Skip to content

Commit

Permalink
Merge branch 'Azure:main' into main
Browse files Browse the repository at this point in the history
  • Loading branch information
Menghua1 authored Nov 22, 2024
2 parents 09a0caa + b7ee1d6 commit b462fa9
Show file tree
Hide file tree
Showing 27 changed files with 893 additions and 554 deletions.
113 changes: 113 additions & 0 deletions avm/res/cache/redis/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,8 @@ This module deploys a Redis Cache.
| `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) |
| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) |
| `Microsoft.Cache/redis` | [2024-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Cache/redis) |
| `Microsoft.Cache/redis/accessPolicies` | [2024-04-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Cache/redis/accessPolicies) |
| `Microsoft.Cache/redis/accessPolicyAssignments` | [2024-04-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Cache/redis/accessPolicyAssignments) |
| `Microsoft.Cache/redis/linkedServers` | [2024-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Cache/redis/linkedServers) |
| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) |
| `Microsoft.Network/privateEndpoints` | [2023-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-11-01/privateEndpoints) |
Expand Down Expand Up @@ -118,6 +120,19 @@ module redis 'br/public:avm/res/cache/redis:<version>' = {
// Required parameters
name: 'crentrid001'
// Non-required parameters
accessPolicies: [
{
name: 'Prefixed Contributor'
permissions: '+@read +set ~Az*'
}
]
accessPolicyAssignments: [
{
accessPolicyName: 'Data Contributor'
objectId: '<objectId>'
objectIdAlias: '<objectIdAlias>'
}
]
location: '<location>'
redisConfiguration: {
'aad-enabled': 'true'
Expand All @@ -143,6 +158,23 @@ module redis 'br/public:avm/res/cache/redis:<version>' = {
"value": "crentrid001"
},
// Non-required parameters
"accessPolicies": {
"value": [
{
"name": "Prefixed Contributor",
"permissions": "+@read +set ~Az*"
}
]
},
"accessPolicyAssignments": {
"value": [
{
"accessPolicyName": "Data Contributor",
"objectId": "<objectId>",
"objectIdAlias": "<objectIdAlias>"
}
]
},
"location": {
"value": "<location>"
},
Expand All @@ -168,6 +200,19 @@ using 'br/public:avm/res/cache/redis:<version>'
// Required parameters
param name = 'crentrid001'
// Non-required parameters
param accessPolicies = [
{
name: 'Prefixed Contributor'
permissions: '+@read +set ~Az*'
}
]
param accessPolicyAssignments = [
{
accessPolicyName: 'Data Contributor'
objectId: '<objectId>'
objectIdAlias: '<objectIdAlias>'
}
]
param location = '<location>'
param redisConfiguration = {
'aad-enabled': 'true'
Expand Down Expand Up @@ -992,6 +1037,8 @@ param zones = [

| Parameter | Type | Description |
| :-- | :-- | :-- |
| [`accessPolicies`](#parameter-accesspolicies) | array | Array of access policies to create. |
| [`accessPolicyAssignments`](#parameter-accesspolicyassignments) | array | Array of access policy assignments. |
| [`capacity`](#parameter-capacity) | int | The size of the Redis cache to deploy. Valid values: for C (Basic/Standard) family (0, 1, 2, 3, 4, 5, 6), for P (Premium) family (1, 2, 3, 4). |
| [`diagnosticSettings`](#parameter-diagnosticsettings) | array | The diagnostic settings of the service. |
| [`disableAccessKeyAuthentication`](#parameter-disableaccesskeyauthentication) | bool | Disable authentication via access keys. |
Expand Down Expand Up @@ -1025,6 +1072,72 @@ The name of the Redis cache resource.
- Required: Yes
- Type: string

### Parameter: `accessPolicies`

Array of access policies to create.

- Required: No
- Type: array
- Default: `[]`

**Required parameters**

| Parameter | Type | Description |
| :-- | :-- | :-- |
| [`name`](#parameter-accesspoliciesname) | string | Name of the access policy. |
| [`permissions`](#parameter-accesspoliciespermissions) | string | Permissions associated with the access policy. |

### Parameter: `accessPolicies.name`

Name of the access policy.

