "internal" is set to true. + +- Required: No +- Type: string +- Default: `''` + +### Parameter: `certificatePassword` + +Password of the certificate used by the custom domain. + +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `certificateValue` + +Certificate to use for the custom domain. PFX or PEM. + +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `daprAIConnectionString` + +Application Insights connection string used by Dapr to export Service to Service communication telemetry. + +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `daprAIInstrumentationKey` + +Azure Monitor instrumentation key used by Dapr to export Service to Service communication telemetry. + +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `dnsSuffix` + +DNS suffix for the environment domain. + +- Required: No +- Type: string +- Default: `''` + +### Parameter: `dockerBridgeCidr` + +CIDR notation IP range assigned to the Docker bridge, network. It must not overlap with any other provided IP ranges and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform. + +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: Yes +- Type: bool + +### Parameter: `infrastructureResourceGroupName` + +Name of the infrastructure resource group. If not provided, it will be set with a default value. + +- Required: No +- Type: string +- Default: `[take(format('ME_{0}', parameters('name')), 63)]` + +### Parameter: `internal` + +Boolean indicating the environment only has an internal load balancer. These environments do not have a public static IP resource. If set to true, then "infrastructureSubnetId" must be provided. + +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `location` + +Location for all Resources. + +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +The lock settings of the service. + +- Required: No +- Type: object + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | + +### Parameter: `lock.kind` + +Specify the type of lock. + +- Required: No +- Type: string +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` + +### Parameter: `lock.name` + +Specify the name of lock. + +- Required: No +- Type: string + +### Parameter: `logsDestination` + +Logs destination. + +- Required: No +- Type: string +- Default: `'log-analytics'` + +### Parameter: `platformReservedCidr` + +IP range in CIDR notation that can be reserved for environment infrastructure IP addresses. It must not overlap with any other provided IP ranges and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform. + +- Required: No +- Type: string +- Default: `''` + +### Parameter: `platformReservedDnsIP` + +An IP address from the IP range defined by "platformReservedCidr" that will be reserved for the internal DNS server. It must not be the first address in the range and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform. + +- Required: No +- Type: string +- Default: `''` + +### Parameter: `roleAssignments` + +Array of role assignments to create. + +- Required: No +- Type: array + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | + +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes +- Type: string + +### Parameter: `roleAssignments.roleDefinitionIdOrName` + +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + +- Required: Yes +- Type: string + +### Parameter: `roleAssignments.condition` + +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" + +- Required: No +- Type: string + +### Parameter: `roleAssignments.conditionVersion` + +Version of the condition. + +- Required: No +- Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` + +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` + +The Resource Id of the delegated managed identity resource. + +- Required: No +- Type: string + +### Parameter: `roleAssignments.description` + +The description of the role assignment. + +- Required: No +- Type: string + +### Parameter: `roleAssignments.principalType` + +The principal type of the assigned principal ID. + +- Required: No +- Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` + +### Parameter: `tags` + +Tags of the resource. + +- Required: No +- Type: object + +### Parameter: `workloadProfiles` + +Workload profiles configured for the Managed Environment. + +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `zoneRedundant` + +Whether or not this Managed Environment is zone-redundant. + +- Required: No +- Type: bool +- Default: `False` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `defaultDomain` | string | The Default domain of the Managed Environment. | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the Managed Environment. | +| `resourceGroupName` | string | The name of the resource group the Managed Environment was deployed into. | +| `resourceId` | string | The resource ID of the Managed Environment. | + +## Cross-referenced modules + +_None_ diff --git a/avm/res/app/managed-environment/main.bicep b/avm/res/app/managed-environment/main.bicep new file mode 100644 index 0000000000..93e9920902 --- /dev/null +++ b/avm/res/app/managed-environment/main.bicep @@ -0,0 +1,200 @@ +metadata name = 'App ManagedEnvironments' +metadata description = 'This module deploys an App Managed Environment (also known as a Container App Environment).' +metadata owner = 'Azure/module-maintainers' + +@description('Required. Name of the Container Apps Managed Environment.') +param name string + +@description('Required. Existing Log Analytics Workspace resource ID. Note: This value is not required as per the resource type. However, not providing it currently causes an issue that is tracked [here](https://github.com/Azure/bicep/issues/9990).') +param logAnalyticsWorkspaceResourceId string + +@description('Optional. Location for all Resources.') +param location string = resourceGroup().location + +@description('Optional. Tags of the resource.') +param tags object? + +@description('Optional. Array of role assignments to create.') +param roleAssignments roleAssignmentType + +@description('Optional. Logs destination.') +param logsDestination string = 'log-analytics' + +@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') +param enableDefaultTelemetry bool + +@description('Optional. Application Insights connection string used by Dapr to export Service to Service communication telemetry.') +@secure() +param daprAIConnectionString string = '' + +@description('Optional. Azure Monitor instrumentation key used by Dapr to export Service to Service communication telemetry.') +@secure() +param daprAIInstrumentationKey string = '' + +@description('Optional. CIDR notation IP range assigned to the Docker bridge, network. It must not overlap with any other provided IP ranges and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform.') +param dockerBridgeCidr string = '' + +@description('Conditional. Resource ID of a subnet for infrastructure components. This is used to deploy the environment into a virtual network. Must not overlap with any other provided IP ranges. Required if "internal" is set to true.') +param infrastructureSubnetId string = '' + +@description('Optional. Boolean indicating the environment only has an internal load balancer. These environments do not have a public static IP resource. If set to true, then "infrastructureSubnetId" must be provided.') +param internal bool = false + +@description('Optional. IP range in CIDR notation that can be reserved for environment infrastructure IP addresses. It must not overlap with any other provided IP ranges and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform.') +param platformReservedCidr string = '' + +@description('Optional. An IP address from the IP range defined by "platformReservedCidr" that will be reserved for the internal DNS server. It must not be the first address in the range and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform.') +param platformReservedDnsIP string = '' + +@description('Optional. Whether or not this Managed Environment is zone-redundant.') +param zoneRedundant bool = false + +@description('Optional. Password of the certificate used by the custom domain.') +@secure() +param certificatePassword string = '' + +@description('Optional. Certificate to use for the custom domain. PFX or PEM.') +@secure() +param certificateValue string = '' + +@description('Optional. DNS suffix for the environment domain.') +param dnsSuffix string = '' + +@description('Optional. The lock settings of the service.') +param lock lockType + +@description('Optional. Workload profiles configured for the Managed Environment.') +param workloadProfiles array = [] + +@description('Optional. Name of the infrastructure resource group. If not provided, it will be set with a default value.') +param infrastructureResourceGroupName string = take('ME_${name}', 63) + +var builtInRoleNames = { + Contributor: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') + Owner: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') + Reader: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') + 'Role Based Access Control Administrator (Preview)': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168') + 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') +} + +resource defaultTelemetry 'Microsoft.Resources/deployments@2022-09-01' = if (enableDefaultTelemetry) { + name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' + properties: { + mode: 'Incremental' + template: { + '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' + contentVersion: '1.0.0.0' + resources: [] + } + } +} + +resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2021-06-01' existing = if (!empty(logAnalyticsWorkspaceResourceId)) { + name: last(split(logAnalyticsWorkspaceResourceId, '/'))! + scope: resourceGroup(split(logAnalyticsWorkspaceResourceId, '/')[2], split(logAnalyticsWorkspaceResourceId, '/')[4]) +} + +resource managedEnvironment 'Microsoft.App/managedEnvironments@2023-05-01' = { + name: name + location: location + tags: tags + properties: { + appLogsConfiguration: { + destination: logsDestination + logAnalyticsConfiguration: { + customerId: logAnalyticsWorkspace.properties.customerId + sharedKey: logAnalyticsWorkspace.listKeys().primarySharedKey + } + } + daprAIConnectionString: daprAIConnectionString + daprAIInstrumentationKey: daprAIInstrumentationKey + customDomainConfiguration: { + certificatePassword: certificatePassword + certificateValue: !empty(certificateValue) ? certificateValue : null + dnsSuffix: dnsSuffix + } + vnetConfiguration: { + internal: internal + infrastructureSubnetId: !empty(infrastructureSubnetId) ? infrastructureSubnetId : null + dockerBridgeCidr: !empty(infrastructureSubnetId) ? dockerBridgeCidr : null + platformReservedCidr: empty(workloadProfiles) && !empty(infrastructureSubnetId) ? platformReservedCidr : null + platformReservedDnsIP: empty(workloadProfiles) && !empty(infrastructureSubnetId) ? platformReservedDnsIP : null + } + workloadProfiles: !empty(workloadProfiles) ? workloadProfiles : null + zoneRedundant: zoneRedundant + infrastructureResourceGroup: infrastructureResourceGroupName + } +} + +resource managedEnvironment_roleAssignments 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for (roleAssignment, index) in (roleAssignments ?? []): { + name: guid(managedEnvironment.id, roleAssignment.principalId, roleAssignment.roleDefinitionIdOrName) + properties: { + roleDefinitionId: contains(builtInRoleNames, roleAssignment.roleDefinitionIdOrName) ? builtInRoleNames[roleAssignment.roleDefinitionIdOrName] : contains(roleAssignment.roleDefinitionIdOrName, '/providers/Microsoft.Authorization/roleDefinitions/') ? roleAssignment.roleDefinitionIdOrName : subscriptionResourceId('Microsoft.Authorization/roleDefinitions', roleAssignment.roleDefinitionIdOrName) + principalId: roleAssignment.principalId + description: roleAssignment.?description + principalType: roleAssignment.?principalType + condition: roleAssignment.?condition + conditionVersion: !empty(roleAssignment.?condition) ? (roleAssignment.?conditionVersion ?? '2.0') : null // Must only be set if condtion is set + delegatedManagedIdentityResourceId: roleAssignment.?delegatedManagedIdentityResourceId + } + scope: managedEnvironment +}] + +resource managedEnvironment_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') { + name: lock.?name ?? 