fix: WebApp - Updated to latest PE schema (Azure#1794)

## Description - Updated to latest PE schema - Addressed warnings Fixes Azure#1793 ## Pipeline Reference  | Pipeline | | -------- | | [![avm.res.web.site](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.web.site.yml/badge.svg?branch=users%2Falsehr%2F1793_PEUpdate&event=workflow_dispatch)](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.web.site.yml) | ## Type of Change  - [ ] Update to CI Environment or utlities (Non-module effecting changes) - [ ] Azure Verified Module updates: - [x] Bugfix containing backwards compatible bug fixes, and I have NOT bumped the MAJOR or MINOR version in `version.json`: - [ ] Someone has opened a bug report issue, and I have included "Closes #{bug_report_issue_number}" in the PR description. - [ ] The bug was found by the module author, and no one has opened an issue to report it yet. - [ ] Feature update backwards compatible feature updates, and I have bumped the MINOR version in `version.json`. - [ ] Breaking changes and I have bumped the MAJOR version in `version.json`. - [ ] Update to documentation
elanzel · May 3, 2024 · 697ea31 · 697ea31
1 parent 2e753f7
commit 697ea31
Show file tree

Hide file tree

Showing 16 changed files with 178 additions and 85 deletions.
diff --git a/avm/res/web/site/README.md b/avm/res/web/site/README.md
@@ -2125,6 +2125,8 @@ Configuration details for private endpoints. For security reasons, it is recomme
 | [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. |
 | [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. |
 | [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. |
+| [`privateLinkServiceConnectionName`](#parameter-privateendpointsprivatelinkserviceconnectionname) | string | The name of the private link connection to create. |
+| [`resourceGroupName`](#parameter-privateendpointsresourcegroupname) | string | Specify if you want to deploy the Private Endpoint into a different resource group than the main resource. |
 | [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. |
 | [`service`](#parameter-privateendpointsservice) | string | The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory". |
 | [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. |
@@ -2320,6 +2322,20 @@ The private DNS zone groups to associate the private endpoint with. A DNS zone g
 - Required: No
 - Type: array
 
+### Parameter: `privateEndpoints.privateLinkServiceConnectionName`
+
+The name of the private link connection to create.
+
+- Required: No
+- Type: string
+
+### Parameter: `privateEndpoints.resourceGroupName`
+
+Specify if you want to deploy the Private Endpoint into a different resource group than the main resource.
+
+- Required: No
+- Type: string
+
 ### Parameter: `privateEndpoints.roleAssignments`
 
 Array of role assignments to create.
@@ -2654,7 +2670,7 @@ This section gives you an overview of all local-referenced module files (i.e., o
 
 | Reference | Type |
 | :-- | :-- |
-| `br/public:avm/res/network/private-endpoint:0.4.0` | Remote reference |
+| `br/public:avm/res/network/private-endpoint:0.4.1` | Remote reference |
 
 ## Notes
 

diff --git a/avm/res/web/site/basic-publishing-credentials-policy/main.bicep b/avm/res/web/site/basic-publishing-credentials-policy/main.bicep
@@ -2,17 +2,17 @@ metadata name = 'Web Site Basic Publishing Credentials Policies'
 metadata description = 'This module deploys a Web Site Basic Publishing Credentials Policy.'
 metadata owner = 'Azure/module-maintainers'
 
-@sys.description('Required. The name of the resource.')
+@description('Required. The name of the resource.')
 @allowed([
   'scm'
   'ftp'
 ])
 param name string
 
-@sys.description('Optional. Set to true to enable or false to disable a publishing method.')
+@description('Optional. Set to true to enable or false to disable a publishing method.')
 param allow bool = true
 
-@sys.description('Conditional. The name of the parent web site. Required if the template is used in a standalone deployment.')
+@description('Conditional. The name of the parent web site. Required if the template is used in a standalone deployment.')
 param webAppName string
 
 @description('Optional. Location for all Resources.')
@@ -23,6 +23,7 @@ resource webApp 'Microsoft.Web/sites@2022-09-01' existing = {
 }
 
 resource basicPublishingCredentialsPolicy 'Microsoft.Web/sites/basicPublishingCredentialsPolicies@2022-09-01' = {
+  #disable-next-line BCP225 // False-positive. Value is required.
   name: name
   location: location
   parent: webApp
@@ -31,14 +32,14 @@ resource basicPublishingCredentialsPolicy 'Microsoft.Web/sites/basicPublishingCr
   }
 }
 
-@sys.description('The name of the basic publishing credential policy.')
+@description('The name of the basic publishing credential policy.')
 output name string = basicPublishingCredentialsPolicy.name
 
-@sys.description('The resource ID of the basic publishing credential policy.')
+@description('The resource ID of the basic publishing credential policy.')
 output resourceId string = basicPublishingCredentialsPolicy.id
 
-@sys.description('The name of the resource group the basic publishing credential policy was deployed into.')
+@description('The name of the resource group the basic publishing credential policy was deployed into.')
 output resourceGroupName string = resourceGroup().name
 
