From cb012dfd0959bdac00dca172becf433c03b47138 Mon Sep 17 00:00:00 2001 From: tsweatman1 <155660739+tsweatman1@users.noreply.github.com> Date: Tue, 29 Oct 2024 18:57:31 -0400 Subject: [PATCH] 1111 mlz add ons update component order in naming convention (#1118) * issue 1111 * naming convention and prefix count * GitHub Action: Build Bicep to JSON * Fixed max length in regex * Alphabetized params * GitHub Action: Build Bicep to JSON * Alphabetized params & var value * GitHub Action: Build Bicep to JSON * Alphabetized param, Removed empty line * GitHub Action: Build Bicep to JSON --------- Co-authored-by: github-actions Co-authored-by: Jason Masten --- src/bicep/form/mlz.portal.json | 6 +- src/bicep/mlz.bicep | 6 +- src/bicep/mlz.json | 102 +++++++++++++----- src/bicep/modules/linux-virtual-machine.bicep | 3 +- src/bicep/modules/naming-convention.bicep | 15 ++- src/bicep/modules/storage-account.bicep | 40 +++++-- src/bicep/modules/storage.bicep | 6 +- 7 files changed, 128 insertions(+), 50 deletions(-) diff --git a/src/bicep/form/mlz.portal.json b/src/bicep/form/mlz.portal.json index 77cc1d799..aaccce588 100644 --- a/src/bicep/form/mlz.portal.json +++ b/src/bicep/form/mlz.portal.json @@ -229,13 +229,13 @@ "label": "Resource Naming Prefix", "type": "Microsoft.Common.TextBox", "defaultValue": "", - "toolTip": "Specify a prefix (min 3 and max 6 lowercase characters and numbers) to prepend to all resources.", + "toolTip": "Specify a prefix (min 1 and max 6 lowercase characters and numbers) to prepend to all resources.", "constraints": { "required": true, "validations": [ { - "regex": "^[a-z][a-z0-9]{1,5}$", - "message": "The prefix must contain alphanumeric characters, begin with a letter, letters must be lowercase, and the length must be between 3 to 6 characters." + "regex": "^[a-z0-9]{1,6}$", + "message": "The prefix must contain alphanumeric characters, letters must be lowercase, and the length must be between 1 to 6 characters." } ] } diff --git a/src/bicep/mlz.bicep b/src/bicep/mlz.bicep index 75ee30713..6d54067ed 100644 --- a/src/bicep/mlz.bicep +++ b/src/bicep/mlz.bicep @@ -7,9 +7,9 @@ targetScope = 'subscription' // REQUIRED PARAMETERS -@minLength(3) +@minLength(1) @maxLength(6) -@description('A prefix, 3-6 alphanumeric characters without whitespace, used to prefix resources and generate uniqueness for resources with globally unique naming requirements like Storage Accounts and Log Analytics Workspaces') +@description('A prefix, 1-6 alphanumeric characters without whitespace, used to prefix resources and generate uniqueness for resources with globally unique naming requirements like Storage Accounts and Log Analytics Workspaces') param resourcePrefix string @allowed([ @@ -725,10 +725,12 @@ module storage 'modules/storage.bicep' = { blobsPrivateDnsZoneResourceId: networking.outputs.privateDnsZoneResourceIds.blob //deployIdentity: deployIdentity deploymentNameSuffix: deploymentNameSuffix + filesPrivateDnsZoneResourceId: networking.outputs.privateDnsZoneResourceIds.file keyVaultUri: customerManagedKeys.outputs.keyVaultUri location: location logStorageSkuName: logStorageSkuName mlzTags: logic.outputs.mlzTags + queuesPrivateDnsZoneResourceId: networking.outputs.privateDnsZoneResourceIds.queue resourceGroupNames: resourceGroups.outputs.names serviceToken: logic.outputs.tokens.service storageEncryptionKeyName: customerManagedKeys.outputs.storageKeyName diff --git a/src/bicep/mlz.json b/src/bicep/mlz.json index 2dc902750..f56a0f152 100644 --- a/src/bicep/mlz.json +++ b/src/bicep/mlz.json @@ -5,16 +5,16 @@ "_generator": { "name": "bicep", "version": "0.30.23.60470", - "templateHash": "12938630250141528569" + "templateHash": "16541325671879840467" } }, "parameters": { "resourcePrefix": { "type": "string", - "minLength": 3, + "minLength": 1, "maxLength": 6, "metadata": { - "description": "A prefix, 3-6 alphanumeric characters without whitespace, used to prefix resources and generate uniqueness for resources with globally unique naming requirements like Storage Accounts