'lock-${name}' + properties: { + level: lock.?kind ?? '' + notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.' + } + scope: managedEnvironment +} + +@description('The name of the resource group the Managed Environment was deployed into.') +output resourceGroupName string = resourceGroup().name + +@description('The location the resource was deployed into.') +output location string = managedEnvironment.location + +@description('The name of the Managed Environment.') +output name string = managedEnvironment.name + +@description('The resource ID of the Managed Environment.') +output resourceId string = managedEnvironment.id + +@description('The Default domain of the Managed Environment.') +output defaultDomain string = managedEnvironment.properties.defaultDomain + +// =============== // +// Definitions // +// =============== // + +type lockType = { + @description('Optional. Specify the name of lock.') + name: string? + + @description('Optional. Specify the type of lock.') + kind: ('CanNotDelete' | 'ReadOnly' | 'None')? +}? + +type roleAssignmentType = { + @description('Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') + roleDefinitionIdOrName: string + + @description('Required. The principal ID of the principal (user/group/identity) to assign the role to.') + principalId: string + + @description('Optional. The principal type of the assigned principal ID.') + principalType: ('ServicePrincipal' | 'Group' | 'User' | 'ForeignGroup' | 'Device')? + + @description('Optional. The description of the role assignment.') + description: string? + + @description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') + condition: string? + + @description('Optional. Version of the condition.') + conditionVersion: '2.0'? + + @description('Optional. The Resource Id of the delegated managed identity resource.') + delegatedManagedIdentityResourceId: string? +}[]? diff --git a/avm/res/app/managed-environment/main.json b/avm/res/app/managed-environment/main.json new file mode 100644 index 0000000000..d3860b25fa --- /dev/null +++ b/avm/res/app/managed-environment/main.json @@ -0,0 +1,395 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.23.1.45101", + "templateHash": "6452494198386670014" + }, + "name": "App ManagedEnvironments", + "description": "This module deploys an App Managed Environment (also known as a Container App Environment).", + "owner": "Azure/module-maintainers" + }, + "definitions": { + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." + } + } + }, + "nullable": true + }, + "roleAssignmentType": { + "type": "array", + "items": { + "type": "object", + "properties": { + "roleDefinitionIdOrName": { + "type": "string", + "metadata": { + "description": "Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + } + }, + "principalId": { + "type": "string", + "metadata": { + "description": "Required. The principal ID of the principal (user/group/identity) to assign the role to." + } + }, + "principalType": { + "type": "string", + "allowedValues": [ + "Device", + "ForeignGroup", + "Group", + "ServicePrincipal", + "User" + ], + "nullable": true, + "metadata": { + "description": "Optional. The principal type of the assigned principal ID." + } + }, + "description": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The description of the role assignment." + } + }, + "condition": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" + } + }, + "conditionVersion": { + "type": "string", + "allowedValues": [ + "2.0" + ], + "nullable": true, + "metadata": { + "description": "Optional. Version of the condition." + } + }, + "delegatedManagedIdentityResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The Resource Id of the delegated managed identity resource." + } + } + } + }, + "nullable": true + } + }, + "parameters": { + "name": { + "type": "string", + "metadata": { + "description": "Required. Name of the Container Apps Managed Environment." + } + }, + "logAnalyticsWorkspaceResourceId": { + "type": "string", + "metadata": { + "description": "Required. Existing Log Analytics Workspace resource ID. Note: This value is not required as per the resource type. However, not providing it currently causes an issue that is tracked [here](https://github.com/Azure/bicep/issues/9990)." + } + }, + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. Location for all Resources." + } + }, + "tags": { + "type": "object", + "nullable": true, + "metadata": { + "description": "Optional. Tags of the resource." + } + }, + "roleAssignments": { + "$ref": "#/definitions/roleAssignmentType", + "metadata": { + "description": "Optional. Array of role assignments to create." + } + }, + "logsDestination": { + "type": "string", + "defaultValue": "log-analytics", + "metadata": { + "description": "Optional. Logs destination." + } + }, + "enableDefaultTelemetry": { + "type": "bool", + "metadata": { + "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." + } + }, + "daprAIConnectionString": { + "type": "securestring", + "defaultValue": "", + "metadata": { + "description": "Optional. Application Insights connection string used by Dapr to export Service to Service communication telemetry." + } + }, + "daprAIInstrumentationKey": { + "type": "securestring", + "defaultValue": "", + "metadata": { + "description": "Optional. Azure Monitor instrumentation key used by Dapr to export Service to Service communication telemetry." + } + }, + "dockerBridgeCidr": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. CIDR notation IP range assigned to the Docker bridge, network. It must not overlap with any other provided IP ranges and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform." + } + }, + "infrastructureSubnetId": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Conditional. Resource ID of a subnet for infrastructure components. This is used to deploy the environment into a virtual network. Must not overlap with any other provided IP ranges. Required if \"internal\" is set to true." + } + }, + "internal": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Boolean indicating the environment only has an internal load balancer. These environments do not have a public static IP resource. If set to true, then \"infrastructureSubnetId\" must be provided." + } + }, + "platformReservedCidr": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. IP range in CIDR notation that can be reserved for environment infrastructure IP addresses. It must not overlap with any other provided IP ranges and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform." + } + }, + "platformReservedDnsIP": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. An IP address from the IP range defined by \"platformReservedCidr\" that will be reserved for the internal DNS server. It must not be the first address in the range and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform." + } + }, + "zoneRedundant": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Whether or not this Managed Environment is zone-redundant." + } + }, + "certificatePassword": { + "type": "securestring", + "defaultValue": "", + "metadata": { + "description": "Optional. Password of the certificate used by the custom domain." + } + }, + "certificateValue": { + "type": "securestring", + "defaultValue": "", + "metadata": { + "description": "Optional. Certificate to use for the custom domain. PFX or PEM." + } + }, + "dnsSuffix": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Optional. DNS suffix for the environment domain." + } + }, + "lock": { + "$ref": "#/definitions/lockType", + "metadata": { + "description": "Optional. The lock settings of the service." + } + }, + "workloadProfiles": { + "type": "array", + "defaultValue": [], + "metadata": { + "description": "Optional. Workload profiles configured for the Managed Environment." + } + }, + "infrastructureResourceGroupName": { + "type": "string", + "defaultValue": "[take(format('ME_{0}', parameters('name')), 63)]", + "metadata": { + "description": "Optional. Name of the infrastructure resource group. If not provided, it will be set with a default value." + } + } + }, + "variables": { + "builtInRoleNames": { + "Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]", + "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", + "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", + "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]", + "User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]" + } + }, + "resources": { + "defaultTelemetry": { + "condition": "[parameters('enableDefaultTelemetry')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "properties": { + "mode": "Incremental", + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "resources": [] + } + } + }, + "logAnalyticsWorkspace": { + "condition": "[not(empty(parameters('logAnalyticsWorkspaceResourceId')))]", + "existing": true, + "type": "Microsoft.OperationalInsights/workspaces", + "apiVersion": "2021-06-01", + "subscriptionId": "[split(parameters('logAnalyticsWorkspaceResourceId'), '/')[2]]", + "resourceGroup": "[split(parameters('logAnalyticsWorkspaceResourceId'), '/')[4]]", + "name": "[last(split(parameters('logAnalyticsWorkspaceResourceId'), '/'))]" + }, + "managedEnvironment": { + "type": "Microsoft.App/managedEnvironments", + "apiVersion": "2023-05-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "tags": "[parameters('tags')]", + "properties": { + "appLogsConfiguration": { + "destination": "[parameters('logsDestination')]", + "logAnalyticsConfiguration": { + "customerId": "[reference('logAnalyticsWorkspace').customerId]", + "sharedKey": "[listKeys(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', split(parameters('logAnalyticsWorkspaceResourceId'), '/')[2], split(parameters('logAnalyticsWorkspaceResourceId'), '/')[4]), 'Microsoft.OperationalInsights/workspaces', last(split(parameters('logAnalyticsWorkspaceResourceId'), '/'))), '2021-06-01').primarySharedKey]" + } + }, + "daprAIConnectionString": "[parameters('daprAIConnectionString')]", + "daprAIInstrumentationKey": "[parameters('daprAIInstrumentationKey')]", + "customDomainConfiguration": { + "certificatePassword": "[parameters('certificatePassword')]", + "certificateValue": "[if(not(empty(parameters('certificateValue'))), parameters('certificateValue'), null())]", + "dnsSuffix": "[parameters('dnsSuffix')]" + }, + "vnetConfiguration": { + "internal": "[parameters('internal')]", + "infrastructureSubnetId": "[if(not(empty(parameters('infrastructureSubnetId'))), parameters('infrastructureSubnetId'), null())]", + "dockerBridgeCidr": "[if(not(empty(parameters('infrastructureSubnetId'))), parameters('dockerBridgeCidr'), null())]", + "platformReservedCidr": "[if(and(empty(parameters('workloadProfiles')), not(empty(parameters('infrastructureSubnetId')))), parameters('platformReservedCidr'), null())]", + "platformReservedDnsIP": "[if(and(empty(parameters('workloadProfiles')), not(empty(parameters('infrastructureSubnetId')))), parameters('platformReservedDnsIP'), null())]" + }, + "workloadProfiles": "[if(not(empty(parameters('workloadProfiles'))), parameters('workloadProfiles'), null())]", + "zoneRedundant": "[parameters('zoneRedundant')]", + "infrastructureResourceGroup": "[parameters('infrastructureResourceGroupName')]" + }, + "dependsOn": [ + "logAnalyticsWorkspace" + ] + }, + "managedEnvironment_roleAssignments": { + "copy": { + "name": "managedEnvironment_roleAssignments", + "count": "[length(coalesce(parameters('roleAssignments'), createArray()))]" + }, + "type": "Microsoft.Authorization/roleAssignments", + "apiVersion": "2022-04-01", + "scope": "[format('Microsoft.App/managedEnvironments/{0}', parameters('name'))]", + "name": "[guid(resourceId('Microsoft.App/managedEnvironments', parameters('name')), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId, coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]", + "properties": { + "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName), variables('builtInRoleNames')[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName], if(contains(coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName, '/providers/Microsoft.Authorization/roleDefinitions/'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)))]", + "principalId": "[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId]", + "description": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'description')]", + "principalType": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'principalType')]", + "condition": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition')]", + "conditionVersion": "[if(not(empty(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition'))), coalesce(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'conditionVersion'), '2.0'), null())]", + "delegatedManagedIdentityResourceId": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'delegatedManagedIdentityResourceId')]" + }, + "dependsOn": [ + "managedEnvironment" + ] + }, + "managedEnvironment_lock": { + "condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]", + "type": "Microsoft.Authorization/locks", + "apiVersion": "2020-05-01", + "scope": "[format('Microsoft.App/managedEnvironments/{0}', parameters('name'))]", + "name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]", + "properties": { + "level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]", + "notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]" + }, + "dependsOn": [ + "managedEnvironment" + ] + } + }, + "outputs": { + "resourceGroupName": { + "type": "string", + "metadata": { + "description": "The name of the resource group the Managed Environment was deployed into." + }, + "value": "[resourceGroup().name]" + }, + "location": { + "type": "string", + "metadata": { + "description": "The location the resource was deployed into." + }, + "value": "[reference('managedEnvironment', '2023-05-01', 'full').location]" + }, + "name": { + "type": "string", + "metadata": { + "description": "The name of the Managed Environment." + }, + "value": "[parameters('name')]" + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the Managed Environment." + }, + "value": "[resourceId('Microsoft.App/managedEnvironments', parameters('name'))]" + }, + "defaultDomain": { + "type": "string", + "metadata": { + "description": "The Default domain of the Managed Environment." + }, + "value": "[reference('managedEnvironment').defaultDomain]" + } + } +} \ No newline at end of file diff --git a/avm/res/app/managed-environment/tests/e2e/defaults/dependencies.bicep b/avm/res/app/managed-environment/tests/e2e/defaults/dependencies.bicep new file mode 100644 index 0000000000..737827c1fd --- /dev/null +++ b/avm/res/app/managed-environment/tests/e2e/defaults/dependencies.bicep @@ -0,0 +1,22 @@ +@description('Optional. The location to deploy resources to.') +param location string = resourceGroup().location + +@description('Required. The name of the Log Analytics Workspace to create.') +param logAnalyticsWorkspaceName string + +resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2022-10-01' = { + name: logAnalyticsWorkspaceName + location: location + properties: any({ + retentionInDays: 30 + features: { + searchVersion: 1 + } + sku: { + name: 'PerGB2018' + } + }) +} + +@description('The resource ID of the created Log Analytics Workspace.') +output logAnalyticsWorkspaceResourceId string = logAnalyticsWorkspace.id diff --git a/avm/res/app/managed-environment/tests/e2e/defaults/main.test.bicep b/avm/res/app/managed-environment/tests/e2e/defaults/main.test.bicep new file mode 100644 index 0000000000..40a1ae5178 --- /dev/null +++ b/avm/res/app/managed-environment/tests/e2e/defaults/main.test.bicep @@ -0,0 +1,57 @@ +targetScope = 'subscription' + +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + +// ========== // +// Parameters // +// ========== // +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'dep-${namePrefix}-app.managedenvironments-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param location string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'amemin' + +@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') +param enableDefaultTelemetry bool = true + +@description('Optional. A token to inject into the name of each resource.') +param namePrefix string = '[[namePrefix]]' + +// =========== // +// Deployments // +// =========== // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: location +} + +module nestedDependencies 'dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-paramNested' + params: { + logAnalyticsWorkspaceName: 'dep-${namePrefix}-law-${serviceShort}' + } +} + +// ============== // +// Test Execution // +// ============== // + +@batchSize(1) +module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' ]: { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-test-${serviceShort}-${iteration}' + params: { + enableDefaultTelemetry: enableDefaultTelemetry + name: '${namePrefix}${serviceShort}001' + logAnalyticsWorkspaceResourceId: nestedDependencies.outputs.logAnalyticsWorkspaceResourceId + } +}] diff --git a/avm/res/app/managed-environment/tests/e2e/max/dependencies.bicep b/avm/res/app/managed-environment/tests/e2e/max/dependencies.bicep new file mode 100644 index 0000000000..8d908b1603 --- /dev/null +++ b/avm/res/app/managed-environment/tests/e2e/max/dependencies.bicep @@ -0,0 +1,59 @@ +@description('Optional. The location to deploy resources to.') +param location string = resourceGroup().location + +@description('Required. The name of the Log Analytics Workspace to create.') +param logAnalyticsWorkspaceName string + +@description('Required. The name of the Virtual Network to create.') +param virtualNetworkName string + +var addressPrefix = '10.0.0.0/16' + +resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2022-10-01' = { + name: logAnalyticsWorkspaceName + location: location + properties: any({ + retentionInDays: 30 + features: { + searchVersion: 1 + } + sku: { + name: 'PerGB2018' + } + }) +} + +resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = { + name: virtualNetworkName + location: location + properties: { + addressSpace: { + addressPrefixes: [ + addressPrefix + ] + } + subnets: [ + { + name: 'defaultSubnet' + properties: { + addressPrefix: cidrSubnet(addressPrefix, 16, 0) + delegations: [ + { + name: 'Microsoft.App.environments' + properties: { + serviceName: 'Microsoft.App/environments' + } + } + ] + } + } + ] + } + +} + +@description('The resource ID of the created Log Analytics Workspace.') +output logAnalyticsWorkspaceResourceId string = logAnalyticsWorkspace.id + +@description('The resource ID of the created Virtual Network Subnet.') +output subnetResourceId string = virtualNetwork.properties.subnets[0].id diff --git a/avm/res/app/managed-environment/tests/e2e/max/main.test.bicep b/avm/res/app/managed-environment/tests/e2e/max/main.test.bicep new file mode 100644 index 0000000000..1646791a1b --- /dev/null +++ b/avm/res/app/managed-environment/tests/e2e/max/main.test.bicep @@ -0,0 +1,87 @@ +targetScope = 'subscription' + +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' + +// ========== // +// Parameters // +// ========== // +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'dep-${namePrefix}-app.managedenvironments-${serviceShort}-rg' + +@description('Optional. The name of the infrastructre resource group to deploy for testing purposes.') +param infrastructureResourceGroupName string = 'me-dep-${namePrefix}-app.managedenvironments-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param location string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'amemax' + +@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') +param enableDefaultTelemetry bool = true + +@description('Optional. A token to inject into the name of each resource.') +param namePrefix string = '[[namePrefix]]' + +@description('Optional. WorkloadProfile') +param workloadProfiles array = [ + { + workloadProfileType: 'D4' + name: 'CAW01' + minimumCount: 0 + maximumCount: 3 + } +] + +// =========== // +// Deployments // +// =========== // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: location +} + +module nestedDependencies 'dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-paramNested' + params: { + logAnalyticsWorkspaceName: 'dep-${namePrefix}-law-${serviceShort}' + virtualNetworkName: 'dep-${namePrefix}-vnet-${serviceShort}' + } +} + +// ============== // +// Test Execution // +// ============== // + +@batchSize(1) +module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' ]: { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-test-${serviceShort}-${iteration}' + params: { + enableDefaultTelemetry: enableDefaultTelemetry + name: '${namePrefix}${serviceShort}001' + logAnalyticsWorkspaceResourceId: nestedDependencies.outputs.logAnalyticsWorkspaceResourceId + location: location + workloadProfiles: workloadProfiles + internal: true + dockerBridgeCidr: '172.16.0.1/28' + platformReservedCidr: '172.17.17.0/24' + platformReservedDnsIP: '172.17.17.17' + infrastructureSubnetId: nestedDependencies.outputs.subnetResourceId + infrastructureResourceGroupName: infrastructureResourceGroupName + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } + tags: { + 'hidden-title': 'This is visible in the resource name' + Env: 'test' + } + } +}] diff --git a/avm/res/app/managed-environment/tests/e2e/waf-aligned/dependencies.bicep b/avm/res/app/managed-environment/tests/e2e/waf-aligned/dependencies.bicep new file mode 100644 index 0000000000..8d908b1603 --- /dev/null +++ b/avm/res/app/managed-environment/tests/e2e/waf-aligned/dependencies.bicep @@ -0,0 +1,59 @@ +@description('Optional. The location to deploy resources to.') +param location string = resourceGroup().location + +@description('Required. The name of the Log Analytics Workspace to create.') +param logAnalyticsWorkspaceName string + +@description('Required. The name of the Virtual Network to create.') +param virtualNetworkName string + +var addressPrefix = '10.0.0.0/16' + +resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2022-10-01' = { + name: logAnalyticsWorkspaceName + location: location + properties: any({ + retentionInDays: 30 + features: { + searchVersion: 1 + } + sku: { + name: 'PerGB2018' + } + }) +} + +resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = { + name: virtualNetworkName + location: location + properties: { + addressSpace: { + addressPrefixes: [ + addressPrefix + ] + } + subnets: [ + { + name: 'defaultSubnet' + properties: { + addressPrefix: cidrSubnet(addressPrefix, 16, 0) + delegations: [ + { + name: 'Microsoft.App.environments' + properties: { + serviceName: 'Microsoft.App/environments' + } + } + ] + } + } + ] + } + +} + +@description('The resource ID of the created Log Analytics Workspace.') +output logAnalyticsWorkspaceResourceId string = logAnalyticsWorkspace.id + +@description('The resource ID of the created Virtual Network Subnet.') +output subnetResourceId string = virtualNetwork.properties.subnets[0].id diff --git a/avm/res/app/managed-environment/tests/e2e/waf-aligned/main.test.bicep b/avm/res/app/managed-environment/tests/e2e/waf-aligned/main.test.bicep new file mode 100644 index 0000000000..11807a0ea4 --- /dev/null +++ b/avm/res/app/managed-environment/tests/e2e/waf-aligned/main.test.bicep @@ -0,0 +1,86 @@ +targetScope = 'subscription' + +metadata name = 'WAF-aligned' +metadata description = 'This instance deploys the module in alignment with the best-practices of the Azure Well-Architected Framework.' + +// ========== // +// Parameters // +// ========== // +@description('Optional. The name of the resource group to deploy for testing purposes.') +@maxLength(90) +param resourceGroupName string = 'dep-${namePrefix}-app.managedenvironments-${serviceShort}-rg' + +@description('Optional. The name of the infrastructre resource group to deploy for testing purposes.') +param infrastructureResourceGroupName string = 'me-dep-${namePrefix}-app.managedenvironments-${serviceShort}-rg' + +@description('Optional. The location to deploy resources to.') +param location string = deployment().location + +@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') +param serviceShort string = 'amewaf' + +@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') +param enableDefaultTelemetry bool = true + +@description('Optional. A token to inject into the name of each resource.') +param namePrefix string = '[[namePrefix]]' + +@description('Optional. WorkloadProfile') +param workloadProfiles array = [ + { + workloadProfileType: 'D4' + name: 'CAW01' + minimumCount: 0 + maximumCount: 3 + } +] +// =========== // +// Deployments // +// =========== // + +// General resources +// ================= +resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = { + name: resourceGroupName + location: location +} + +module nestedDependencies 'dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-paramNested' + params: { + logAnalyticsWorkspaceName: 'dep-${namePrefix}-law-${serviceShort}' + virtualNetworkName: 'dep-${namePrefix}-vnet-${serviceShort}' + } +} + +// ============== // +// Test Execution // +// ============== // + +@batchSize(1) +module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' ]: { + scope: resourceGroup + name: '${uniqueString(deployment().name, location)}-test-${serviceShort}-${iteration}' + params: { + enableDefaultTelemetry: enableDefaultTelemetry + name: '${namePrefix}${serviceShort}001' + logAnalyticsWorkspaceResourceId: nestedDependencies.outputs.logAnalyticsWorkspaceResourceId + location: location + workloadProfiles: workloadProfiles + internal: true + dockerBridgeCidr: '172.16.0.1/28' + platformReservedCidr: '172.17.17.0/24' + platformReservedDnsIP: '172.17.17.17' + infrastructureSubnetId: nestedDependencies.outputs.subnetResourceId + infrastructureResourceGroupName: infrastructureResourceGroupName + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } + tags: { + 'hidden-title': 'This is visible in the resource name' + Env: 'test' + } + } +}] diff --git a/avm/res/app/managed-environment/version.json b/avm/res/app/managed-environment/version.json new file mode 100644 index 0000000000..96236a61ba --- /dev/null +++ b/avm/res/app/managed-environment/version.json @@ -0,0 +1,7 @@ +{ + "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", + "version": "0.4", + "pathFilters": [ + "./main.json" + ] +} From 030ecfeccaf349ac7e907029c2e331a4b4e05e86 Mon Sep 17 00:00:00 2001 From: arnoldna Date: Mon, 18 Dec 2023 16:44:55 -0700 Subject: [PATCH 02/21] Added GitHub action --- .../avm.res.app.managed-environment.yml | 83 +++++++++++++++++++ 1 file changed, 83 insertions(+) create mode 100644 .github/workflows/avm.res.app.managed-environment.yml diff --git a/.github/workflows/avm.res.app.managed-environment.yml b/.github/workflows/avm.res.app.managed-environment.yml new file mode 100644 index 0000000000..17da3ae753 --- /dev/null +++ b/.github/workflows/avm.res.app.managed-environment.yml @@ -0,0 +1,83 @@ +name: "avm.res.app.managed-environment" + +on: + schedule: + - cron: "0 12 1/15 * *" # Bi-Weekly Test (on 1st & 15th of month) + workflow_dispatch: + inputs: + staticValidation: + type: boolean + description: "Execute static validation" + required: false + default: true + deploymentValidation: + type: boolean + description: "Execute deployment validation" + required: false + default: true + removeDeployment: + type: boolean + description: "Remove deployed module" + required: false + default: true + + push: + branches: + - main + paths: + - ".github/actions/templates/avm-**" + - ".github/workflows/avm.template.module.yml" + - ".github/workflows/avm.res.app.managed-environment.yml" + - "avm/res/key-vault/vault/**" + - "avm/utilities/pipelines/**" + - "!*/**/README.md" + +env: + modulePath: "avm/res/key-vault/vault" + workflowPath: ".github/workflows/avm.res.app.managed-environment.yml" + +concurrency: + group: ${{ github.workflow }} + +jobs: + ########################### + # Initialize pipeline # + ########################### + job_initialize_pipeline: + runs-on: ubuntu-20.04 + name: "Initialize pipeline" + steps: + - name: "Checkout" + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: "Set input parameters to output variables" + id: get-workflow-param + uses: ./.github/actions/templates/avm-getWorkflowInput + with: + workflowPath: "${{ env.workflowPath}}" + - name: "Get module test file paths" + id: get-module-test-file-paths + uses: ./.github/actions/templates/avm-getModuleTestFiles + with: + modulePath: "${{ env.modulePath }}" + outputs: + workflowInput: ${{ steps.get-workflow-param.outputs.workflowInput }} + moduleTestFilePaths: ${{ steps.get-module-test-file-paths.outputs.moduleTestFilePaths }} + psRuleModuleTestFilePaths: ${{ steps.get-module-test-file-paths.outputs.psRuleModuleTestFilePaths }} + modulePath: "${{ env.modulePath }}" + + ############################## + # Call reusable workflow # + ############################## + call-workflow-passing-data: + name: "Module" + needs: + - job_initialize_pipeline + uses: ./.github/workflows/avm.template.module.yml + with: + workflowInput: "${{ needs.job_initialize_pipeline.outputs.workflowInput }}" + moduleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.moduleTestFilePaths }}" + psRuleModuleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.psRuleModuleTestFilePaths }}" + modulePath: "${{ needs.job_initialize_pipeline.outputs.modulePath}}" + secrets: inherit \ No newline at end of file From 88b9e776e8efa9c8e4418f224b5b3c9864b44cc3 Mon Sep 17 00:00:00 2001 From: arnoldna Date: Mon, 18 Dec 2023 17:01:14 -0700 Subject: [PATCH 03/21] Updated settings --- .../avm.res.app.managed-environment.yml | 4 +- avm/res/app/managed-environment/README.md | 54 +++++----- avm/res/app/managed-environment/main.bicep | 41 ++++++- avm/res/app/managed-environment/main.json | 101 ++++++++++++++++-- 4 files changed, 158 insertions(+), 42 deletions(-) diff --git a/.github/workflows/avm.res.app.managed-environment.yml b/.github/workflows/avm.res.app.managed-environment.yml index 17da3ae753..4f4fbe6f19 100644 --- a/.github/workflows/avm.res.app.managed-environment.yml +++ b/.github/workflows/avm.res.app.managed-environment.yml @@ -28,12 +28,12 @@ on: - ".github/actions/templates/avm-**" - ".github/workflows/avm.template.module.yml" - ".github/workflows/avm.res.app.managed-environment.yml" - - "avm/res/key-vault/vault/**" + - "avm/res/app/managed-environment/**" - "avm/utilities/pipelines/**" - "!*/**/README.md" env: - modulePath: "avm/res/key-vault/vault" + modulePath: "avm/res/app/managed-environment" workflowPath: ".github/workflows/avm.res.app.managed-environment.yml" concurrency: diff --git a/avm/res/app/managed-environment/README.md b/avm/res/app/managed-environment/README.md index 7bf9b6de60..ad09dcfcad 100644 --- a/avm/res/app/managed-environment/README.md +++ b/avm/res/app/managed-environment/README.md @@ -26,14 +26,11 @@ The following section provides usage examples for the module, which were used to >**Note**: To reference the module, please use the following syntax `br/public:avm/res/app/managed-environment:`. -- [Using only defaults](#example-1-using-only-defaults) -- [Using large parameter set](#example-2-using-large-parameter-set) -- [WAF-aligned](#example-3-waf-aligned) - -### Example 1: _Using only defaults_ - -This instance deploys the module with the minimum set of required parameters. +- [Defaults](#example-1-defaults) +- [Max](#example-2-max) +- [Waf-Aligned](#example-3-waf-aligned) +### Example 1: _Defaults_