- Required: Yes
- Type: string

### Parameter: `accessPolicies.permissions`

Permissions associated with the access policy.

- Required: Yes
- Type: string

### Parameter: `accessPolicyAssignments`

Array of access policy assignments.

- Required: No
- Type: array
- Default: `[]`

**Required parameters**

| Parameter | Type | Description |
| :-- | :-- | :-- |
| [`accessPolicyName`](#parameter-accesspolicyassignmentsaccesspolicyname) | string | Name of the access policy to be assigned. |
| [`objectId`](#parameter-accesspolicyassignmentsobjectid) | string | Object id to which the access policy will be assigned. |
| [`objectIdAlias`](#parameter-accesspolicyassignmentsobjectidalias) | string | Alias for the target object id. |

### Parameter: `accessPolicyAssignments.accessPolicyName`

Name of the access policy to be assigned.

- Required: Yes
- Type: string

### Parameter: `accessPolicyAssignments.objectId`

Object id to which the access policy will be assigned.

- Required: Yes
- Type: string

### Parameter: `accessPolicyAssignments.objectIdAlias`

Alias for the target object id.

- Required: Yes
- Type: string

### Parameter: `capacity`

The size of the Redis cache to deploy. Valid values: for C (Basic/Standard) family (0, 1, 2, 3, 4, 5, 6), for P (Premium) family (1, 2, 3, 4).
Expand Down
47 changes: 47 additions & 0 deletions avm/res/cache/redis/main.bicep
Original file line number Diff line number Diff line change
Expand Up @@ -111,6 +111,12 @@ param diagnosticSettings diagnosticSettingType
@description('Optional. Enable/Disable usage telemetry for module.')
param enableTelemetry bool = true

@description('Optional. Array of access policies to create.')
param accessPolicies accessPolicyType[] = []

@description('Optional. Array of access policy assignments.')
param accessPolicyAssignments accessPolicyAssignmentType[] = []

var availabilityZones = skuName == 'Premium'
? zoneRedundant ? !empty(zones) ? zones : pickZones('Microsoft.Cache', 'redis', location, 3) : []
: []
Expand Down Expand Up @@ -207,6 +213,31 @@ resource redis 'Microsoft.Cache/redis@2024-03-01' = {
zones: availabilityZones
}

resource redis_accessPolicies 'Microsoft.Cache/redis/accessPolicies@2024-04-01-preview' = [
for policy in accessPolicies: {
name: policy.name
parent: redis
properties: {
permissions: policy.permissions
}
}
]

resource redis_accessPolicyAssignments 'Microsoft.Cache/redis/accessPolicyAssignments@2024-04-01-preview' = [
for assignment in accessPolicyAssignments: {
name: assignment.objectId
parent: redis
properties: {
objectId: assignment.objectId
objectIdAlias: assignment.objectIdAlias
accessPolicyName: assignment.accessPolicyName
}
dependsOn: [
redis_accessPolicies
]
}
]

resource redis_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') {
name: lock.?name ?? 'lock-${name}'
properties: {
Expand Down Expand Up @@ -537,3 +568,19 @@ type diagnosticSettingType = {
@description('Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs.')
marketplacePartnerResourceId: string?
}[]?

type accessPolicyType = {
@description('Required. Name of the access policy.')
name: string
@description('Required. Permissions associated with the access policy.')
permissions: string
}