and Log Analytics Workspaces" + "description": "A prefix, 1-6 alphanumeric characters without whitespace, used to prefix resources and generate uniqueness for resources with globally unique naming requirements like Storage Accounts and Log Analytics Workspaces" } }, "environmentAbbreviation": { @@ -888,7 +888,7 @@ "_generator": { "name": "bicep", "version": "0.30.23.60470", - "templateHash": "11424932506966599764" + "templateHash": "16220429751656280628" } }, "parameters": { @@ -968,7 +968,7 @@ "_generator": { "name": "bicep", "version": "0.30.23.60470", - "templateHash": "7616623366375139473" + "templateHash": "3270228280505109788" } }, "parameters": { @@ -994,6 +994,7 @@ "tokens": { "type": "object", "defaultValue": { + "purpose": "purpose_token", "resource": "resource_token", "service": "service_token" } @@ -1429,8 +1430,8 @@ "locations": "[variables('$fxv#0')[environment().name]]", "locationAbbreviation": "[variables('locations')[parameters('location')].abbreviation]", "resourceAbbreviations": "[variables('$fxv#1')]", - "namingConvention": "[format('{0}-{1}{2}-{3}-{4}-{5}', toLower(parameters('resourcePrefix')), if(empty(parameters('stampIndex')), '', format('{0}-', parameters('stampIndex'))), parameters('tokens').resource, parameters('networkName'), parameters('environmentAbbreviation'), variables('locationAbbreviation'))]", - "namingConvention_Service": "[format('{0}-{1}{2}-{3}-{4}-{5}-{6}', toLower(parameters('resourcePrefix')), if(empty(parameters('stampIndex')), '', format('{0}-', parameters('stampIndex'))), parameters('tokens').resource, parameters('tokens').service, parameters('networkName'), parameters('environmentAbbreviation'), variables('locationAbbreviation'))]", + "namingConvention": "[format('{0}-{1}{2}-{3}-{4}-{5}', toLower(parameters('resourcePrefix')), if(empty(parameters('stampIndex')), '', format('{0}-', parameters('stampIndex'))), parameters('tokens').resource, parameters('networkName'), variables('locationAbbreviation'), parameters('environmentAbbreviation'))]", + "namingConvention_Service": "[format('{0}-{1}{2}-{3}-{4}-{5}-{6}', toLower(parameters('resourcePrefix')), if(empty(parameters('stampIndex')), '', format('{0}-', parameters('stampIndex'))), parameters('tokens').resource, parameters('networkName'), parameters('tokens').service, variables('locationAbbreviation'), parameters('environmentAbbreviation'))]", "names": { "actionGroup": "[replace(variables('namingConvention'), parameters('tokens').resource, variables('resourceAbbreviations').actionGroups)]", "applicationGroup": "[replace(variables('namingConvention_Service'), parameters('tokens').resource, variables('resourceAbbreviations').applicationGroups)]", @@ -1489,8 +1490,14 @@ "routeTable": "[replace(variables('namingConvention'), parameters('tokens').resource, variables('resourceAbbreviations').routeTables)]", "storageAccount": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, variables('resourceAbbreviations').storageAccounts), parameters('networkName'), parameters('networkShortName'))]", "storageAccountDiagnosticSetting": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, variables('resourceAbbreviations').diagnosticSettings), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, variables('resourceAbbreviations').storageAccounts))]", - "storageAccountNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, variables('resourceAbbreviations').networkInterfaces), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, variables('resourceAbbreviations').storageAccounts))]", - "storageAccountPrivateEndpoint": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, variables('resourceAbbreviations').privateEndpoints), parameters('tokens').service, format('{0}-{1}', parameters('tokens').service, variables('resourceAbbreviations').storageAccounts))]", + "storageAccountBlobNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, variables('resourceAbbreviations').networkInterfaces), parameters('tokens').service, format('{0}-blob', variables('resourceAbbreviations').storageAccounts