@@ -44,9 +41,10 @@ module managedEnvironment 'br/public:avm/res/app/managed-environment:' name: '${uniqueString(deployment().name, location)}-test-amemin' params: { // Required parameters - enableDefaultTelemetry: '' logAnalyticsWorkspaceResourceId: '' name: 'amemin001' + // Non-required parameters + enableDefaultTelemetry: '' } } ``` @@ -64,14 +62,15 @@ module managedEnvironment 'br/public:avm/res/app/managed-environment:' "contentVersion": "1.0.0.0", "parameters": { // Required parameters - "enableDefaultTelemetry": { - "value": "" - }, "logAnalyticsWorkspaceResourceId": { "value": "" }, "name": { "value": "amemin001" + }, + // Non-required parameters + "enableDefaultTelemetry": { + "value": "" } } } @@ -80,10 +79,7 @@ module managedEnvironment 'br/public:avm/res/app/managed-environment:'

-### Example 2: _Using large parameter set_ - -This instance deploys the module with most of its features enabled. - +### Example 2: _Max_

@@ -94,11 +90,11 @@ module managedEnvironment 'br/public:avm/res/app/managed-environment:' name: '${uniqueString(deployment().name, location)}-test-amemax' params: { // Required parameters - enableDefaultTelemetry: '' logAnalyticsWorkspaceResourceId: '' name: 'amemax001' // Non-required parameters dockerBridgeCidr: '172.16.0.1/28' + enableDefaultTelemetry: '' infrastructureResourceGroupName: '' infrastructureSubnetId: '' internal: true @@ -131,9 +127,6 @@ module managedEnvironment 'br/public:avm/res/app/managed-environment:' "contentVersion": "1.0.0.0", "parameters": { // Required parameters - "enableDefaultTelemetry": { - "value": "" - }, "logAnalyticsWorkspaceResourceId": { "value": "" }, @@ -144,6 +137,9 @@ module managedEnvironment 'br/public:avm/res/app/managed-environment:' "dockerBridgeCidr": { "value": "172.16.0.1/28" }, + "enableDefaultTelemetry": { + "value": "" + }, "infrastructureResourceGroupName": { "value": "" }, @@ -184,10 +180,7 @@ module managedEnvironment 'br/public:avm/res/app/managed-environment:'

-### Example 3: _WAF-aligned_ - -This instance deploys the module in alignment with the best-practices of the Azure Well-Architected Framework. - +### Example 3: _Waf-Aligned_

@@ -198,11 +191,11 @@ module managedEnvironment 'br/public:avm/res/app/managed-environment:' name: '${uniqueString(deployment().name, location)}-test-amewaf' params: { // Required parameters - enableDefaultTelemetry: '' logAnalyticsWorkspaceResourceId: '' name: 'amewaf001' // Non-required parameters dockerBridgeCidr: '172.16.0.1/28' + enableDefaultTelemetry: '' infrastructureResourceGroupName: '' infrastructureSubnetId: '' internal: true @@ -235,9 +228,6 @@ module managedEnvironment 'br/public:avm/res/app/managed-environment:' "contentVersion": "1.0.0.0", "parameters": { // Required parameters - "enableDefaultTelemetry": { - "value": "" - }, "logAnalyticsWorkspaceResourceId": { "value": "" }, @@ -248,6 +238,9 @@ module managedEnvironment 'br/public:avm/res/app/managed-environment:' "dockerBridgeCidr": { "value": "172.16.0.1/28" }, + "enableDefaultTelemetry": { + "value": "" + }, "infrastructureResourceGroupName": { "value": "" }, @@ -314,7 +307,7 @@ module managedEnvironment 'br/public:avm/res/app/managed-environment:' | [`daprAIInstrumentationKey`](#parameter-dapraiinstrumentationkey) | securestring | Azure Monitor instrumentation key used by Dapr to export Service to Service communication telemetry. | | [`dnsSuffix`](#parameter-dnssuffix) | string | DNS suffix for the environment domain. | | [`dockerBridgeCidr`](#parameter-dockerbridgecidr) | string | CIDR notation IP range assigned to the Docker bridge, network. It must not overlap with any other provided IP ranges and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform. | -| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enableTelemetry`](#parameter-enabletelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`infrastructureResourceGroupName`](#parameter-infrastructureresourcegroupname) | string | Name of the infrastructure resource group. If not provided, it will be set with a default value. | | [`internal`](#parameter-internal) | bool | Boolean indicating the environment only has an internal load balancer. These environments do not have a public static IP resource. If set to true, then "infrastructureSubnetId" must be provided. | | [`location`](#parameter-location) | string | Location for all Resources. | @@ -397,12 +390,13 @@ CIDR notation IP range assigned to the Docker bridge, network. It must not overl - Type: string - Default: `''` -### Parameter: `enableDefaultTelemetry` +### Parameter: `enableTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). -- Required: Yes +- Required: No - Type: bool +- Default: `True` ### Parameter: `infrastructureResourceGroupName` diff --git a/avm/res/app/managed-environment/main.bicep b/avm/res/app/managed-environment/main.bicep index 93e9920902..644d4976a3 100644 --- a/avm/res/app/managed-environment/main.bicep +++ b/avm/res/app/managed-environment/main.bicep @@ -21,7 +21,7 @@ param roleAssignments roleAssignmentType param logsDestination string = 'log-analytics' @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') -param enableDefaultTelemetry bool +param enableTelemetry bool = true @description('Optional. Application Insights connection string used by Dapr to export Service to Service communication telemetry.') @secure() @@ -77,14 +77,20 @@ var builtInRoleNames = { 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') } -resource defaultTelemetry 'Microsoft.Resources/deployments@2022-09-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' +resource avmTelemetry 'Microsoft.Resources/deployments@2023-07-01' = if (enableTelemetry) { + name: '46d3xbcp.res.app-managedenvironment.${replace('-..--..-', '.', '-')}.${substring(uniqueString(deployment().name, location), 0, 4)}' properties: { mode: 'Incremental' template: { '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' contentVersion: '1.0.0.0' resources: [] + outputs: { + telemetry: { + type: 'String' + value: 'For more information, see https://aka.ms/avm/TelemetryInfo' + } + } } } } @@ -168,6 +174,35 @@ output defaultDomain string = managedEnvironment.properties.defaultDomain // Definitions // // =============== // +type diagnosticSettingType = { + @description('Optional. The name of diagnostic setting.') + name: string? + + @description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to \'\' to disable log collection.') + metricCategories: { + @description('Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to \'AllMetrics\' to collect all metrics.') + category: string + }[]? + + @description('Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type.') + logAnalyticsDestinationType: ('Dedicated' | 'AzureDiagnostics')? + + @description('Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.') + workspaceResourceId: string? + + @description('Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.') + storageAccountResourceId: string? + + @description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') + eventHubAuthorizationRuleResourceId: string? + + @description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.') + eventHubName: string? + + @description('Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs.') + marketplacePartnerResourceId: string? +}[]? + type lockType = { @description('Optional. Specify the name of lock.') name: string? diff --git a/avm/res/app/managed-environment/main.json b/avm/res/app/managed-environment/main.json index d3860b25fa..4819feb51e 100644 --- a/avm/res/app/managed-environment/main.json +++ b/avm/res/app/managed-environment/main.json @@ -6,13 +6,93 @@ "_generator": { "name": "bicep", "version": "0.23.1.45101", - "templateHash": "6452494198386670014" + "templateHash": "16793506722787498336" }, "name": "App ManagedEnvironments", "description": "This module deploys an App Managed Environment (also known as a Container App Environment).", "owner": "Azure/module-maintainers" }, "definitions": { + "diagnosticSettingType": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name of diagnostic setting." + } + }, + "metricCategories": { + "type": "array", + "items": { + "type": "object", + "properties": { + "category": { + "type": "string", + "metadata": { + "description": "Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics." + } + } + } + }, + "nullable": true, + "metadata": { + "description": "Optional. The name of logs that will be streamed. \"allLogs\" includes all possible logs for the resource. Set to '' to disable log collection." + } + }, + "logAnalyticsDestinationType": { + "type": "string", + "allowedValues": [ + "AzureDiagnostics", + "Dedicated" + ], + "nullable": true, + "metadata": { + "description": "Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type." + } + }, + "workspaceResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub." + } + }, + "storageAccountResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub." + } + }, + "eventHubAuthorizationRuleResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to." + } + }, + "eventHubName": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub." + } + }, + "marketplacePartnerResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs." + } + } + } + }, + "nullable": true + }, "lockType": { "type": "object", "properties": { @@ -145,8 +225,9 @@ "description": "Optional. Logs destination." } }, - "enableDefaultTelemetry": { + "enableTelemetry": { "type": "bool", + "defaultValue": true, "metadata": { "description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)." } @@ -259,17 +340,23 @@ } }, "resources": { - "defaultTelemetry": { - "condition": "[parameters('enableDefaultTelemetry')]", + "avmTelemetry": { + "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2022-09-01", - "name": "[format('pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-{0}', uniqueString(deployment().name, parameters('location')))]", + "apiVersion": "2023-07-01", + "name": "[format('46d3xbcp.res.app-managedenvironment.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", "contentVersion": "1.0.0.0", - "resources": [] + "resources": [], + "outputs": { + "telemetry": { + "type": "String", + "value": "For more information, see https://aka.ms/avm/TelemetryInfo" + } + } } } }, From 2ca4c2ff72356bd550dcf0366ed0926f8c9657dd Mon Sep 17 00:00:00 2001 From: arnoldna Date: Mon, 18 Dec 2023 17:09:54 -0700 Subject: [PATCH 04/21] updated default location and telemetry --- avm/res/app/managed-environment/README.md | 43 ++++++++++++------- .../tests/e2e/defaults/main.test.bicep | 6 ++- .../tests/e2e/max/main.test.bicep | 5 ++- .../tests/e2e/waf-aligned/main.test.bicep | 5 ++- 4 files changed, 38 insertions(+), 21 deletions(-) diff --git a/avm/res/app/managed-environment/README.md b/avm/res/app/managed-environment/README.md index ad09dcfcad..fb31ed54ee 100644 --- a/avm/res/app/managed-environment/README.md +++ b/avm/res/app/managed-environment/README.md @@ -26,11 +26,14 @@ The following section provides usage examples for the module, which were used to >**Note**: To reference the module, please use the following syntax `br/public:avm/res/app/managed-environment:`. -- [Defaults](#example-1-defaults) -- [Max](#example-2-max) -- [Waf-Aligned](#example-3-waf-aligned) +- [Using only defaults](#example-1-using-only-defaults) +- [Using large parameter set](#example-2-using-large-parameter-set) +- [WAF-aligned](#example-3-waf-aligned) + +### Example 1: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. -### Example 1: _Defaults_
@@ -44,7 +47,8 @@ module managedEnvironment 'br/public:avm/res/app/managed-environment:' logAnalyticsWorkspaceResourceId: '' name: 'amemin001' // Non-required parameters - enableDefaultTelemetry: '' + enableTelemetry: '' + location: '' } } ``` @@ -69,8 +73,11 @@ module managedEnvironment 'br/public:avm/res/app/managed-environment:' "value": "amemin001" }, // Non-required parameters - "enableDefaultTelemetry": { - "value": "" + "enableTelemetry": { + "value": "" + }, + "location": { + "value": "" } } } @@ -79,7 +86,10 @@ module managedEnvironment 'br/public:avm/res/app/managed-environment:'

-### Example 2: _Max_ +### Example 2: _Using large parameter set_ + +This instance deploys the module with most of its features enabled. +

@@ -94,7 +104,7 @@ module managedEnvironment 'br/public:avm/res/app/managed-environment:' name: 'amemax001' // Non-required parameters dockerBridgeCidr: '172.16.0.1/28' - enableDefaultTelemetry: '' + enableTelemetry: '' infrastructureResourceGroupName: '' infrastructureSubnetId: '' internal: true @@ -137,8 +147,8 @@ module managedEnvironment 'br/public:avm/res/app/managed-environment:' "dockerBridgeCidr": { "value": "172.16.0.1/28" }, - "enableDefaultTelemetry": { - "value": "" + "enableTelemetry": { + "value": "" }, "infrastructureResourceGroupName": { "value": "" @@ -180,7 +190,10 @@ module managedEnvironment 'br/public:avm/res/app/managed-environment:'

-### Example 3: _Waf-Aligned_ +### Example 3: _WAF-aligned_ + +This instance deploys the module in alignment with the best-practices of the Azure Well-Architected Framework. +

