From 72199cdb21fc9f54f1276606b70de2be3090a1bf Mon Sep 17 00:00:00 2001 From: Anders Eide Date: Thu, 14 Nov 2024 15:24:57 +0100 Subject: [PATCH] feat: Added types to `avm/res/cdn/profile` module (#3728) ## Description ## Pipeline Reference | Pipeline | | -------- | | [![avm.res.cdn.profile](https://github.com/anderseide/avm-bicep-registry-modules/actions/workflows/avm.res.cdn.profile.yml/badge.svg?branch=types-avm-res-cdn-profile)](https://github.com/anderseide/avm-bicep-registry-modules/actions/workflows/avm.res.cdn.profile.yml) | ## Type of Change - [ ] Update to CI Environment or utilities (Non-module affecting changes) - [X] Azure Verified Module updates: - [ ] Bugfix containing backwards-compatible bug fixes, and I have NOT bumped the MAJOR or MINOR version in `version.json`: - [ ] Someone has opened a bug report issue, and I have included "Closes #{bug_report_issue_number}" in the PR description. - [ ] The bug was found by the module author, and no one has opened an issue to report it yet. - [X] Feature update backwards compatible feature updates, and I have bumped the MINOR version in `version.json`. - [ ] Breaking changes and I have bumped the MAJOR version in `version.json`. - [X] Update to documentation ## Checklist - [X] I'm sure there are no other open Pull Requests for the same update/change - [X] I have run `Set-AVMModule` locally to generate the supporting module files. - [X] My corresponding pipelines / checks run clean and green without any errors or warnings --- avm/res/cdn/profile/README.md | 681 +++++++ avm/res/cdn/profile/afdEndpoint/README.md | 199 ++ avm/res/cdn/profile/afdEndpoint/main.bicep | 26 +- avm/res/cdn/profile/afdEndpoint/main.json | 430 ++++- .../cdn/profile/afdEndpoint/route/main.bicep | 63 + .../cdn/profile/afdEndpoint/route/main.json | 191 +- avm/res/cdn/profile/customdomain/README.md | 1 + avm/res/cdn/profile/customdomain/main.bicep | 38 +- avm/res/cdn/profile/customdomain/main.json | 97 +- avm/res/cdn/profile/endpoint/main.json | 26 +- avm/res/cdn/profile/endpoint/origin/main.json | 14 +- avm/res/cdn/profile/main.bicep | 18 +- avm/res/cdn/profile/main.json | 1719 ++++++++++++++++- avm/res/cdn/profile/origingroup/main.bicep | 53 + avm/res/cdn/profile/origingroup/main.json | 315 ++- .../cdn/profile/origingroup/origin/main.bicep | 37 + .../cdn/profile/origingroup/origin/main.json | 96 +- avm/res/cdn/profile/ruleset/main.bicep | 13 +- avm/res/cdn/profile/ruleset/main.json | 146 +- avm/res/cdn/profile/ruleset/rule/main.bicep | 18 + avm/res/cdn/profile/ruleset/rule/main.json | 61 +- avm/res/cdn/profile/secret/main.json | 4 +- .../cdn/profile/securityPolicies/main.json | 9 +- avm/res/cdn/profile/version.json | 4 +- 24 files changed, 4002 insertions(+), 257 deletions(-) diff --git a/avm/res/cdn/profile/README.md b/avm/res/cdn/profile/README.md index cdbbe70b4d..1a43a43d99 100644 --- a/avm/res/cdn/profile/README.md +++ b/avm/res/cdn/profile/README.md @@ -1211,6 +1211,250 @@ Array of origin group objects. Required if the afdEndpoints is specified. - Type: array - Default: `[]` +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`loadBalancingSettings`](#parameter-origingroupsloadbalancingsettings) | object | Load balancing settings for a backend pool. | +| [`name`](#parameter-origingroupsname) | string | The name of the origin group. | +| [`origins`](#parameter-origingroupsorigins) | array | The list of origins within the origin group. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`healthProbeSettings`](#parameter-origingroupshealthprobesettings) | object | Health probe settings to the origin that is used to determine the health of the origin. | +| [`sessionAffinityState`](#parameter-origingroupssessionaffinitystate) | string | Whether to allow session affinity on this host. | +| [`trafficRestorationTimeToHealedOrNewEndpointsInMinutes`](#parameter-origingroupstrafficrestorationtimetohealedornewendpointsinminutes) | int | Time in minutes to shift the traffic to the endpoint gradually when an unhealthy endpoint comes healthy or a new endpoint is added. Default is 10 mins. | + +### Parameter: `originGroups.loadBalancingSettings` + +Load balancing settings for