type accessPolicyAssignmentType = {
@description('Required. Object id to which the access policy will be assigned.')
objectId: string
@description('Required. Alias for the target object id.')
objectIdAlias: string
@description('Required. Name of the access policy to be assigned.')
accessPolicyName: string
}
101 changes: 97 additions & 4 deletions avm/res/cache/redis/main.json
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.30.23.60470",
"templateHash": "4783503622444970338"
"version": "0.31.92.45157",
"templateHash": "13329670122964938480"
},
"name": "Redis Cache",
"description": "This module deploys a Redis Cache.",
Expand Down Expand Up @@ -473,6 +473,46 @@
}
},
"nullable": true
},
"accessPolicyType": {
"type": "object",
"properties": {
"name": {
"type": "string",
"metadata": {
"description": "Required. Name of the access policy."
}
},
"permissions": {
"type": "string",
"metadata": {
"description": "Required. Permissions associated with the access policy."
}
}
}
},
"accessPolicyAssignmentType": {
"type": "object",
"properties": {
"objectId": {
"type": "string",
"metadata": {
"description": "Required. Object id to which the access policy will be assigned."
}
},
"objectIdAlias": {
"type": "string",
"metadata": {
"description": "Required. Alias for the target object id."
}
},
"accessPolicyName": {
"type": "string",
"metadata": {
"description": "Required. Name of the access policy to be assigned."
}
}
}
}
},
"parameters": {
Expand Down Expand Up @@ -689,6 +729,26 @@
"metadata": {
"description": "Optional. Enable/Disable usage telemetry for module."
}
},
"accessPolicies": {
"type": "array",
"items": {
"$ref": "#/definitions/accessPolicyType"
},
"defaultValue": [],
"metadata": {
"description": "Optional. Array of access policies to create."
}
},
"accessPolicyAssignments": {
"type": "array",
"items": {
"$ref": "#/definitions/accessPolicyAssignmentType"
},
"defaultValue": [],
"metadata": {
"description": "Optional. Array of access policy assignments."
}
}
},
"variables": {
Expand Down Expand Up @@ -760,6 +820,39 @@
},
"zones": "[variables('availabilityZones')]"
},
"redis_accessPolicies": {
"copy": {
"name": "redis_accessPolicies",
"count": "[length(parameters('accessPolicies'))]"
},
"type": "Microsoft.Cache/redis/accessPolicies",
"apiVersion": "2024-04-01-preview",
"name": "[format('{0}/{1}', parameters('name'), parameters('accessPolicies')[copyIndex()].name)]",
"properties": {
"permissions": "[parameters('accessPolicies')[copyIndex()].permissions]"
},
"dependsOn": [
"redis"
]
},
"redis_accessPolicyAssignments": {
"copy": {
"name": "redis_accessPolicyAssignments",
"count": "[length(parameters('accessPolicyAssignments'))]"
},
"type": "Microsoft.Cache/redis/accessPolicyAssignments",
"apiVersion": "2024-04-01-preview",
"name": "[format('{0}/{1}', parameters('name'), parameters('accessPolicyAssignments')[copyIndex()].objectId)]",
"properties": {
"objectId": "[parameters('accessPolicyAssignments')[copyIndex()].objectId]",
"objectIdAlias": "[parameters('accessPolicyAssignments')[copyIndex()].objectIdAlias]",
"accessPolicyName": "[parameters('accessPolicyAssignments')[copyIndex()].accessPolicyName]"
},
"dependsOn": [
"redis",
"redis_accessPolicies"
]
},
"redis_lock": {
"condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]",
"type": "Microsoft.Authorization/locks",
Expand Down Expand Up @@ -1634,8 +1727,8 @@
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.30.23.60470",
"templateHash": "10405637679168200939"
"version": "0.31.92.45157",
"templateHash": "4764248912015671674"
},
"name": "Redis Cache Linked Servers",
"description": "This module connects a primary and secondary Redis Cache together for geo-replication.",
Expand Down
19 changes: 19 additions & 0 deletions avm/res/cache/redis/tests/e2e/entra-id/dependencies.bicep
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
@description('Optional. The location to deploy resources to.')
param location string = resourceGroup().location

@description('Required. The name of the Managed Identity to be created.')
param managedIdentityName string

resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-07-31-preview' = {
name: managedIdentityName
location: location
}

@description('The resource ID of the created Managed Identity.')
output managedIdentityResourceId string = managedIdentity.id
@description('The client ID of the created Managed Identity.')
output managedIdentityClientId string = managedIdentity.properties.clientId
@description('The principal ID of the created Managed Identity.')
output managedIdentityPrincipalId string = managedIdentity.properties.principalId
@description('The name of the created Managed Identity.')
output managedIdentityName string = managedIdentity.name
Loading

0 comments on commit b462fa9

Please sign in to comment.