))]", + "storageAccountFileNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, variables('resourceAbbreviations').networkInterfaces), parameters('tokens').service, format('{0}-file', variables('resourceAbbreviations').storageAccounts))]", + "storageAccountQueueNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, variables('resourceAbbreviations').networkInterfaces), parameters('tokens').service, format('{0}-queue', variables('resourceAbbreviations').storageAccounts))]", + "storageAccountTableNetworkInterface": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, variables('resourceAbbreviations').networkInterfaces), parameters('tokens').service, format('{0}-table', variables('resourceAbbreviations').storageAccounts))]", + "storageAccountBlobPrivateEndpoint": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, variables('resourceAbbreviations').privateEndpoints), parameters('tokens').service, format('{0}-blob', variables('resourceAbbreviations').storageAccounts))]", + "storageAccountFilePrivateEndpoint": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, variables('resourceAbbreviations').privateEndpoints), parameters('tokens').service, format('{0}-file', variables('resourceAbbreviations').storageAccounts))]", + "storageAccountQueuePrivateEndpoint": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, variables('resourceAbbreviations').privateEndpoints), parameters('tokens').service, format('{0}-queue', variables('resourceAbbreviations').storageAccounts))]", + "storageAccountTablePrivateEndpoint": "[replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, variables('resourceAbbreviations').privateEndpoints), parameters('tokens').service, format('{0}-table', variables('resourceAbbreviations').storageAccounts))]", "subnet": "[replace(variables('namingConvention'), parameters('tokens').resource, variables('resourceAbbreviations').subnets)]", "userAssignedIdentity": "[replace(variables('namingConvention_Service'), parameters('tokens').resource, variables('resourceAbbreviations').userAssignedIdentities)]", "virtualMachine": "[replace(replace(replace(replace(variables('namingConvention_Service'), parameters('tokens').resource, variables('resourceAbbreviations').virtualMachines), parameters('environmentAbbreviation'), first(parameters('environmentAbbreviation'))), parameters('networkName'), ''), '-', '')]", @@ -5703,7 +5710,7 @@ "_generator": { "name": "bicep", "version": "0.30.23.60470", - "templateHash": "5548269850951921678" + "templateHash": "3503875367735395147" } }, "parameters": { @@ -6040,7 +6047,7 @@ "_generator": { "name": "bicep", "version": "0.30.23.60470", - "templateHash": "15035921308988452197" + "templateHash": "5686981733462823694" } }, "parameters": { @@ -6195,7 +6202,7 @@ }, { "type": "Microsoft.Compute/virtualMachines/extensions", - "apiVersion": "2021-03-01", + "apiVersion": "2024-03-01", "name": "[format('{0}/{1}', parameters('name'), 'GuestAttestation')]", "location": "[parameters('location')]", "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Compute/virtualMachines'), parameters('tags')['Microsoft.Compute/virtualMachines'], createObject()), parameters('mlzTags'))]", @@ -6204,7 +6211,6 @@ "type": "GuestAttestation", "typeHandlerVersion": "1.0", "autoUpgradeMinorVersion": true, - "enableAutomaticUpgrade": true, "settings": { "AttestationConfig": { "MaaSettings": { @@ -6903,6 +6909,9 @@ "deploymentNameSuffix": { "value": "[parameters('deploymentNameSuffix')]" }, + "filesPrivateDnsZoneResourceId": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.privateDnsZoneResourceIds.value.file]" + }, "keyVaultUri": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-cmk-hub-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.keyVaultUri.value]" }, @@ -6915,6 +6924,9 @@ "mlzTags": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('get-logic-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.mlzTags.value]" }, + "queuesPrivateDnsZoneResourceId": { + "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-networking-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.privateDnsZoneResourceIds.value.queue]" + }, "resourceGroupNames": { "value": "[reference(subscriptionResourceId('Microsoft.Resources/deployments', format('deploy-resource-groups-{0}', parameters('deploymentNameSuffix'))), '2022-09-01').outputs.names.value]" }, @@ -6944,7 +6956,7 @@ "_generator": { "name": "bicep", "version": "0.30.23.60470", - "templateHash": "15851262372533796124" + "templateHash": "11618493610681415173" } }, "parameters": { @@ -6954,6 +6966,9 @@ "deploymentNameSuffix": { "type": "string" }, + "filesPrivateDnsZoneResourceId": { + "type": "string" + }, "keyVaultUri": { "type": "string" }, @@ -6966,6 +6981,9 @@ "mlzTags": { "type": "object" }, + "queuesPrivateDnsZoneResourceId": { + "type": "string" + }, "resourceGroupNames": { "type": "array" }, @@ -7008,6 +7026,9 @@ "blobsPrivateDnsZoneResourceId": { "value": "[parameters('blobsPrivateDnsZoneResourceId')]" }, + "filesPrivateDnsZoneResourceId": { + "value": "[parameters('filesPrivateDnsZoneResourceId')]" + }, "keyVaultUri": { "value": "[parameters('keyVaultUri')]" }, @@ -7017,6 +7038,9 @@ "mlzTags": { "value": "[parameters('mlzTags')]" }, + "queuesPrivateDnsZoneResourceId": { + "value": "[parameters('queuesPrivateDnsZoneResourceId')]" + }, "serviceToken": { "value": "[parameters('serviceToken')]" }, @@ -7049,13 +7073,16 @@ "_generator": { "name": "bicep", "version": "0.30.23.60470", - "templateHash": "10231061264498799420" + "templateHash": "13359240625570837130" } }, "parameters": { "blobsPrivateDnsZoneResourceId": { "type": "string" }, + "filesPrivateDnsZoneResourceId": { + "type": "string" + }, "keyVaultUri": { "type": "string" }, @@ -7065,6 +7092,9 @@ "mlzTags": { "type": "object" }, + "queuesPrivateDnsZoneResourceId": { + "type": "string" + }, "serviceToken": { "type": "string" }, @@ -7091,9 +7121,27 @@ } }, "variables": { - "zones": [ - "[parameters('blobsPrivateDnsZoneResourceId')]", - "[parameters('tablesPrivateDnsZoneResourceId')]" + "subResources": [ + { + "id": "[parameters('blobsPrivateDnsZoneResourceId')]", + "nic": "[parameters('tier').namingConvention.storageAccountBlobNetworkInterface]", + "pe": "[parameters('tier').namingConvention.storageAccountBlobPrivateEndpoint]" + }, + { + "id": "[parameters('filesPrivateDnsZoneResourceId')]", + "nic": "[parameters('tier').namingConvention.storageAccountFileNetworkInterface]", + "pe": "[parameters('tier').namingConvention.storageAccountFilePrivateEndpoint]" + }, + { + "id": "[parameters('queuesPrivateDnsZoneResourceId')]", + "nic": "[parameters('tier').namingConvention.storageAccountQueueNetworkInterface]", + "pe": "[parameters('tier').namingConvention.storageAccountQueuePrivateEndpoint]" + }, + { + "id": "[parameters('tablesPrivateDnsZoneResourceId')]", + "nic": "[parameters('tier').namingConvention.storageAccountTableNetworkInterface]", + "pe": "[parameters('tier').namingConvention.storageAccountTablePrivateEndpoint]" + } ] }, "resources": [ @@ -7164,22 +7212,22 @@ { "copy": { "name": "privateEndpoints", - "count": "[length(variables('zones'))]" + "count": "[length(variables('subResources'))]" }, "type": "Microsoft.Network/privateEndpoints", "apiVersion": "2023-04-01", - "name": "[replace(parameters('tier').namingConvention.storageAccountPrivateEndpoint, parameters('serviceToken'), format('{0}-log', split(split(variables('zones')[copyIndex()], '/')[8], '.')[1]))]", + "name": "[variables('subResources')[copyIndex()].pe]", "location": "[parameters('location')]", "tags": "[union(if(contains(parameters('tags'), 'Microsoft.Network/privateEndpoints'), parameters('tags')['Microsoft.Network/privateEndpoints'], createObject()), parameters('mlzTags'))]", "properties": { - "customNetworkInterfaceName": "[replace(parameters('tier').namingConvention.storageAccountNetworkInterface, parameters('serviceToken'), format('{0}-log', split(split(variables('zones')[copyIndex()], '/')[8], '.')