@@ -195,7 +208,7 @@ module managedEnvironment 'br/public:avm/res/app/managed-environment:' name: 'amewaf001' // Non-required parameters dockerBridgeCidr: '172.16.0.1/28' - enableDefaultTelemetry: '' + enableTelemetry: '' infrastructureResourceGroupName: '' infrastructureSubnetId: '' internal: true @@ -238,8 +251,8 @@ module managedEnvironment 'br/public:avm/res/app/managed-environment:' "dockerBridgeCidr": { "value": "172.16.0.1/28" }, - "enableDefaultTelemetry": { - "value": "" + "enableTelemetry": { + "value": "" }, "infrastructureResourceGroupName": { "value": "" diff --git a/avm/res/app/managed-environment/tests/e2e/defaults/main.test.bicep b/avm/res/app/managed-environment/tests/e2e/defaults/main.test.bicep index 40a1ae5178..8252622830 100644 --- a/avm/res/app/managed-environment/tests/e2e/defaults/main.test.bicep +++ b/avm/res/app/managed-environment/tests/e2e/defaults/main.test.bicep @@ -17,7 +17,7 @@ param location string = deployment().location param serviceShort string = 'amemin' @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') -param enableDefaultTelemetry bool = true +param enableTelemetry bool = true @description('Optional. A token to inject into the name of each resource.') param namePrefix string = '[[namePrefix]]' @@ -37,6 +37,7 @@ module nestedDependencies 'dependencies.bicep' = { scope: resourceGroup name: '${uniqueString(deployment().name, location)}-paramNested' params: { + location: location logAnalyticsWorkspaceName: 'dep-${namePrefix}-law-${serviceShort}' } } @@ -50,8 +51,9 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' scope: resourceGroup name: '${uniqueString(deployment().name, location)}-test-${serviceShort}-${iteration}' params: { - enableDefaultTelemetry: enableDefaultTelemetry + enableTelemetry: enableTelemetry name: '${namePrefix}${serviceShort}001' + location: location logAnalyticsWorkspaceResourceId: nestedDependencies.outputs.logAnalyticsWorkspaceResourceId } }] diff --git a/avm/res/app/managed-environment/tests/e2e/max/main.test.bicep b/avm/res/app/managed-environment/tests/e2e/max/main.test.bicep index 1646791a1b..36f94fdd40 100644 --- a/avm/res/app/managed-environment/tests/e2e/max/main.test.bicep +++ b/avm/res/app/managed-environment/tests/e2e/max/main.test.bicep @@ -20,7 +20,7 @@ param location string = deployment().location param serviceShort string = 'amemax' @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') -param enableDefaultTelemetry bool = true +param enableTelemetry bool = true @description('Optional. A token to inject into the name of each resource.') param namePrefix string = '[[namePrefix]]' @@ -52,6 +52,7 @@ module nestedDependencies 'dependencies.bicep' = { params: { logAnalyticsWorkspaceName: 'dep-${namePrefix}-law-${serviceShort}' virtualNetworkName: 'dep-${namePrefix}-vnet-${serviceShort}' + location: location } } @@ -64,7 +65,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' scope: resourceGroup name: '${uniqueString(deployment().name, location)}-test-${serviceShort}-${iteration}' params: { - enableDefaultTelemetry: enableDefaultTelemetry + enableTelemetry: enableTelemetry name: '${namePrefix}${serviceShort}001' logAnalyticsWorkspaceResourceId: nestedDependencies.outputs.logAnalyticsWorkspaceResourceId location: location diff --git a/avm/res/app/managed-environment/tests/e2e/waf-aligned/main.test.bicep b/avm/res/app/managed-environment/tests/e2e/waf-aligned/main.test.bicep index 11807a0ea4..72e061d35a 100644 --- a/avm/res/app/managed-environment/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/app/managed-environment/tests/e2e/waf-aligned/main.test.bicep @@ -20,7 +20,7 @@ param location string = deployment().location param serviceShort string = 'amewaf' @description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') -param enableDefaultTelemetry bool = true +param enableTelemetry bool = true @description('Optional. A token to inject into the name of each resource.') param namePrefix string = '[[namePrefix]]' @@ -51,6 +51,7 @@ module nestedDependencies 'dependencies.bicep' = { params: { logAnalyticsWorkspaceName: 'dep-${namePrefix}-law-${serviceShort}' virtualNetworkName: 'dep-${namePrefix}-vnet-${serviceShort}' + location: location } } @@ -63,7 +64,7 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' scope: resourceGroup name: '${uniqueString(deployment().name, location)}-test-${serviceShort}-${iteration}' params: { - enableDefaultTelemetry: enableDefaultTelemetry + enableTelemetry: enableTelemetry name: '${namePrefix}${serviceShort}001' logAnalyticsWorkspaceResourceId: nestedDependencies.outputs.logAnalyticsWorkspaceResourceId location: location From 634c9ad74f50a689e2e3fe3f97017c15aa6d4429 Mon Sep 17 00:00:00 2001 From: arnoldna Date: Mon, 18 Dec 2023 17:41:36 -0700 Subject: [PATCH 05/21] Updated named prefix --- .../app/managed-environment/tests/e2e/defaults/main.test.bicep | 2 +- avm/res/app/managed-environment/tests/e2e/max/main.test.bicep | 2 +- .../managed-environment/tests/e2e/waf-aligned/main.test.bicep | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/avm/res/app/managed-environment/tests/e2e/defaults/main.test.bicep b/avm/res/app/managed-environment/tests/e2e/defaults/main.test.bicep index 8252622830..adfc51c64b 100644 --- a/avm/res/app/managed-environment/tests/e2e/defaults/main.test.bicep +++ b/avm/res/app/managed-environment/tests/e2e/defaults/main.test.bicep @@ -20,7 +20,7 @@ param serviceShort string = 'amemin' param enableTelemetry bool = true @description('Optional. A token to inject into the name of each resource.') -param namePrefix string = '[[namePrefix]]' +param namePrefix string = '#_nefix_#' // =========== // // Deployments // diff --git a/avm/res/app/managed-environment/tests/e2e/max/main.test.bicep b/avm/res/app/managed-environment/tests/e2e/max/main.test.bicep index 36f94fdd40..c1e6271424 100644 --- a/avm/res/app/managed-environment/tests/e2e/max/main.test.bicep +++ b/avm/res/app/managed-environment/tests/e2e/max/main.test.bicep @@ -23,7 +23,7 @@ param serviceShort string = 'amemax' param enableTelemetry bool = true @description('Optional. A token to inject into the name of each resource.') -param namePrefix string = '[[namePrefix]]' +param namePrefix string = '#_namePrefix_#' @description('Optional. WorkloadProfile') param workloadProfiles array = [ diff --git a/avm/res/app/managed-environment/tests/e2e/waf-aligned/main.test.bicep b/avm/res/app/managed-environment/tests/e2e/waf-aligned/main.test.bicep index 72e061d35a..06305a91d0 100644 --- a/avm/res/app/managed-environment/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/app/managed-environment/tests/e2e/waf-aligned/main.test.bicep @@ -23,7 +23,7 @@ param serviceShort string = 'amewaf' param enableTelemetry bool = true @description('Optional. A token to inject into the name of each resource.') -param namePrefix string = '[[namePrefix]]' +param namePrefix string = '#_namePrefix_#' @description('Optional. WorkloadProfile') param workloadProfiles array = [ From 6f6d1b89469448707210e8475e8afca3616b5bb3 Mon Sep 17 00:00:00 2001 From: arnoldna Date: Mon, 18 Dec 2023 17:46:45 -0700 Subject: [PATCH 06/21] Updated missing parameter --- .../app/managed-environment/tests/e2e/defaults/main.test.bicep | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/avm/res/app/managed-environment/tests/e2e/defaults/main.test.bicep b/avm/res/app/managed-environment/tests/e2e/defaults/main.test.bicep index adfc51c64b..0d71b8d8b1 100644 --- a/avm/res/app/managed-environment/tests/e2e/defaults/main.test.bicep +++ b/avm/res/app/managed-environment/tests/e2e/defaults/main.test.bicep @@ -20,7 +20,7 @@ param serviceShort string = 'amemin' param enableTelemetry bool = true @description('Optional. A token to inject into the name of each resource.') -param namePrefix string = '#_nefix_#' +param namePrefix string = '#_namePrefix_#' // =========== // // Deployments // From 9af39021be1a7b6dce5e8364046127aabb45f8d0 Mon Sep 17 00:00:00 2001 From: arnoldna Date: Mon, 18 Dec 2023 17:59:48 -0700 Subject: [PATCH 07/21] Updated orphaned --- avm/res/app/managed-environment/ORPHANED.md | 4 ++++ avm/res/app/managed-environment/README.md | 5 +++++ 2 files changed, 9 insertions(+) create mode 100644 avm/res/app/managed-environment/ORPHANED.md diff --git a/avm/res/app/managed-environment/ORPHANED.md b/avm/res/app/managed-environment/ORPHANED.md new file mode 100644 index 0000000000..ef8fa911d2 --- /dev/null +++ b/avm/res/app/managed-environment/ORPHANED.md @@ -0,0 +1,4 @@ +⚠️THIS MODULE IS CURRENTLY ORPHANED.⚠️ + +- Only security and bug fixes are being handled by the AVM core team at present. +- If interested in becoming the module owner of this orphaned module (must be Microsoft FTE), please look for the related "orphaned module" GitHub issue [here](https://aka.ms/AVM/OrphanedModules)! \ No newline at end of file diff --git a/avm/res/app/managed-environment/README.md b/avm/res/app/managed-environment/README.md index fb31ed54ee..509c2e15fc 100644 --- a/avm/res/app/managed-environment/README.md +++ b/avm/res/app/managed-environment/README.md @@ -1,5 +1,10 @@ # App ManagedEnvironments `[Microsoft.App/managedEnvironments]` +> ⚠️THIS MODULE IS CURRENTLY ORPHANED.⚠️ +> +> - Only security and bug fixes are being handled by the AVM core team at present. +> - If interested in becoming the module owner of this orphaned module (must be Microsoft FTE), please look for the related "orphaned module" GitHub issue [here](https://aka.ms/AVM/OrphanedModules)! + This module deploys an App Managed Environment (also known as a Container App Environment). ## Navigation From 3ce95cfd0a41daaa52a0f144bd02a748c682bc80 Mon Sep 17 00:00:00 2001 From: arnoldna Date: Mon, 18 Dec 2023 18:09:03 -0700 Subject: [PATCH 08/21] Defaults to internal vnet --- avm/res/app/managed-environment/README.md | 2 +- avm/res/app/managed-environment/main.bicep | 2 +- avm/res/app/managed-environment/main.json | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/avm/res/app/managed-environment/README.md b/avm/res/app/managed-environment/README.md index 509c2e15fc..fac79833b7 100644 --- a/avm/res/app/managed-environment/README.md +++ b/avm/res/app/managed-environment/README.md @@ -430,7 +430,7 @@ Boolean indicating the environment only has an internal load balancer. These env - Required: No - Type: bool -- Default: `False` +- Default: `True` ### Parameter: `location` diff --git a/avm/res/app/managed-environment/main.bicep b/avm/res/app/managed-environment/main.bicep index 644d4976a3..db51b7a9f9 100644 --- a/avm/res/app/managed-environment/main.bicep +++ b/avm/res/app/managed-environment/main.bicep @@ -38,7 +38,7 @@ param dockerBridgeCidr string = '' param infrastructureSubnetId string = '' @description('Optional. Boolean indicating the environment only has an internal load balancer. These environments do not have a public static IP resource. If set to true, then "infrastructureSubnetId" must be provided.') -param internal bool = false +param internal bool = true @description('Optional. IP range in CIDR notation that can be reserved for environment infrastructure IP addresses. It must not overlap with any other provided IP ranges and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform.') param platformReservedCidr string = '' diff --git a/avm/res/app/managed-environment/main.json b/avm/res/app/managed-environment/main.json index 4819feb51e..c955d2b79f 100644 --- a/avm/res/app/managed-environment/main.json +++ b/avm/res/app/managed-environment/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.23.1.45101", - "templateHash": "16793506722787498336" + "templateHash": "14100042214280398161" }, "name": "App ManagedEnvironments", "description": "This module deploys an App Managed Environment (also known as a Container App Environment).", @@ -262,7 +262,7 @@ }, "internal": { "type": "bool", - "defaultValue": false, + "defaultValue": true, "metadata": { "description": "Optional. Boolean indicating the environment only has an internal load balancer. These environments do not have a public static IP resource. If set to true, then \"infrastructureSubnetId\" must be provided." } From 412927c13659e63478fc5b14efdff1a61a944268 Mon Sep 17 00:00:00 2001 From: arnoldna Date: Mon, 18 Dec 2023 18:15:01 -0700 Subject: [PATCH 09/21] Updated test to set to internal --- avm/res/app/managed-environment/README.md | 4 ++++ .../managed-environment/tests/e2e/defaults/main.test.bicep | 1 + 2 files changed, 5 insertions(+) diff --git a/avm/res/app/managed-environment/README.md b/avm/res/app/managed-environment/README.md index fac79833b7..955c2cb12d 100644 --- a/avm/res/app/managed-environment/README.md +++ b/avm/res/app/managed-environment/README.md @@ -53,6 +53,7 @@ module managedEnvironment 'br/public:avm/res/app/managed-environment:' name: 'amemin001' // Non-required parameters enableTelemetry: '' + internal: true location: '' } } @@ -81,6 +82,9 @@ module managedEnvironment 'br/public:avm/res/app/managed-environment:' "enableTelemetry": { "value": "" }, + "internal": { + "value": true + }, "location": { "value": "" } diff --git a/avm/res/app/managed-environment/tests/e2e/defaults/main.test.bicep b/avm/res/app/managed-environment/tests/e2e/defaults/main.test.bicep index 0d71b8d8b1..24262538a1 100644 --- a/avm/res/app/managed-environment/tests/e2e/defaults/main.test.bicep +++ b/avm/res/app/managed-environment/tests/e2e/defaults/main.test.bicep @@ -55,5 +55,6 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' name: '${namePrefix}${serviceShort}001' location: location logAnalyticsWorkspaceResourceId: nestedDependencies.outputs.logAnalyticsWorkspaceResourceId + internal: true } }] From 0ec0f4c07ddca5d9df1f2e2e3592da3ddc2e12d9 Mon Sep 17 00:00:00 2001 From: arnoldna Date: Mon, 18 Dec 2023 18:24:09 -0700 Subject: [PATCH 10/21] Added network dependencies --- avm/res/app/managed-environment/README.md | 4 ++ .../tests/e2e/defaults/dependencies.bicep | 37 +++++++++++++++++++ .../tests/e2e/defaults/main.test.bicep | 2 + 3 files changed, 43 insertions(+) diff --git a/avm/res/app/managed-environment/README.md b/avm/res/app/managed-environment/README.md index 955c2cb12d..2b042f9a81 100644 --- a/avm/res/app/managed-environment/README.md +++ b/avm/res/app/managed-environment/README.md @@ -53,6 +53,7 @@ module managedEnvironment 'br/public:avm/res/app/managed-environment:' name: 'amemin001' // Non-required parameters enableTelemetry: '' + infrastructureSubnetId: '' internal: true location: '' } @@ -82,6 +83,9 @@ module managedEnvironment 'br/public:avm/res/app/managed-environment:' "enableTelemetry": { "value": "" }, + "infrastructureSubnetId": { + "value": "" + }, "internal": { "value": true }, diff --git a/avm/res/app/managed-environment/tests/e2e/defaults/dependencies.bicep b/avm/res/app/managed-environment/tests/e2e/defaults/dependencies.bicep index 737827c1fd..8d908b1603 100644 --- a/avm/res/app/managed-environment/tests/e2e/defaults/dependencies.bicep +++ b/avm/res/app/managed-environment/tests/e2e/defaults/dependencies.bicep @@ -4,6 +4,11 @@ param location string = resourceGroup().location @description('Required. The name of the Log Analytics Workspace to create.') param logAnalyticsWorkspaceName string +@description('Required. The name of the Virtual Network to create.') +param virtualNetworkName string + +var addressPrefix = '10.0.0.0/16' + resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2022-10-01' = { name: logAnalyticsWorkspaceName location: location @@ -18,5 +23,37 @@ resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2022-10 }) } +resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = { + name: virtualNetworkName + location: location + properties: { + addressSpace: { + addressPrefixes: [ + addressPrefix + ] + } + subnets: [ + { + name: 'defaultSubnet' + properties: { + addressPrefix: cidrSubnet(addressPrefix, 16, 0) + delegations: [ + { + name: 'Microsoft.App.environments' + properties: { + serviceName: 'Microsoft.App/environments' + } + } + ] + } + } + ] + } + +} + @description('The resource ID of the created Log Analytics Workspace.') output logAnalyticsWorkspaceResourceId string = logAnalyticsWorkspace.id + +@description('The resource ID of the created Virtual Network Subnet.') +output subnetResourceId string = virtualNetwork.properties.subnets[0].id diff --git a/avm/res/app/managed-environment/tests/e2e/defaults/main.test.bicep b/avm/res/app/managed-environment/tests/e2e/defaults/main.test.bicep index 24262538a1..dc552b7eb8 100644 --- a/avm/res/app/managed-environment/tests/e2e/defaults/main.test.bicep +++ b/avm/res/app/managed-environment/tests/e2e/defaults/main.test.bicep @@ -39,6 +39,7 @@ module nestedDependencies 'dependencies.bicep' = { params: { location: location logAnalyticsWorkspaceName: 'dep-${namePrefix}-law-${serviceShort}' + virtualNetworkName: 'dep-${namePrefix}-vnet-${serviceShort}' } } @@ -56,5 +57,6 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' location: location logAnalyticsWorkspaceResourceId: nestedDependencies.outputs.logAnalyticsWorkspaceResourceId internal: true + infrastructureSubnetId: nestedDependencies.outputs.subnetResourceId } }] From d5cb1a5a3aefa365fe078ce6601e022c43e3e32f Mon Sep 17 00:00:00 2001 From: arnoldna Date: Mon, 18 Dec 2023 18:35:29 -0700 Subject: [PATCH 11/21] Updated parameter desscription --- avm/res/app/managed-environment/README.md | 4 ++-- avm/res/app/managed-environment/main.bicep | 2 +- avm/res/app/managed-environment/main.json | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/avm/res/app/managed-environment/README.md b/avm/res/app/managed-environment/README.md index 2b042f9a81..c95eb7f36f 100644 --- a/avm/res/app/managed-environment/README.md +++ b/avm/res/app/managed-environment/README.md @@ -526,7 +526,7 @@ Array of role assignments to create. | Parameter | Type | Description | | :-- | :-- | :-- | -| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container". | | [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | | [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | | [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | @@ -548,7 +548,7 @@ The role to assign. You can provide either the display name of the role definiti ### Parameter: `roleAssignments.condition` -The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container". - Required: No - Type: string diff --git a/avm/res/app/managed-environment/main.bicep b/avm/res/app/managed-environment/main.bicep index db51b7a9f9..63e93ba8ae 100644 --- a/avm/res/app/managed-environment/main.bicep +++ b/avm/res/app/managed-environment/main.bicep @@ -224,7 +224,7 @@ type roleAssignmentType = { @description('Optional. The description of the role assignment.') description: string? - @description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') + @description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container".') condition: string? @description('Optional. Version of the condition.') diff --git a/avm/res/app/managed-environment/main.json b/avm/res/app/managed-environment/main.json index c955d2b79f..c767f06d93 100644 --- a/avm/res/app/managed-environment/main.json +++ b/avm/res/app/managed-environment/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.23.1.45101", - "templateHash": "14100042214280398161" + "templateHash": "13043079875626136771" }, "name": "App ManagedEnvironments", "description": "This module deploys an App Managed Environment (also known as a Container App Environment).", @@ -160,7 +160,7 @@ "type": "string", "nullable": true, "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"" + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." } }, "conditionVersion": { From 14cd95855774b0490087ef77905eeff1717115d4 Mon Sep 17 00:00:00 2001 From: arnoldna Date: Wed, 20 Dec 2023 09:15:41 -0700 Subject: [PATCH 12/21] Updated default test and suppress default PSRule --- avm/res/app/managed-environment/README.md | 8 -------- .../tests/e2e/defaults/main.test.bicep | 2 -- 2 files changed, 10 deletions(-) diff --git a/avm/res/app/managed-environment/README.md b/avm/res/app/managed-environment/README.md index c95eb7f36f..bbed71f3fa 100644 --- a/avm/res/app/managed-environment/README.md +++ b/avm/res/app/managed-environment/README.md @@ -53,8 +53,6 @@ module managedEnvironment 'br/public:avm/res/app/managed-environment:' name: 'amemin001' // Non-required parameters enableTelemetry: '' - infrastructureSubnetId: '' - internal: true location: '' } } @@ -83,12 +81,6 @@ module managedEnvironment 'br/public:avm/res/app/managed-environment:' "enableTelemetry": { "value": "" }, - "infrastructureSubnetId": { - "value": "" - }, - "internal": { - "value": true - }, "location": { "value": "" } diff --git a/avm/res/app/managed-environment/tests/e2e/defaults/main.test.bicep b/avm/res/app/managed-environment/tests/e2e/defaults/main.test.bicep index dc552b7eb8..b3e52a11ae 100644 --- a/avm/res/app/managed-environment/tests/e2e/defaults/main.test.bicep +++ b/avm/res/app/managed-environment/tests/e2e/defaults/main.test.bicep @@ -56,7 +56,5 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' name: '${namePrefix}${serviceShort}001' location: location logAnalyticsWorkspaceResourceId: nestedDependencies.outputs.logAnalyticsWorkspaceResourceId - internal: true - infrastructureSubnetId: nestedDependencies.outputs.subnetResourceId } }] From 62771dcf5c56579b38939e02f8dc290d5d126700 Mon Sep 17 00:00:00 2001 From: arnoldna Date: Wed, 20 Dec 2023 09:16:15 -0700 Subject: [PATCH 13/21] Added PSRule suppression --- .../staticValidation/psrule/.ps-rule/min-suppress.Rule.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/avm/utilities/pipelines/staticValidation/psrule/.ps-rule/min-suppress.Rule.yaml b/avm/utilities/pipelines/staticValidation/psrule/.ps-rule/min-suppress.Rule.yaml index 1e3de7fe85..46178897eb 100644 --- a/avm/utilities/pipelines/staticValidation/psrule/.ps-rule/min-suppress.Rule.yaml +++ b/avm/utilities/pipelines/staticValidation/psrule/.ps-rule/min-suppress.Rule.yaml @@ -23,6 +23,8 @@ spec: - Azure.TrafficManager.Protocol # Azure Load Balancer specific - Azure.LB.Probe + # Azure Container App specific + - Azure.ContainerApp.PublicAccess if: name: "." contains: From 2d39f0c0d62d49186063521d98f705213868f4df Mon Sep 17 00:00:00 2001 From: arnoldna Date: Wed, 20 Dec 2023 09:49:24 -0700 Subject: [PATCH 14/21] Removed vnet from min test. --- avm/res/app/managed-environment/README.md | 7 +--- .../tests/e2e/defaults/dependencies.bicep | 37 ------------------- 2 files changed, 2 insertions(+), 42 deletions(-) diff --git a/avm/res/app/managed-environment/README.md b/avm/res/app/managed-environment/README.md index bbed71f3fa..b8bebeeedb 100644 --- a/avm/res/app/managed-environment/README.md +++ b/avm/res/app/managed-environment/README.md @@ -31,14 +31,11 @@ The following section provides usage examples for the module, which were used to >**Note**: To reference the module, please use the following syntax `br/public:avm/res/app/managed-environment:`. -- [Using only defaults](#example-1-using-only-defaults) +- [Defaults](#example-1-defaults) - [Using large parameter set](#example-2-using-large-parameter-set) - [WAF-aligned](#example-3-waf-aligned) -### Example 1: _Using only defaults_ - -This instance deploys the module with the minimum set of required parameters. - +### Example 1: _Defaults_
diff --git a/avm/res/app/managed-environment/tests/e2e/defaults/dependencies.bicep b/avm/res/app/managed-environment/tests/e2e/defaults/dependencies.bicep index 8d908b1603..737827c1fd 100644 --- a/avm/res/app/managed-environment/tests/e2e/defaults/dependencies.bicep +++ b/avm/res/app/managed-environment/tests/e2e/defaults/dependencies.bicep @@ -4,11 +4,6 @@ param location string = resourceGroup().location @description('Required. The name of the Log Analytics Workspace to create.') param logAnalyticsWorkspaceName string -@description('Required. The name of the Virtual Network to create.') -param virtualNetworkName string - -var addressPrefix = '10.0.0.0/16' - resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2022-10-01' = { name: logAnalyticsWorkspaceName location: location @@ -23,37 +18,5 @@ resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2022-10 }) } -resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = { - name: virtualNetworkName - location: location - properties: { - addressSpace: { - addressPrefixes: [ - addressPrefix - ] - } - subnets: [ - { - name: 'defaultSubnet' - properties: { - addressPrefix: cidrSubnet(addressPrefix, 16, 0) - delegations: [ - { - name: 'Microsoft.App.environments' - properties: { - serviceName: 'Microsoft.App/environments' - } - } - ] - } - } - ] - } - -} - @description('The resource ID of the created Log Analytics Workspace.') output logAnalyticsWorkspaceResourceId string = logAnalyticsWorkspace.id - -@description('The resource ID of the created Virtual Network Subnet.') -output subnetResourceId string = virtualNetwork.properties.subnets[0].id From 1aeca72047f1e07560b61e916de80ddaf27c51f8 Mon Sep 17 00:00:00 2001 From: arnoldna Date: Wed, 20 Dec 2023 09:57:31 -0700 Subject: [PATCH 15/21] Removed networking parameter --- avm/res/app/managed-environment/README.md | 7 +++++-- .../managed-environment/tests/e2e/defaults/main.test.bicep | 1 - 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/avm/res/app/managed-environment/README.md b/avm/res/app/managed-environment/README.md index b8bebeeedb..bbed71f3fa 100644 --- a/avm/res/app/managed-environment/README.md +++ b/avm/res/app/managed-environment/README.md @@ -31,11 +31,14 @@ The following section provides usage examples for the module, which were used to >**Note**: To reference the module, please use the following syntax `br/public:avm/res/app/managed-environment:`. -- [Defaults](#example-1-defaults) +- [Using only defaults](#example-1-using-only-defaults) - [Using large parameter set](#example-2-using-large-parameter-set) - [WAF-aligned](#example-3-waf-aligned) -### Example 1: _Defaults_ +### Example 1: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
diff --git a/avm/res/app/managed-environment/tests/e2e/defaults/main.test.bicep b/avm/res/app/managed-environment/tests/e2e/defaults/main.test.bicep index b3e52a11ae..0d71b8d8b1 100644 --- a/avm/res/app/managed-environment/tests/e2e/defaults/main.test.bicep +++ b/avm/res/app/managed-environment/tests/e2e/defaults/main.test.bicep @@ -39,7 +39,6 @@ module nestedDependencies 'dependencies.bicep' = { params: { location: location logAnalyticsWorkspaceName: 'dep-${namePrefix}-law-${serviceShort}' - virtualNetworkName: 'dep-${namePrefix}-vnet-${serviceShort}' } } From d47b7c799cbc5d960f1eb6817d48403fbbdb30d2 Mon Sep 17 00:00:00 2001 From: arnoldna Date: Wed, 20 Dec 2023 11:58:20 -0700 Subject: [PATCH 16/21] Set default internal load balancer parameter --- avm/res/app/managed-environment/README.md | 2 +- avm/res/app/managed-environment/main.bicep | 2 +- avm/res/app/managed-environment/main.json | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/avm/res/app/managed-environment/README.md b/avm/res/app/managed-environment/README.md index bbed71f3fa..4966bc5343 100644 --- a/avm/res/app/managed-environment/README.md +++ b/avm/res/app/managed-environment/README.md @@ -430,7 +430,7 @@ Boolean indicating the environment only has an internal load balancer. These env - Required: No - Type: bool -- Default: `True` +- Default: `False` ### Parameter: `location` diff --git a/avm/res/app/managed-environment/main.bicep b/avm/res/app/managed-environment/main.bicep index 63e93ba8ae..cfcf3485b9 100644 --- a/avm/res/app/managed-environment/main.bicep +++ b/avm/res/app/managed-environment/main.bicep @@ -38,7 +38,7 @@ param dockerBridgeCidr string = '' param infrastructureSubnetId string = '' @description('Optional. Boolean indicating the environment only has an internal load balancer. These environments do not have a public static IP resource. If set to true, then "infrastructureSubnetId" must be provided.') -param internal bool = true +param internal bool = false @description('Optional. IP range in CIDR notation that can be reserved for environment infrastructure IP addresses. It must not overlap with any other provided IP ranges and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform.') param platformReservedCidr string = '' diff --git a/avm/res/app/managed-environment/main.json b/avm/res/app/managed-environment/main.json index c767f06d93..77e4c074a4 100644 --- a/avm/res/app/managed-environment/main.json +++ b/avm/res/app/managed-environment/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.23.1.45101", - "templateHash": "13043079875626136771" + "templateHash": "4087809008619576571" }, "name": "App ManagedEnvironments", "description": "This module deploys an App Managed Environment (also known as a Container App Environment).", @@ -262,7 +262,7 @@ }, "internal": { "type": "bool", - "defaultValue": true, + "defaultValue": false, "metadata": { "description": "Optional. Boolean indicating the environment only has an internal load balancer. These environments do not have a public static IP resource. If set to true, then \"infrastructureSubnetId\" must be provided." } From c407dcee985e3f8d053e2e934f020e8b866a83ef Mon Sep 17 00:00:00 2001 From: arnoldna Date: Thu, 21 Dec 2023 10:24:11 -0700 Subject: [PATCH 17/21] Removed diagnostic settings type definition --- .github/CODEOWNERS | 2 +- avm/res/app/managed-environment/main.bicep | 29 ------- avm/res/app/managed-environment/main.json | 82 +------------------ .../psrule/.ps-rule/min-suppress.Rule.yaml | 2 +- 4 files changed, 3 insertions(+), 112 deletions(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 8b095bf930..dee7256c02 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -7,7 +7,7 @@ #/avm/res/analysis-services/server/ @Azure/avm-res-analysisservices-server-module-owners-bicep @Azure/avm-core-team-technical-bicep /avm/res/api-management/service/ @Azure/avm-res-apimanagement-service-module-owners-bicep @Azure/avm-core-team-technical-bicep #/avm/res/app/container-app/ @Azure/avm-res-app-containerapp-module-owners-bicep @Azure/avm-core-team-technical-bicep -#/avm/res/app/managed-environment/ @Azure/avm-res-app-managedenvironment-module-owners-bicep @Azure/avm-core-team-technical-bicep +/avm/res/app/managed-environment/ @Azure/avm-res-app-managedenvironment-module-owners-bicep @Azure/avm-core-team-technical-bicep #/avm/res/app-configuration/configuration-store/ @Azure/avm-res-appconfiguration-configurationstore-module-owners-bicep @Azure/avm-core-team-technical-bicep #/avm/res/authorization/lock/ @Azure/avm-res-authorization-lock-module-owners-bicep @Azure/avm-core-team-technical-bicep #/avm/res/authorization/policy-assignment/ @Azure/avm-res-authorization-policyassignment-module-owners-bicep @Azure/avm-core-team-technical-bicep diff --git a/avm/res/app/managed-environment/main.bicep b/avm/res/app/managed-environment/main.bicep index cfcf3485b9..ddfbc7ab75 100644 --- a/avm/res/app/managed-environment/main.bicep +++ b/avm/res/app/managed-environment/main.bicep @@ -174,35 +174,6 @@ output defaultDomain string = managedEnvironment.properties.defaultDomain // Definitions // // =============== // -type diagnosticSettingType = { - @description('Optional. The name of diagnostic setting.') - name: string? - - @description('Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to \'\' to disable log collection.') - metricCategories: { - @description('Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to \'AllMetrics\' to collect all metrics.') - category: string - }[]? - - @description('Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type.') - logAnalyticsDestinationType: ('Dedicated' | 'AzureDiagnostics')? - - @description('Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.') - workspaceResourceId: string? - - @description('Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.') - storageAccountResourceId: string? - - @description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') - eventHubAuthorizationRuleResourceId: string? - - @description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub.') - eventHubName: string? - - @description('Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs.') - marketplacePartnerResourceId: string? -}[]? - type lockType = { @description('Optional. Specify the name of lock.') name: string? diff --git a/avm/res/app/managed-environment/main.json b/avm/res/app/managed-environment/main.json index 77e4c074a4..8ef52403dd 100644 --- a/avm/res/app/managed-environment/main.json +++ b/avm/res/app/managed-environment/main.json @@ -6,93 +6,13 @@ "_generator": { "name": "bicep", "version": "0.23.1.45101", - "templateHash": "4087809008619576571" + "templateHash": "17192299339324767459" }, "name": "App ManagedEnvironments", "description": "This module deploys an App Managed Environment (also known as a Container App Environment).", "owner": "Azure/module-maintainers" }, "definitions": { - "diagnosticSettingType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The name of diagnostic setting." - } - }, - "metricCategories": { - "type": "array", - "items": { - "type": "object", - "properties": { - "category": { - "type": "string", - "metadata": { - "description": "Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics." - } - } - } - }, - "nullable": true, - "metadata": { - "description": "Optional. The name of logs that will be streamed. \"allLogs\" includes all possible logs for the resource. Set to '' to disable log collection." - } - }, - "logAnalyticsDestinationType": { - "type": "string", - "allowedValues": [ - "AzureDiagnostics", - "Dedicated" - ], - "nullable": true, - "metadata": { - "description": "Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type." - } - }, - "workspaceResourceId": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub." - } - }, - "storageAccountResourceId": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub." - } - }, - "eventHubAuthorizationRuleResourceId": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to." - } - }, - "eventHubName": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub." - } - }, - "marketplacePartnerResourceId": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs." - } - } - } - }, - "nullable": true - }, "lockType": { "type": "object", "properties": { diff --git a/avm/utilities/pipelines/staticValidation/psrule/.ps-rule/min-suppress.Rule.yaml b/avm/utilities/pipelines/staticValidation/psrule/.ps-rule/min-suppress.Rule.yaml index 46178897eb..d9678a83a5 100644 --- a/avm/utilities/pipelines/staticValidation/psrule/.ps-rule/min-suppress.Rule.yaml +++ b/avm/utilities/pipelines/staticValidation/psrule/.ps-rule/min-suppress.Rule.yaml @@ -23,7 +23,7 @@ spec: - Azure.TrafficManager.Protocol # Azure Load Balancer specific - Azure.LB.Probe - # Azure Container App specific + # App Managed Environment specific - Azure.ContainerApp.PublicAccess if: name: "." From 4de3fdd133a04b5411ecc7bc9faf3fedd6e0b0f2 Mon Sep 17 00:00:00 2001 From: arnoldna Date: Thu, 21 Dec 2023 10:56:59 -0700 Subject: [PATCH 18/21] Formated workflow file --- .github/workflows/avm.res.app.managed-environment.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/avm.res.app.managed-environment.yml b/.github/workflows/avm.res.app.managed-environment.yml index 4f4fbe6f19..1ade8294e5 100644 --- a/.github/workflows/avm.res.app.managed-environment.yml +++ b/.github/workflows/avm.res.app.managed-environment.yml @@ -80,4 +80,4 @@ jobs: moduleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.moduleTestFilePaths }}" psRuleModuleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.psRuleModuleTestFilePaths }}" modulePath: "${{ needs.job_initialize_pipeline.outputs.modulePath}}" - secrets: inherit \ No newline at end of file + secrets: inherit From f26ea22b176aee5c68a79505bae5481a0d0a9498 Mon Sep 17 00:00:00 2001 From: arnoldna Date: Thu, 21 Dec 2023 14:28:46 -0700 Subject: [PATCH 19/21] Moved test parameters to module deployment --- avm/res/app/managed-environment/README.md | 44 +++++++++++++++---- .../tests/e2e/max/main.test.bicep | 24 ++++------ .../tests/e2e/waf-aligned/main.test.bicep | 23 ++++------ 3 files changed, 54 insertions(+), 37 deletions(-) diff --git a/avm/res/app/managed-environment/README.md b/avm/res/app/managed-environment/README.md index 4966bc5343..6db1df66a9 100644 --- a/avm/res/app/managed-environment/README.md +++ b/avm/res/app/managed-environment/README.md @@ -110,7 +110,7 @@ module managedEnvironment 'br/public:avm/res/app/managed-environment:' // Non-required parameters dockerBridgeCidr: '172.16.0.1/28' enableTelemetry: '' - infrastructureResourceGroupName: '' + infrastructureResourceGroupName: 'me-dep-app.managedenvironments-amemax-rg' infrastructureSubnetId: '' internal: true location: '' @@ -124,7 +124,14 @@ module managedEnvironment 'br/public:avm/res/app/managed-environment:' Env: 'test' 'hidden-title': 'This is visible in the resource name' } - workloadProfiles: '' + workloadProfiles: [ + { + maximumCount: 3 + minimumCount: 0 + name: 'CAW01' + workloadProfileType: 'D4' + } + ] } } ``` @@ -156,7 +163,7 @@ module managedEnvironment 'br/public:avm/res/app/managed-environment:' "value": "" }, "infrastructureResourceGroupName": { - "value": "" + "value": "me-dep-app.managedenvironments-amemax-rg" }, "infrastructureSubnetId": { "value": "" @@ -186,7 +193,14 @@ module managedEnvironment 'br/public:avm/res/app/managed-environment:' } }, "workloadProfiles": { - "value": "" + "value": [ + { + "maximumCount": 3, + "minimumCount": 0, + "name": "CAW01", + "workloadProfileType": "D4" + } + ] } } } @@ -214,7 +228,7 @@ module managedEnvironment 'br/public:avm/res/app/managed-environment:' // Non-required parameters dockerBridgeCidr: '172.16.0.1/28' enableTelemetry: '' - infrastructureResourceGroupName: '' + infrastructureResourceGroupName: 'me-dep-app.managedenvironments-amewaf-rg' infrastructureSubnetId: '' internal: true location: '' @@ -228,7 +242,14 @@ module managedEnvironment 'br/public:avm/res/app/managed-environment:' Env: 'test' 'hidden-title': 'This is visible in the resource name' } - workloadProfiles: '' + workloadProfiles: [ + { + maximumCount: 3 + minimumCount: 0 + name: 'CAW01' + workloadProfileType: 'D4' + } + ] } } ``` @@ -260,7 +281,7 @@ module managedEnvironment 'br/public:avm/res/app/managed-environment:' "value": "" }, "infrastructureResourceGroupName": { - "value": "" + "value": "me-dep-app.managedenvironments-amewaf-rg" }, "infrastructureSubnetId": { "value": "" @@ -290,7 +311,14 @@ module managedEnvironment 'br/public:avm/res/app/managed-environment:' } }, "workloadProfiles": { - "value": "" + "value": [ + { + "maximumCount": 3, + "minimumCount": 0, + "name": "CAW01", + "workloadProfileType": "D4" + } + ] } } } diff --git a/avm/res/app/managed-environment/tests/e2e/max/main.test.bicep b/avm/res/app/managed-environment/tests/e2e/max/main.test.bicep index c1e6271424..e0035b69d0 100644 --- a/avm/res/app/managed-environment/tests/e2e/max/main.test.bicep +++ b/avm/res/app/managed-environment/tests/e2e/max/main.test.bicep @@ -10,9 +10,6 @@ metadata description = 'This instance deploys the module with most of its featur @maxLength(90) param resourceGroupName string = 'dep-${namePrefix}-app.managedenvironments-${serviceShort}-rg' -@description('Optional. The name of the infrastructre resource group to deploy for testing purposes.') -param infrastructureResourceGroupName string = 'me-dep-${namePrefix}-app.managedenvironments-${serviceShort}-rg' - @description('Optional. The location to deploy resources to.') param location string = deployment().location @@ -25,16 +22,6 @@ param enableTelemetry bool = true @description('Optional. A token to inject into the name of each resource.') param namePrefix string = '#_namePrefix_#' -@description('Optional. WorkloadProfile') -param workloadProfiles array = [ - { - workloadProfileType: 'D4' - name: 'CAW01' - minimumCount: 0 - maximumCount: 3 - } -] - // =========== // // Deployments // // =========== // @@ -69,13 +56,20 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' name: '${namePrefix}${serviceShort}001' logAnalyticsWorkspaceResourceId: nestedDependencies.outputs.logAnalyticsWorkspaceResourceId location: location - workloadProfiles: workloadProfiles + workloadProfiles: [ + { + workloadProfileType: 'D4' + name: 'CAW01' + minimumCount: 0 + maximumCount: 3 + } + ] internal: true dockerBridgeCidr: '172.16.0.1/28' platformReservedCidr: '172.17.17.0/24' platformReservedDnsIP: '172.17.17.17' infrastructureSubnetId: nestedDependencies.outputs.subnetResourceId - infrastructureResourceGroupName: infrastructureResourceGroupName + infrastructureResourceGroupName: 'me-dep-${namePrefix}-app.managedenvironments-${serviceShort}-rg' lock: { kind: 'CanNotDelete' name: 'myCustomLockName' diff --git a/avm/res/app/managed-environment/tests/e2e/waf-aligned/main.test.bicep b/avm/res/app/managed-environment/tests/e2e/waf-aligned/main.test.bicep index 06305a91d0..a7d8b72d1f 100644 --- a/avm/res/app/managed-environment/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/app/managed-environment/tests/e2e/waf-aligned/main.test.bicep @@ -10,9 +10,6 @@ metadata description = 'This instance deploys the module in alignment with the b @maxLength(90) param resourceGroupName string = 'dep-${namePrefix}-app.managedenvironments-${serviceShort}-rg' -@description('Optional. The name of the infrastructre resource group to deploy for testing purposes.') -param infrastructureResourceGroupName string = 'me-dep-${namePrefix}-app.managedenvironments-${serviceShort}-rg' - @description('Optional. The location to deploy resources to.') param location string = deployment().location @@ -25,15 +22,6 @@ param enableTelemetry bool = true @description('Optional. A token to inject into the name of each resource.') param namePrefix string = '#_namePrefix_#' -@description('Optional. WorkloadProfile') -param workloadProfiles array = [ - { - workloadProfileType: 'D4' - name: 'CAW01' - minimumCount: 0 - maximumCount: 3 - } -] // =========== // // Deployments // // =========== // @@ -68,13 +56,20 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' name: '${namePrefix}${serviceShort}001' logAnalyticsWorkspaceResourceId: nestedDependencies.outputs.logAnalyticsWorkspaceResourceId location: location - workloadProfiles: workloadProfiles + workloadProfiles: [ + { + workloadProfileType: 'D4' + name: 'CAW01' + minimumCount: 0 + maximumCount: 3 + } + ] internal: true dockerBridgeCidr: '172.16.0.1/28' platformReservedCidr: '172.17.17.0/24' platformReservedDnsIP: '172.17.17.17' infrastructureSubnetId: nestedDependencies.outputs.subnetResourceId - infrastructureResourceGroupName: infrastructureResourceGroupName + infrastructureResourceGroupName: 'me-dep-${namePrefix}-app.managedenvironments-${serviceShort}-rg' lock: { kind: 'CanNotDelete' name: 'myCustomLockName' From 7edd0ee17e3ac7de15a0d591597bd74e0dd8fc1a Mon Sep 17 00:00:00 2001 From: arnoldna Date: Thu, 21 Dec 2023 14:53:40 -0700 Subject: [PATCH 20/21] Added manged identities tests --- avm/res/app/managed-environment/README.md | 80 ++++++++++++++++++- .../tests/e2e/max/dependencies.bicep | 11 +++ .../tests/e2e/max/main.test.bicep | 21 ++++- .../tests/e2e/waf-aligned/dependencies.bicep | 11 +++ .../tests/e2e/waf-aligned/main.test.bicep | 20 ++++- 5 files changed, 137 insertions(+), 6 deletions(-) diff --git a/avm/res/app/managed-environment/README.md b/avm/res/app/managed-environment/README.md index 6db1df66a9..790dd03159 100644 --- a/avm/res/app/managed-environment/README.md +++ b/avm/res/app/managed-environment/README.md @@ -110,7 +110,7 @@ module managedEnvironment 'br/public:avm/res/app/managed-environment:' // Non-required parameters dockerBridgeCidr: '172.16.0.1/28' enableTelemetry: '' - infrastructureResourceGroupName: 'me-dep-app.managedenvironments-amemax-rg' + infrastructureResourceGroupName: '' infrastructureSubnetId: '' internal: true