-@sys.description('The location the resource was deployed into.')
+@description('The location the resource was deployed into.')
 output location string = basicPublishingCredentialsPolicy.location
diff --git a/avm/res/web/site/basic-publishing-credentials-policy/main.json b/avm/res/web/site/basic-publishing-credentials-policy/main.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.26.54.24096",
-      "templateHash": "12379291046700283915"
+      "version": "0.26.170.59819",
+      "templateHash": "1590652329081458395"
     },
     "name": "Web Site Basic Publishing Credentials Policies",
     "description": "This module deploys a Web Site Basic Publishing Credentials Policy.",

diff --git a/avm/res/web/site/config--appsettings/main.json b/avm/res/web/site/config--appsettings/main.json
@@ -5,8 +5,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.26.54.24096",
-      "templateHash": "18064037455551234601"
+      "version": "0.26.170.59819",
+      "templateHash": "12051629915105082529"
     },
     "name": "Site App Settings",
     "description": "This module deploys a Site App Setting.",

diff --git a/avm/res/web/site/config--authsettingsv2/main.json b/avm/res/web/site/config--authsettingsv2/main.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.26.54.24096",
-      "templateHash": "9660352953607316036"
+      "version": "0.26.170.59819",
+      "templateHash": "14303407385986258247"
     },
     "name": "Site Auth Settings V2 Config",
     "description": "This module deploys a Site Auth Settings V2 Configuration.",

diff --git a/avm/res/web/site/hybrid-connection-namespace/relay/main.json b/avm/res/web/site/hybrid-connection-namespace/relay/main.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.26.54.24096",
-      "templateHash": "12607693486765150465"
+      "version": "0.26.170.59819",
+      "templateHash": "15287918657229788223"
     },
     "name": "Web/Function Apps Hybrid Connection Relay",
     "description": "This module deploys a Site Hybrid Connection Namespace Relay.",

diff --git a/avm/res/web/site/main.bicep b/avm/res/web/site/main.bicep
@@ -168,7 +168,7 @@ var formattedUserAssignedIdentities = reduce(
 var identity = !empty(managedIdentities)
   ? {
       type: (managedIdentities.?systemAssigned ?? false)
-        ? (!empty(managedIdentities.?userAssignedResourceIds ?? {}) ? 'SystemAssigned,UserAssigned' : 'SystemAssigned')
+        ? (!empty(managedIdentities.?userAssignedResourceIds ?? {}) ? 'SystemAssigned, UserAssigned' : 'SystemAssigned')
         : (!empty(managedIdentities.?userAssignedResourceIds ?? {}) ? 'UserAssigned' : 'None')
       userAssignedIdentities: !empty(formattedUserAssignedIdentities) ? formattedUserAssignedIdentities : null
     }
@@ -418,12 +418,13 @@ resource app_roleAssignments 'Microsoft.Authorization/roleAssignments@2022-04-01
   }
 ]
 
-module app_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' = [
+module app_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.1' = [
   for (privateEndpoint, index) in (privateEndpoints ?? []): {
-    name: '${uniqueString(deployment().name, location)}-App-PrivateEndpoint-${index}'
+    name: '${uniqueString(deployment().name, location)}-app-PrivateEndpoint-${index}'
+    scope: resourceGroup(privateEndpoint.?resourceGroupName ?? '')
     params: {
       name: privateEndpoint.?name ?? 'pep-${last(split(app.id, '/'))}-${privateEndpoint.?service ?? 'sites'}-${index}'
-      privateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections != true
+      privateLinkServiceConnections: privateEndpoint.?isManualConnection != true
         ? [
             {
               name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(app.id, '/'))}-${privateEndpoint.?service ?? 'sites'}-${index}'
@@ -436,7 +437,7 @@ module app_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.4.0' =
             }
           ]
         : null
-      manualPrivateLinkServiceConnections: privateEndpoint.?manualPrivateLinkServiceConnections == true
+      manualPrivateLinkServiceConnections: privateEndpoint.?isManualConnection == true
         ? [
             {
               name: privateEndpoint.?privateLinkServiceConnectionName ?? '${last(split(app.id, '/'))}-${privateEndpoint.?service ?? 'sites'}-${index}'
@@ -549,6 +550,9 @@ type privateEndpointType = {
   @description('Optional. The location to deploy the private endpoint to.')
   location: string?
 
+  @description('Optional. The name of the private link connection to create.')
+  privateLinkServiceConnectionName: string?
+
   @description('Optional. The subresource to deploy the private endpoint for. For example "vault", "mysqlServer" or "dataFactory".')
   service: string?
 
@@ -612,6 +616,9 @@ type privateEndpointType = {
 
   @description('Optional. Enable/Disable usage telemetry for module.')
   enableTelemetry: bool?
+
+  @description('Optional. Specify if you want to deploy the Private Endpoint into a different resource group than the main resource.')
+  resourceGroupName: string?
 }[]?
 
 type diagnosticSettingType = {