[1]))]", + "customNetworkInterfaceName": "[variables('subResources')[copyIndex()].nic]", "privateLinkServiceConnections": [ { - "name": "[replace(parameters('tier').namingConvention.storageAccountPrivateEndpoint, parameters('serviceToken'), format('{0}-log', split(split(variables('zones')[copyIndex()], '/')[8], '.')[1]))]", + "name": "[variables('subResources')[copyIndex()].pe]", "properties": { "privateLinkServiceId": "[resourceId('Microsoft.Storage/storageAccounts', uniqueString(replace(parameters('tier').namingConvention.storageAccount, parameters('serviceToken'), 'log'), resourceGroup().id))]", "groupIds": [ - "[split(split(variables('zones')[copyIndex()], '/')[8], '.')[1]]" + "[split(split(variables('subResources')[copyIndex()].id, '/')[8], '.')[1]]" ] } } @@ -7195,23 +7243,23 @@ { "copy": { "name": "privateDnsZoneGroups", - "count": "[length(variables('zones'))]" + "count": "[length(variables('subResources'))]" }, "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups", "apiVersion": "2021-08-01", - "name": "[format('{0}/{1}', replace(parameters('tier').namingConvention.storageAccountPrivateEndpoint, parameters('serviceToken'), format('{0}-log', split(split(variables('zones')[copyIndex()], '/')[8], '.')[1])), uniqueString(replace(parameters('tier').namingConvention.storageAccount, parameters('serviceToken'), 'log'), resourceGroup().id))]", + "name": "[format('{0}/{1}', variables('subResources')[copyIndex()].pe, uniqueString(replace(parameters('tier').namingConvention.storageAccount, parameters('serviceToken'), 'log'), resourceGroup().id))]", "properties": { "privateDnsZoneConfigs": [ { "name": "ipconfig1", "properties": { - "privateDnsZoneId": "[variables('zones')[copyIndex()]]" + "privateDnsZoneId": "[variables('subResources')[copyIndex()].id]" } } ] }, "dependsOn": [ - "[resourceId('Microsoft.Network/privateEndpoints', replace(parameters('tier').namingConvention.storageAccountPrivateEndpoint, parameters('serviceToken'), format('{0}-log', split(split(variables('zones')[copyIndex()], '/')[8], '.')[1])))]", + "[resourceId('Microsoft.Network/privateEndpoints', variables('subResources')[copyIndex()].pe)]", "[resourceId('Microsoft.Storage/storageAccounts', uniqueString(replace(parameters('tier').namingConvention.storageAccount, parameters('serviceToken'), 'log'), resourceGroup().id))]" ] } diff --git a/src/bicep/modules/linux-virtual-machine.bicep b/src/bicep/modules/linux-virtual-machine.bicep index c8f586480..50cb5379b 100644 --- a/src/bicep/modules/linux-virtual-machine.bicep +++ b/src/bicep/modules/linux-virtual-machine.bicep @@ -118,7 +118,7 @@ resource virtualMachine 'Microsoft.Compute/virtualMachines@2021-04-01' = { } } -resource guestAttestationExtension 'Microsoft.Compute/virtualMachines/extensions@2021-03-01' = { +resource guestAttestationExtension 'Microsoft.Compute/virtualMachines/extensions@2024-03-01' = { parent: virtualMachine name: 'GuestAttestation' location: location @@ -128,7 +128,6 @@ resource guestAttestationExtension 'Microsoft.Compute/virtualMachines/extensions type: 'GuestAttestation' typeHandlerVersion: '1.0' autoUpgradeMinorVersion: true - enableAutomaticUpgrade: true settings: { AttestationConfig: { MaaSettings: { diff --git a/src/bicep/modules/naming-convention.bicep b/src/bicep/modules/naming-convention.bicep index 1fc98d9f4..6e310959d 100644 --- a/src/bicep/modules/naming-convention.bicep +++ b/src/bicep/modules/naming-convention.bicep @@ -12,6 +12,7 @@ param networkShortName string param resourcePrefix string param stampIndex string = '' // Optional: Added to support AVD deployments param tokens object = { + purpose:'purpose_token' resource: 'resource_token' service: 'service_token' } @@ -33,8 +34,8 @@ var resourceAbbreviations = loadJsonContent('../data/resourceAbbreviations.json' */ -var namingConvention = '${toLower(resourcePrefix)}-${empty(stampIndex) ? '' : '${stampIndex}-'}${tokens.resource}-${networkName}-${environmentAbbreviation}-${locationAbbreviation}' -var namingConvention_Service = '${toLower(resourcePrefix)}-${empty(stampIndex) ? '' : '${stampIndex}-'}${tokens.resource}-${tokens.service}-${networkName}-${environmentAbbreviation}-${locationAbbreviation}' +var