location: '' @@ -120,6 +120,23 @@ module managedEnvironment 'br/public:avm/res/app/managed-environment:' } platformReservedCidr: '172.17.17.0/24' platformReservedDnsIP: '172.17.17.17' + roleAssignments: [ + { + principalId: '' + principalType: 'ServicePrincipal' + roleDefinitionIdOrName: 'Owner' + } + { + principalId: '' + principalType: 'ServicePrincipal' + roleDefinitionIdOrName: 'b24988ac-6180-42a0-ab88-20f7382dd24c' + } + { + principalId: '' + principalType: 'ServicePrincipal' + roleDefinitionIdOrName: '' + } + ] tags: { Env: 'test' 'hidden-title': 'This is visible in the resource name' @@ -163,7 +180,7 @@ module managedEnvironment 'br/public:avm/res/app/managed-environment:' "value": "" }, "infrastructureResourceGroupName": { - "value": "me-dep-app.managedenvironments-amemax-rg" + "value": "" }, "infrastructureSubnetId": { "value": "" @@ -186,6 +203,25 @@ module managedEnvironment 'br/public:avm/res/app/managed-environment:' "platformReservedDnsIP": { "value": "172.17.17.17" }, + "roleAssignments": { + "value": [ + { + "principalId": "", + "principalType": "ServicePrincipal", + "roleDefinitionIdOrName": "Owner" + }, + { + "principalId": "", + "principalType": "ServicePrincipal", + "roleDefinitionIdOrName": "b24988ac-6180-42a0-ab88-20f7382dd24c" + }, + { + "principalId": "", + "principalType": "ServicePrincipal", + "roleDefinitionIdOrName": "" + } + ] + }, "tags": { "value": { "Env": "test", @@ -228,7 +264,7 @@ module managedEnvironment 'br/public:avm/res/app/managed-environment:' // Non-required parameters dockerBridgeCidr: '172.16.0.1/28' enableTelemetry: '' - infrastructureResourceGroupName: 'me-dep-app.managedenvironments-amewaf-rg' + infrastructureResourceGroupName: '' infrastructureSubnetId: '' internal: true location: '' @@ -238,6 +274,23 @@ module managedEnvironment 'br/public:avm/res/app/managed-environment:' } platformReservedCidr: '172.17.17.0/24' platformReservedDnsIP: '172.17.17.17' + roleAssignments: [ + { + principalId: '' + principalType: 'ServicePrincipal' + roleDefinitionIdOrName: 'Owner' + } + { + principalId: '' + principalType: 'ServicePrincipal' + roleDefinitionIdOrName: 'b24988ac-6180-42a0-ab88-20f7382dd24c' + } + { + principalId: '' + principalType: 'ServicePrincipal' + roleDefinitionIdOrName: '' + } + ] tags: { Env: 'test' 'hidden-title': 'This is visible in the resource name' @@ -281,7 +334,7 @@ module managedEnvironment 'br/public:avm/res/app/managed-environment:' "value": "" }, "infrastructureResourceGroupName": { - "value": "me-dep-app.managedenvironments-amewaf-rg" + "value": "" }, "infrastructureSubnetId": { "value": "" @@ -304,6 +357,25 @@ module managedEnvironment 'br/public:avm/res/app/managed-environment:' "platformReservedDnsIP": { "value": "172.17.17.17" }, + "roleAssignments": { + "value": [ + { + "principalId": "", + "principalType": "ServicePrincipal", + "roleDefinitionIdOrName": "Owner" + }, + { + "principalId": "", + "principalType": "ServicePrincipal", + "roleDefinitionIdOrName": "b24988ac-6180-42a0-ab88-20f7382dd24c" + }, + { + "principalId": "", + "principalType": "ServicePrincipal", + "roleDefinitionIdOrName": "" + } + ] + }, "tags": { "value": { "Env": "test", diff --git a/avm/res/app/managed-environment/tests/e2e/max/dependencies.bicep b/avm/res/app/managed-environment/tests/e2e/max/dependencies.bicep index 8d908b1603..1bf3d4e873 100644 --- a/avm/res/app/managed-environment/tests/e2e/max/dependencies.bicep +++ b/avm/res/app/managed-environment/tests/e2e/max/dependencies.bicep @@ -7,6 +7,9 @@ param logAnalyticsWorkspaceName string @description('Required. The name of the Virtual Network to create.') param virtualNetworkName string +@description('Required. The name of the Managed Identity to create.') +param managedIdentityName string + var addressPrefix = '10.0.0.0/16' resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2022-10-01' = { @@ -52,8 +55,16 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = { } +resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = { + name: managedIdentityName + location: location +} + @description('The resource ID of the created Log Analytics Workspace.') output logAnalyticsWorkspaceResourceId string = logAnalyticsWorkspace.id @description('The resource ID of the created Virtual Network Subnet.') output subnetResourceId string = virtualNetwork.properties.subnets[0].id + +@description('The principal ID of the created Managed Identity.') +output managedIdentityPrincipalId string = managedIdentity.properties.principalId diff --git a/avm/res/app/managed-environment/tests/e2e/max/main.test.bicep b/avm/res/app/managed-environment/tests/e2e/max/main.test.bicep index e0035b69d0..0026255a2c 100644 --- a/avm/res/app/managed-environment/tests/e2e/max/main.test.bicep +++ b/avm/res/app/managed-environment/tests/e2e/max/main.test.bicep @@ -40,6 +40,7 @@ module nestedDependencies 'dependencies.bicep' = { logAnalyticsWorkspaceName: 'dep-${namePrefix}-law-${serviceShort}' virtualNetworkName: 'dep-${namePrefix}-vnet-${serviceShort}' location: location + managedIdentityName: 'dep-${namePrefix}-msi-${serviceShort}' } } @@ -69,7 +70,25 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' platformReservedCidr: '172.17.17.0/24' platformReservedDnsIP: '172.17.17.17' infrastructureSubnetId: nestedDependencies.outputs.subnetResourceId - infrastructureResourceGroupName: 'me-dep-${namePrefix}-app.managedenvironments-${serviceShort}-rg' + infrastructureResourceGroupName: 'me-${resourceGroupName}' + roleAssignments: [ + { + roleDefinitionIdOrName: 'Owner' + principalId: nestedDependencies.outputs.managedIdentityPrincipalId + principalType: 'ServicePrincipal' + } + { + roleDefinitionIdOrName: 'b24988ac-6180-42a0-ab88-20f7382dd24c' + principalId: nestedDependencies.outputs.managedIdentityPrincipalId + principalType: 'ServicePrincipal' + } + { + roleDefinitionIdOrName: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') + principalId: nestedDependencies.outputs.managedIdentityPrincipalId + principalType: 'ServicePrincipal' + } + ] + lock: { kind: 'CanNotDelete' name: 'myCustomLockName' diff --git a/avm/res/app/managed-environment/tests/e2e/waf-aligned/dependencies.bicep b/avm/res/app/managed-environment/tests/e2e/waf-aligned/dependencies.bicep index 8d908b1603..1bf3d4e873 100644 --- a/avm/res/app/managed-environment/tests/e2e/waf-aligned/dependencies.bicep +++ b/avm/res/app/managed-environment/tests/e2e/waf-aligned/dependencies.bicep @@ -7,6 +7,9 @@ param logAnalyticsWorkspaceName string @description('Required. The name of the Virtual Network to create.') param virtualNetworkName string +@description('Required. The name of the Managed Identity to create.') +param managedIdentityName string + var addressPrefix = '10.0.0.0/16' resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2022-10-01' = { @@ -52,8 +55,16 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = { } +resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = { + name: managedIdentityName + location: location +} + @description('The resource ID of the created Log Analytics Workspace.') output logAnalyticsWorkspaceResourceId string = logAnalyticsWorkspace.id @description('The resource ID of the created Virtual Network Subnet.') output subnetResourceId string = virtualNetwork.properties.subnets[0].id + +@description('The principal ID of the created Managed Identity.') +output managedIdentityPrincipalId string = managedIdentity.properties.principalId diff --git a/avm/res/app/managed-environment/tests/e2e/waf-aligned/main.test.bicep b/avm/res/app/managed-environment/tests/e2e/waf-aligned/main.test.bicep index a7d8b72d1f..b408c44363 100644 --- a/avm/res/app/managed-environment/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/app/managed-environment/tests/e2e/waf-aligned/main.test.bicep @@ -40,6 +40,7 @@ module nestedDependencies 'dependencies.bicep' = { logAnalyticsWorkspaceName: 'dep-${namePrefix}-law-${serviceShort}' virtualNetworkName: 'dep-${namePrefix}-vnet-${serviceShort}' location: location + managedIdentityName: 'dep-${namePrefix}-msi-${serviceShort}' } } @@ -69,7 +70,24 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' platformReservedCidr: '172.17.17.0/24' platformReservedDnsIP: '172.17.17.17' infrastructureSubnetId: nestedDependencies.outputs.subnetResourceId - infrastructureResourceGroupName: 'me-dep-${namePrefix}-app.managedenvironments-${serviceShort}-rg' + infrastructureResourceGroupName: 'me-${resourceGroupName}' + roleAssignments: [ + { + roleDefinitionIdOrName: 'Owner' + principalId: nestedDependencies.outputs.managedIdentityPrincipalId + principalType: 'ServicePrincipal' + } + { + roleDefinitionIdOrName: 'b24988ac-6180-42a0-ab88-20f7382dd24c' + principalId: nestedDependencies.outputs.managedIdentityPrincipalId + principalType: 'ServicePrincipal' + } + { + roleDefinitionIdOrName: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') + principalId: nestedDependencies.outputs.managedIdentityPrincipalId + principalType: 'ServicePrincipal' + } + ] lock: { kind: 'CanNotDelete' name: 'myCustomLockName' From 21c4acd0a963d02b8757891227f9f69a33ee7997 Mon Sep 17 00:00:00 2001 From: arnoldna Date: Thu, 21 Dec 2023 15:05:53 -0700 Subject: [PATCH 21/21] Removed telemetry from test cases --- avm/res/app/managed-environment/README.md | 12 ------------ .../tests/e2e/defaults/main.test.bicep | 4 ---- .../tests/e2e/max/main.test.bicep | 4 ---- .../tests/e2e/waf-aligned/main.test.bicep | 4 ---- 4 files changed, 24 deletions(-) diff --git a/avm/res/app/managed-environment/README.md b/avm/res/app/managed-environment/README.md index 790dd03159..ce6b11fe9f 100644 --- a/avm/res/app/managed-environment/README.md +++ b/avm/res/app/managed-environment/README.md @@ -52,7 +52,6 @@ module managedEnvironment 'br/public:avm/res/app/managed-environment:' logAnalyticsWorkspaceResourceId: '' name: 'amemin001' // Non-required parameters - enableTelemetry: '' location: '' } } @@ -78,9 +77,6 @@ module managedEnvironment 'br/public:avm/res/app/managed-environment:' "value": "amemin001" }, // Non-required parameters - "enableTelemetry": { - "value": "" - }, "location": { "value": "" } @@ -109,7 +105,6 @@ module managedEnvironment 'br/public:avm/res/app/managed-environment:' name: 'amemax001' // Non-required parameters dockerBridgeCidr: '172.16.0.1/28' - enableTelemetry: '' infrastructureResourceGroupName: '' infrastructureSubnetId: '' internal: true @@ -176,9 +171,6 @@ module managedEnvironment 'br/public:avm/res/app/managed-environment:' "dockerBridgeCidr": { "value": "172.16.0.1/28" }, - "enableTelemetry": { - "value": "" - }, "infrastructureResourceGroupName": { "value": "" }, @@ -263,7 +255,6 @@ module managedEnvironment 'br/public:avm/res/app/managed-environment:' name: 'amewaf001' // Non-required parameters dockerBridgeCidr: '172.16.0.1/28' - enableTelemetry: '' infrastructureResourceGroupName: '' infrastructureSubnetId: '' internal: true @@ -330,9 +321,6 @@ module managedEnvironment 'br/public:avm/res/app/managed-environment:' "dockerBridgeCidr": { "value": "172.16.0.1/28" }, - "enableTelemetry": { - "value": "" - }, "infrastructureResourceGroupName": { "value": "" }, diff --git a/avm/res/app/managed-environment/tests/e2e/defaults/main.test.bicep b/avm/res/app/managed-environment/tests/e2e/defaults/main.test.bicep index 0d71b8d8b1..f179249367 100644 --- a/avm/res/app/managed-environment/tests/e2e/defaults/main.test.bicep +++ b/avm/res/app/managed-environment/tests/e2e/defaults/main.test.bicep @@ -16,9 +16,6 @@ param location string = deployment().location @description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') param serviceShort string = 'amemin' -@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') -param enableTelemetry bool = true - @description('Optional. A token to inject into the name of each resource.') param namePrefix string = '#_namePrefix_#' @@ -51,7 +48,6 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' scope: resourceGroup name: '${uniqueString(deployment().name, location)}-test-${serviceShort}-${iteration}' params: { - enableTelemetry: enableTelemetry name: '${namePrefix}${serviceShort}001' location: location logAnalyticsWorkspaceResourceId: nestedDependencies.outputs.logAnalyticsWorkspaceResourceId diff --git a/avm/res/app/managed-environment/tests/e2e/max/main.test.bicep b/avm/res/app/managed-environment/tests/e2e/max/main.test.bicep index 0026255a2c..185e91544b 100644 --- a/avm/res/app/managed-environment/tests/e2e/max/main.test.bicep +++ b/avm/res/app/managed-environment/tests/e2e/max/main.test.bicep @@ -16,9 +16,6 @@ param location string = deployment().location @description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') param serviceShort string = 'amemax' -@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') -param enableTelemetry bool = true - @description('Optional. A token to inject into the name of each resource.') param namePrefix string = '#_namePrefix_#' @@ -53,7 +50,6 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' scope: resourceGroup name: '${uniqueString(deployment().name, location)}-test-${serviceShort}-${iteration}' params: { - enableTelemetry: enableTelemetry name: '${namePrefix}${serviceShort}001' logAnalyticsWorkspaceResourceId: nestedDependencies.outputs.logAnalyticsWorkspaceResourceId location: location diff --git a/avm/res/app/managed-environment/tests/e2e/waf-aligned/main.test.bicep b/avm/res/app/managed-environment/tests/e2e/waf-aligned/main.test.bicep index b408c44363..011da928e4 100644 --- a/avm/res/app/managed-environment/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/app/managed-environment/tests/e2e/waf-aligned/main.test.bicep @@ -16,9 +16,6 @@ param location string = deployment().location @description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') param serviceShort string = 'amewaf' -@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).') -param enableTelemetry bool = true - @description('Optional. A token to inject into the name of each resource.') param namePrefix string = '#_namePrefix_#' @@ -53,7 +50,6 @@ module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' scope: resourceGroup name: '${uniqueString(deployment().name, location)}-test-${serviceShort}-${iteration}' params: { - enableTelemetry: enableTelemetry name: '${namePrefix}${serviceShort}001' logAnalyticsWorkspaceResourceId: nestedDependencies.outputs.logAnalyticsWorkspaceResourceId location: location