namingConvention = '${toLower(resourcePrefix)}-${empty(stampIndex) ? '' : '${stampIndex}-'}${tokens.resource}-${networkName}-${locationAbbreviation}-${environmentAbbreviation}' +var namingConvention_Service = '${toLower(resourcePrefix)}-${empty(stampIndex) ? '' : '${stampIndex}-'}${tokens.resource}-${networkName}-${tokens.service}-${locationAbbreviation}-${environmentAbbreviation}' /* @@ -106,8 +107,14 @@ var names = { routeTable: replace(namingConvention, tokens.resource, resourceAbbreviations.routeTables) storageAccount: replace(replace(namingConvention_Service, tokens.resource, resourceAbbreviations.storageAccounts), networkName, networkShortName) storageAccountDiagnosticSetting: replace(replace(namingConvention_Service, tokens.resource, resourceAbbreviations.diagnosticSettings), tokens.service, '${tokens.service}-${resourceAbbreviations.storageAccounts}') - storageAccountNetworkInterface: replace(replace(namingConvention_Service, tokens.resource, resourceAbbreviations.networkInterfaces), tokens.service, '${tokens.service}-${resourceAbbreviations.storageAccounts}') - storageAccountPrivateEndpoint: replace(replace(namingConvention_Service, tokens.resource, resourceAbbreviations.privateEndpoints), tokens.service, '${tokens.service}-${resourceAbbreviations.storageAccounts}') + storageAccountBlobNetworkInterface: replace(replace(namingConvention_Service, tokens.resource, resourceAbbreviations.networkInterfaces), tokens.service, '${resourceAbbreviations.storageAccounts}-blob') + storageAccountFileNetworkInterface: replace(replace(namingConvention_Service, tokens.resource, resourceAbbreviations.networkInterfaces), tokens.service, '${resourceAbbreviations.storageAccounts}-file') + storageAccountQueueNetworkInterface: replace(replace(namingConvention_Service, tokens.resource, resourceAbbreviations.networkInterfaces), tokens.service, '${resourceAbbreviations.storageAccounts}-queue') + storageAccountTableNetworkInterface: replace(replace(namingConvention_Service, tokens.resource, resourceAbbreviations.networkInterfaces), tokens.service, '${resourceAbbreviations.storageAccounts}-table') + storageAccountBlobPrivateEndpoint: replace(replace(namingConvention_Service, tokens.resource, resourceAbbreviations.privateEndpoints), tokens.service, '${resourceAbbreviations.storageAccounts}-blob') + storageAccountFilePrivateEndpoint: replace(replace(namingConvention_Service, tokens.resource, resourceAbbreviations.privateEndpoints), tokens.service, '${resourceAbbreviations.storageAccounts}-file') + storageAccountQueuePrivateEndpoint: replace(replace(namingConvention_Service, tokens.resource, resourceAbbreviations.privateEndpoints), tokens.service, '${resourceAbbreviations.storageAccounts}-queue') + storageAccountTablePrivateEndpoint: replace(replace(namingConvention_Service, tokens.resource, resourceAbbreviations.privateEndpoints), tokens.service, '${resourceAbbreviations.storageAccounts}-table') subnet: replace(namingConvention, tokens.resource, resourceAbbreviations.subnets) userAssignedIdentity: replace(namingConvention_Service, tokens.resource, resourceAbbreviations.userAssignedIdentities) virtualMachine: replace(replace(replace(replace(namingConvention_Service, tokens.resource, resourceAbbreviations.virtualMachines), environmentAbbreviation, first(environmentAbbreviation)), networkName, ''), '-', '') diff --git a/src/bicep/modules/storage-account.bicep b/src/bicep/modules/storage-account.bicep index 629122ea0..7e71ac73d 100644 --- a/src/bicep/modules/storage-account.bicep +++ b/src/bicep/modules/storage-account.bicep @@ -4,9 +4,11 @@ Licensed under the MIT License. */ param blobsPrivateDnsZoneResourceId string +param filesPrivateDnsZoneResourceId string param keyVaultUri string param location string param mlzTags object +param queuesPrivateDnsZoneResourceId string param serviceToken string param skuName string param storageEncryptionKeyName string @@ -16,9 +18,27 @@ param tags object param tier object param userAssignedIdentityResourceId string -var zones = [ - blobsPrivateDnsZoneResourceId - tablesPrivateDnsZoneResourceId +var subResources = [ + { + id: blobsPrivateDnsZoneResourceId + nic: tier.namingConvention.storageAccountBlobNetworkInterface + pe: tier.namingConvention.storageAccountBlobPrivateEndpoint + } + { + id: filesPrivateDnsZoneResourceId + nic: tier.namingConvention.storageAccountFileNetworkInterface + pe: tier.namingConvention.storageAccountFilePrivateEndpoint + } + { + id: queuesPrivateDnsZoneResourceId + nic: tier.namingConvention.storageAccountQueueNetworkInterface + pe: tier.namingConvention.storageAccountQueuePrivateEndpoint + } + { + id: tablesPrivateDnsZoneResourceId + nic: tier.namingConvention.storageAccountTableNetworkInterface + pe: tier.namingConvention.storageAccountTablePrivateEndpoint + } ] resource storageAccount 'Microsoft.Storage/storageAccounts@2023-01-01' = { @@ -84,19 +104,19 @@ resource storageAccount 'Microsoft.Storage/storageAccounts@2023-01-01' = { } } -resource privateEndpoints 'Microsoft.Network/privateEndpoints@2023-04-01' = [for (zone, i) in zones: { - name: replace(tier.namingConvention.storageAccountPrivateEndpoint, serviceToken, '${split(split(zone, '/')[8], '.')[1]}-log') +resource privateEndpoints 'Microsoft.Network/privateEndpoints@2023-04-01' = [for (resource, i) in subResources: { + name: resource.pe location: location tags: union(contains(tags, 'Microsoft.Network/privateEndpoints') ? tags['Microsoft.Network/privateEndpoints'] : {}, mlzTags) properties: { - customNetworkInterfaceName: replace(tier.namingConvention.storageAccountNetworkInterface, serviceToken, '${split(split(zone, '/')[8], '.')[1]}-log') + customNetworkInterfaceName: resource.nic privateLinkServiceConnections: [ { - name: replace(tier.namingConvention.storageAccountPrivateEndpoint, serviceToken, '${split(split(zone, '/')[8], '.')[1]}-log') + name: resource.pe properties: { privateLinkServiceId: storageAccount.id groupIds: [ - split(split(zone, '/')[8], '.')[1] + split(split(resource.id, '/')[8], '.')[1] ] } } @@ -107,7 +127,7 @@ resource privateEndpoints 'Microsoft.Network/privateEndpoints@2023-04-01' = [for } }] -resource privateDnsZoneGroups 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2021-08-01' = [for (zone, i) in zones: { +resource privateDnsZoneGroups 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2021-08-01' = [for (resource, i) in subResources: { parent: privateEndpoints[i] name: storageAccount.name properties: { @@ -116,7 +136,7 @@ resource privateDnsZoneGroups 'Microsoft.Network/privateEndpoints/privateDnsZone name: 'ipconfig1' properties: { #disable-next-line use-resource-id-functions - privateDnsZoneId: zone + privateDnsZoneId: resource.id } } ] diff --git a/src/bicep/modules/storage.bicep b/src/bicep/modules/storage.bicep index b90645e37..66963b552 100644 --- a/src/bicep/modules/storage.bicep +++ b/src/bicep/modules/storage.bicep @@ -8,10 +8,12 @@ targetScope = 'subscription' param blobsPrivateDnsZoneResourceId string //param deployIdentity bool param deploymentNameSuffix string +param filesPrivateDnsZoneResourceId string param keyVaultUri string param location string param logStorageSkuName string param mlzTags object +param queuesPrivateDnsZoneResourceId string param resourceGroupNames array param serviceToken string param storageEncryptionKeyName string @@ -25,9 +27,11 @@ module storageAccount 'storage-account.bicep' = [for (tier, i) in tiers: { scope: resourceGroup(tier.subscriptionId, resourceGroupNames[i]) params: { blobsPrivateDnsZoneResourceId: blobsPrivateDnsZoneResourceId + filesPrivateDnsZoneResourceId: filesPrivateDnsZoneResourceId keyVaultUri: keyVaultUri location: location mlzTags: mlzTags + queuesPrivateDnsZoneResourceId: queuesPrivateDnsZoneResourceId serviceToken: serviceToken skuName: logStorageSkuName storageEncryptionKeyName: storageEncryptionKeyName @@ -40,5 +44,3 @@ module storageAccount 'storage-account.bicep' = [for (tier, i) in tiers: { }] output storageAccountResourceIds array = [for (tier, i) in tiers: storageAccount[i].outputs.id] - -