a backend pool. + +- Required: Yes +- Type: object + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`additionalLatencyInMilliseconds`](#parameter-origingroupsloadbalancingsettingsadditionallatencyinmilliseconds) | int | Additional latency in milliseconds for probes to the backend. Must be between 0 and 1000. | +| [`sampleSize`](#parameter-origingroupsloadbalancingsettingssamplesize) | int | Number of samples to consider for load balancing decisions. | +| [`successfulSamplesRequired`](#parameter-origingroupsloadbalancingsettingssuccessfulsamplesrequired) | int | Number of samples within the sample window that must be successful to mark the backend as healthy. | + +### Parameter: `originGroups.loadBalancingSettings.additionalLatencyInMilliseconds` + +Additional latency in milliseconds for probes to the backend. Must be between 0 and 1000. + +- Required: Yes +- Type: int + +### Parameter: `originGroups.loadBalancingSettings.sampleSize` + +Number of samples to consider for load balancing decisions. + +- Required: Yes +- Type: int + +### Parameter: `originGroups.loadBalancingSettings.successfulSamplesRequired` + +Number of samples within the sample window that must be successful to mark the backend as healthy. + +- Required: Yes +- Type: int + +### Parameter: `originGroups.name` + +The name of the origin group. + +- Required: Yes +- Type: string + +### Parameter: `originGroups.origins` + +The list of origins within the origin group. + +- Required: Yes +- Type: array + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`hostName`](#parameter-origingroupsoriginshostname) | string | The address of the origin. Domain names, IPv4 addresses, and IPv6 addresses are supported.This should be unique across all origins in an endpoint. | +| [`name`](#parameter-origingroupsoriginsname) | string | The name of the origion. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enabledState`](#parameter-origingroupsoriginsenabledstate) | string | Whether to enable health probes to be made against backends defined under backendPools. Health probes can only be disabled if there is a single enabled backend in single enabled backend pool. | +| [`enforceCertificateNameCheck`](#parameter-origingroupsoriginsenforcecertificatenamecheck) | bool | Whether to enable certificate name check at origin level. | +| [`httpPort`](#parameter-origingroupsoriginshttpport) | int | The value of the HTTP port. Must be between 1 and 65535. | +| [`httpsPort`](#parameter-origingroupsoriginshttpsport) | int | The value of the HTTPS port. Must be between 1 and 65535. | +| [`originHostHeader`](#parameter-origingroupsoriginsoriginhostheader) | string | The host header value sent to the origin with each request. If you leave this blank, the request hostname determines this value. Azure Front Door origins, such as Web Apps, Blob Storage, and Cloud Services require this host header value to match the origin hostname by default. This overrides the host header defined at Endpoint. | +| [`priority`](#parameter-origingroupsoriginspriority) | int | Priority of origin in given origin group for load balancing. Higher priorities will not be used for load balancing if any lower priority origin is healthy.Must be between 1 and 5. | +| [`sharedPrivateLinkResource`](#parameter-origingroupsoriginssharedprivatelinkresource) | object | The properties of the private link resource for private origin. | +| [`weight`](#parameter-origingroupsoriginsweight) | int | Weight of the origin in given origin group for load balancing. Must be between 1 and 1000. | + +### Parameter: `originGroups.origins.hostName` + +The address of the origin. Domain names, IPv4 addresses, and IPv6 addresses are supported.This should be unique across all origins in an endpoint. + +- Required: Yes +- Type: string + +### Parameter: `originGroups.origins.name` + +The name of the origion. + +- Required: Yes +- Type: string + +### Parameter: `originGroups.origins.enabledState` + +Whether to enable health probes to be made against backends defined under backendPools. Health probes can only be disabled if there is a single enabled backend in single enabled backend pool. + +- Required: No +- Type: string +- Allowed: + ```Bicep + [ + 'Disabled' + 'Enabled' + ] + ``` + +### Parameter: `originGroups.origins.enforceCertificateNameCheck` + +Whether to enable certificate name check at origin level. + +- Required: No +- Type: bool + +### Parameter: `originGroups.origins.httpPort` + +The value of the HTTP port. Must be between 1 and 65535. + +- Required: No +- Type: int + +### Parameter: `originGroups.origins.httpsPort` + +The value of the HTTPS port. Must be between 1 and 65535. + +- Required: No +- Type: int + +### Parameter: `originGroups.origins.originHostHeader` + +The host header value sent to the origin with each request. If you leave this blank, the request hostname determines this value. Azure Front Door origins, such as Web Apps, Blob Storage, and Cloud Services require this host header value to match the origin hostname by default. This overrides the host header defined at Endpoint. + +- Required: No +- Type: string + +### Parameter: `originGroups.origins.priority` + +Priority of origin in given origin group for load balancing. Higher priorities will not be used for load balancing if any lower priority origin is healthy.Must be between 1 and 5. + +- Required: No +- Type: int + +### Parameter: `originGroups.origins.sharedPrivateLinkResource` + +The properties of the private link resource for private origin. + +- Required: No +- Type: object + +### Parameter: `originGroups.origins.weight` + +Weight of the origin in given origin group for load balancing. Must be between 1 and 1000. + +- Required: No +- Type: int + +### Parameter: `originGroups.healthProbeSettings` + +Health probe settings to the origin that is used to determine the health of the origin. + +- Required: No +- Type: object + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`probeIntervalInSeconds`](#parameter-origingroupshealthprobesettingsprobeintervalinseconds) | int | The number of seconds between health probes.Default is 240sec. | +| [`probePath`](#parameter-origingroupshealthprobesettingsprobepath) | string | The path relative to the origin that is used to determine the health of the origin. | +| [`probeProtocol`](#parameter-origingroupshealthprobesettingsprobeprotocol) | string | Protocol to use for health probe. | +| [`probeRequestType`](#parameter-origingroupshealthprobesettingsproberequesttype) | string | The request type to probe. | + +### Parameter: `originGroups.healthProbeSettings.probeIntervalInSeconds` + +The number of seconds between health probes.Default is 240sec. + +- Required: No +- Type: int + +### Parameter: `originGroups.healthProbeSettings.probePath` + +The path relative to the origin that is used to determine the health of the origin. + +- Required: No +- Type: string + +### Parameter: `originGroups.healthProbeSettings.probeProtocol` + +Protocol to use for health probe. + +- Required: No +- Type: string +- Allowed: + ```Bicep + [ + 'Http' + 'Https' + 'NotSet' + ] + ``` + +### Parameter: `originGroups.healthProbeSettings.probeRequestType` + +The request type to probe. + +- Required: No +- Type: string +- Allowed: + ```Bicep + [ + 'GET' + 'HEAD' + 'NotSet' + ] + ``` + +### Parameter: `originGroups.sessionAffinityState` + +Whether to allow session affinity on this host. + +- Required: No +- Type: string +- Allowed: + ```Bicep + [ + 'Disabled' + 'Enabled' + ] + ``` + +### Parameter: `originGroups.trafficRestorationTimeToHealedOrNewEndpointsInMinutes` + +Time in minutes to shift the traffic to the endpoint gradually when an unhealthy endpoint comes healthy or a new endpoint is added. Default is 10 mins. + +- Required: No +- Type: int + ### Parameter: `afdEndpoints` Array of AFD endpoint objects. @@ -1219,6 +1463,271 @@ Array of AFD endpoint objects. - Type: array - Default: `[]` +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-afdendpointsname) | string | The name of the AFD Endpoint. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`autoGeneratedDomainNameLabelScope`](#parameter-afdendpointsautogenerateddomainnamelabelscope) | string | The scope of the auto-generated domain name label. | +| [`enabledState`](#parameter-afdendpointsenabledstate) | string | The state of the AFD Endpoint. | +| [`routes`](#parameter-afdendpointsroutes) | array | The list of routes for this AFD Endpoint. | +| [`tags`](#parameter-afdendpointstags) | object | The tags for the AFD Endpoint. | + +### Parameter: `afdEndpoints.name` + +The name of the AFD Endpoint. + +- Required: Yes +- Type: string + +### Parameter: `afdEndpoints.autoGeneratedDomainNameLabelScope` + +The scope of the auto-generated domain name label. + +- Required: No +- Type: string +- Allowed: + ```Bicep + [ + 'NoReuse' + 'ResourceGroupReuse' + 'SubscriptionReuse' + 'TenantReuse' + ] + ``` + +### Parameter: `afdEndpoints.enabledState` + +The state of the AFD Endpoint. + +- Required: No +- Type: string +- Allowed: + ```Bicep + [ + 'Disabled' + 'Enabled' + ] + ``` + +### Parameter: `afdEndpoints.routes` + +The list of routes for this AFD Endpoint. + +- Required: No +- Type: array + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-afdendpointsroutesname) | string | The name of the route. | +| [`originGroupName`](#parameter-afdendpointsroutesorigingroupname) | string | The name of the origin group. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`cacheConfiguration`](#parameter-afdendpointsroutescacheconfiguration) | object | The caching configuration for this route. To disable caching, do not provide a cacheConfiguration object. | +| [`customDomainNames`](#parameter-afdendpointsroutescustomdomainnames) | array | The names of the custom domains. | +| [`enabledState`](#parameter-afdendpointsroutesenabledstate) | string | Whether to enable use of this rule. | +| [`forwardingProtocol`](#parameter-afdendpointsroutesforwardingprotocol) | string | The protocol this rule will use when forwarding traffic to backends. | +| [`httpsRedirect`](#parameter-afdendpointsrouteshttpsredirect) | string | Whether to automatically redirect HTTP traffic to HTTPS traffic. | +| [`linkToDefaultDomain`](#parameter-afdendpointsrouteslinktodefaultdomain) | string | Whether this route will be linked to the default endpoint domain. | +| [`originPath`](#parameter-afdendpointsroutesoriginpath) | string | A directory path on the origin that AzureFrontDoor can use to retrieve content from, e.g. contoso.cloudapp.net/originpath. | +| [`patternsToMatch`](#parameter-afdendpointsroutespatternstomatch) | array | The route patterns of the rule. | +| [`ruleSets`](#parameter-afdendpointsroutesrulesets) | array | The rule sets of the rule. | +| [`supportedProtocols`](#parameter-afdendpointsroutessupportedprotocols) | array | The supported protocols of the rule. | + +### Parameter: `afdEndpoints.routes.name` + +The name of the route. + +- Required: Yes +- Type: string + +### Parameter: `afdEndpoints.routes.originGroupName` + +The name of the origin group. + +- Required: Yes +- Type: string + +### Parameter: `afdEndpoints.routes.cacheConfiguration` + +The caching configuration for this route. To disable caching, do not provide a cacheConfiguration object. + +- Required: No +- Type: object + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`compressionSettings`](#parameter-afdendpointsroutescacheconfigurationcompressionsettings) | object | Compression settings. | +| [`queryParameters`](#parameter-afdendpointsroutescacheconfigurationqueryparameters) | string | Query parameters to include or exclude (comma separated). | +| [`queryStringCachingBehavior`](#parameter-afdendpointsroutescacheconfigurationquerystringcachingbehavior) | string | Defines how Frontdoor caches requests that include query strings. | + +### Parameter: `afdEndpoints.routes.cacheConfiguration.compressionSettings` + +Compression settings. + +- Required: Yes +- Type: object + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`contentTypesToCompress`](#parameter-afdendpointsroutescacheconfigurationcompressionsettingscontenttypestocompress) | array | List of content types on which compression applies. The value should be a valid MIME type. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`iscontentTypeToCompressAll`](#parameter-afdendpointsroutescacheconfigurationcompressionsettingsiscontenttypetocompressall) | bool | Indicates whether content compression is enabled on AzureFrontDoor. Default value is false. If compression is enabled, content will be served as compressed if user requests for a compressed version. Content won't be compressed on AzureFrontDoor when requested content is smaller than 1 byte or larger than 1 MB. | + +### Parameter: `afdEndpoints.routes.cacheConfiguration.compressionSettings.contentTypesToCompress` + +List of content types on which compression applies. The value should be a valid MIME type. + +- Required: Yes +- Type: array + +### Parameter: `afdEndpoints.routes.cacheConfiguration.compressionSettings.iscontentTypeToCompressAll` + +Indicates whether content compression is enabled on AzureFrontDoor. Default value is false. If compression is enabled, content will be served as compressed if user requests for a compressed version. Content won't be compressed on AzureFrontDoor when requested content is smaller than 1 byte or larger than 1 MB. + +- Required: No +- Type: bool + +### Parameter: `afdEndpoints.routes.cacheConfiguration.queryParameters` + +Query parameters to include or exclude (comma separated). + +- Required: Yes +- Type: string + +### Parameter: `afdEndpoints.routes.cacheConfiguration.queryStringCachingBehavior` + +Defines how Frontdoor caches requests that include query strings. + +- Required: Yes +- Type: string +- Allowed: + ```Bicep + [ + 'IgnoreQueryString' + 'IgnoreSpecifiedQueryStrings' + 'IncludeSpecifiedQueryStrings' + 'UseQueryString' + ] + ``` + +### Parameter: `afdEndpoints.routes.customDomainNames` + +The names of the custom domains. + +- Required: No +- Type: array + +### Parameter: `afdEndpoints.routes.enabledState` + +Whether to enable use of this rule. + +- Required: No +- Type: string +- Allowed: + ```Bicep + [ + 'Disabled' + 'Enabled' + ] + ``` + +### Parameter: `afdEndpoints.routes.forwardingProtocol` + +The protocol this rule will use when forwarding traffic to backends. + +- Required: No +- Type: string +- Allowed: + ```Bicep + [ + 'HttpOnly' + 'HttpsOnly' + 'MatchRequest' + ] + ``` + +### Parameter: `afdEndpoints.routes.httpsRedirect` + +Whether to automatically redirect HTTP traffic to HTTPS traffic. + +- Required: No +- Type: string +- Allowed: + ```Bicep + [ + 'Disabled' + 'Enabled' + ] + ``` + +### Parameter: `afdEndpoints.routes.linkToDefaultDomain` + +Whether this route will be linked to the default endpoint domain. + +- Required: No +- Type: string +- Allowed: + ```Bicep + [ + 'Disabled' + 'Enabled' + ] + ``` + +### Parameter: `afdEndpoints.routes.originPath` + +A directory path on the origin that AzureFrontDoor can use to retrieve content from, e.g. contoso.cloudapp.net/originpath. + +- Required: No +- Type: string + +### Parameter: `afdEndpoints.routes.patternsToMatch` + +The route patterns of the rule. + +- Required: No +- Type: array + +### Parameter: `afdEndpoints.routes.ruleSets` + +The rule sets of the rule. + +- Required: No +- Type: array + +### Parameter: `afdEndpoints.routes.supportedProtocols` + +The supported protocols of the rule. + +- Required: No +- Type: array + +### Parameter: `afdEndpoints.tags` + +The tags for the AFD Endpoint. + +- Required: No +- Type: object + ### Parameter: `customDomains` Array of custom domain objects. @@ -1227,6 +1736,95 @@ Array of custom domain objects. - Type: array - Default: `[]` +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`certificateType`](#parameter-customdomainscertificatetype) | string | The type of the certificate. | +| [`hostName`](#parameter-customdomainshostname) | string | The host name of the custom domain. | +| [`name`](#parameter-customdomainsname) | string | The name of the custom domain. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`azureDnsZoneResourceId`](#parameter-customdomainsazurednszoneresourceid) | string | The resource ID of the Azure DNS zone. | +| [`extendedProperties`](#parameter-customdomainsextendedproperties) | object | Extended properties. | +| [`minimumTlsVersion`](#parameter-customdomainsminimumtlsversion) | string | The minimum TLS version. | +| [`preValidatedCustomDomainResourceId`](#parameter-customdomainsprevalidatedcustomdomainresourceid) | string | The resource ID of the pre-validated custom domain. | +| [`secretName`](#parameter-customdomainssecretname) | string | The name of the secret. | + +### Parameter: `customDomains.certificateType` + +The type of the certificate. + +- Required: Yes +- Type: string +- Allowed: + ```Bicep + [ + 'AzureFirstPartyManagedCertificate' + 'CustomerCertificate' + 'ManagedCertificate' + ] + ``` + +### Parameter: `customDomains.hostName` + +The host name of the custom domain. + +- Required: Yes +- Type: string + +### Parameter: `customDomains.name` + +The name of the custom domain. + +- Required: Yes +- Type: string + +### Parameter: `customDomains.azureDnsZoneResourceId` + +The resource ID of the Azure DNS zone. + +- Required: No +- Type: string + +### Parameter: `customDomains.extendedProperties` + +Extended properties. + +- Required: No +- Type: object + +### Parameter: `customDomains.minimumTlsVersion` + +The minimum TLS version. + +- Required: No +- Type: string +- Allowed: + ```Bicep + [ + 'TLS10' + 'TLS12' + ] + ``` + +### Parameter: `customDomains.preValidatedCustomDomainResourceId` + +The resource ID of the pre-validated custom domain. + +- Required: No +- Type: string + +### Parameter: `customDomains.secretName` + +The name of the secret. + +- Required: No +- Type: string + ### Parameter: `enableTelemetry` Enable/Disable usage telemetry for module. @@ -1444,6 +2042,89 @@ Array of rule set objects. - Type: array - Default: `[]` +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-rulesetsname) | string | Name of the rule set. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`rules`](#parameter-rulesetsrules) | array | Array of rules. | + +### Parameter: `ruleSets.name` + +Name of the rule set. + +- Required: Yes +- Type: string + +### Parameter: `ruleSets.rules` + +Array of rules. + +- Required: No +- Type: array + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-rulesetsrulesname) | string | The name of the rule. | +| [`order`](#parameter-rulesetsrulesorder) | int | The order in which the rules are applied for the endpoint. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`actions`](#parameter-rulesetsrulesactions) | array | A list of actions that are executed when all the conditions of a rule are satisfied.. | +| [`conditions`](#parameter-rulesetsrulesconditions) | array | A list of conditions that must be matched for the actions to be executed. | +| [`matchProcessingBehavior`](#parameter-rulesetsrulesmatchprocessingbehavior) | string | If this rule is a match should the rules engine continue running the remaining rules or stop. If not present, defaults to Continue. | + +### Parameter: `ruleSets.rules.name` + +The name of the rule. + +- Required: Yes +- Type: string + +### Parameter: `ruleSets.rules.order` + +The order in which the rules are applied for the endpoint. + +- Required: Yes +- Type: int + +### Parameter: `ruleSets.rules.actions` + +A list of actions that are executed when all the conditions of a rule are satisfied.. + +- Required: No +- Type: array + +### Parameter: `ruleSets.rules.conditions` + +A list of conditions that must be matched for the actions to be executed. + +- Required: No +- Type: array + +### Parameter: `ruleSets.rules.matchProcessingBehavior` + +If this rule is a match should the rules engine continue running the remaining rules or stop. If not present, defaults to Continue. + +- Required: No +- Type: string +- Allowed: + ```Bicep + [ + 'Continue' + 'Stop' + ] + ``` + ### Parameter: `secrets` Array of secret objects. diff --git a/avm/res/cdn/profile/afdEndpoint/README.md b/avm/res/cdn/profile/afdEndpoint/README.md index 910c0df19c..49f50fa42a 100644 --- a/avm/res/cdn/profile/afdEndpoint/README.md +++ b/avm/res/cdn/profile/afdEndpoint/README.md @@ -100,6 +100,205 @@ The list of routes for this AFD Endpoint. - Required: No - Type: array +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-routesname) | string | The name of the route. | +| [`originGroupName`](#parameter-routesorigingroupname) | string | The name of the origin group. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`cacheConfiguration`](#parameter-routescacheconfiguration) | object | The caching configuration for this route. To disable caching, do not provide a cacheConfiguration object. | +| [`customDomainNames`](#parameter-routescustomdomainnames) | array | The names of the custom domains. | +| [`enabledState`](#parameter-routesenabledstate) | string | Whether to enable use of this rule. | +| [`forwardingProtocol`](#parameter-routesforwardingprotocol) | string | The protocol this rule will use when forwarding traffic to backends. | +| [`httpsRedirect`](#parameter-routeshttpsredirect) | string | Whether to automatically redirect HTTP traffic to HTTPS traffic. | +| [`linkToDefaultDomain`](#parameter-routeslinktodefaultdomain) | string | Whether this route will be linked to the default endpoint domain. | +| [`originPath`](#parameter-routesoriginpath) | string | A directory path on the origin that AzureFrontDoor can use to retrieve content from, e.g. contoso.cloudapp.net/originpath. | +| [`patternsToMatch`](#parameter-routespatternstomatch) | array | The route patterns of the rule. | +| [`ruleSets`](#parameter-routesrulesets) | array | The rule sets of the rule. | +| [`supportedProtocols`](#parameter-routessupportedprotocols) | array | The supported protocols of the rule. | + +### Parameter: `routes.name` + +The name of the route. + +- Required: Yes +- Type: string + +### Parameter: `routes.originGroupName` + +The name of the origin group. + +- Required: Yes +- Type: string + +### Parameter: `routes.cacheConfiguration` + +The caching configuration for this route. To disable caching, do not provide a cacheConfiguration object. + +- Required: No +- Type: object + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`compressionSettings`](#parameter-routescacheconfigurationcompressionsettings) | object | Compression settings. | +| [`queryParameters`](#parameter-routescacheconfigurationqueryparameters) | string | Query parameters to include or exclude (comma separated). | +| [`queryStringCachingBehavior`](#parameter-routescacheconfigurationquerystringcachingbehavior) | string | Defines how Frontdoor caches requests that include query strings. | + +### Parameter: `routes.cacheConfiguration.compressionSettings` + +Compression settings. + +- Required: Yes +- Type: object + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`contentTypesToCompress`](#parameter-routescacheconfigurationcompressionsettingscontenttypestocompress) | array | List of content types on which compression applies. The value should be a valid MIME type. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`iscontentTypeToCompressAll`](#parameter-routescacheconfigurationcompressionsettingsiscontenttypetocompressall) | bool | Indicates whether content compression is enabled on AzureFrontDoor. Default value is false. If compression is enabled, content will be served as compressed if user requests for a compressed version. Content won't be compressed on AzureFrontDoor when requested content is smaller than 1 byte or larger than 1 MB. | + +### Parameter: `routes.cacheConfiguration.compressionSettings.contentTypesToCompress` + +List of content types on which compression applies. The value should be a valid MIME type. + +- Required: Yes +- Type: array + +### Parameter: `routes.cacheConfiguration.compressionSettings.iscontentTypeToCompressAll` + +Indicates whether content compression is enabled on AzureFrontDoor. Default value is false. If compression is enabled, content will be served as compressed if user requests for a compressed version. Content won't be compressed on AzureFrontDoor when requested content is smaller than 1 byte or larger than 1 MB. + +- Required: No +- Type: bool + +### Parameter: `routes.cacheConfiguration.queryParameters` + +Query parameters to include or exclude (comma separated). + +- Required: Yes +- Type: string + +### Parameter: `routes.cacheConfiguration.queryStringCachingBehavior` + +Defines how Frontdoor caches requests that include query strings. + +- Required: Yes +- Type: string +- Allowed: + ```Bicep + [ + 'IgnoreQueryString' + 'IgnoreSpecifiedQueryStrings' + 'IncludeSpecifiedQueryStrings' + 'UseQueryString' + ] + ``` + +### Parameter: `routes.customDomainNames` + +The names of the custom domains. + +- Required: No +- Type: array + +### Parameter: `routes.enabledState` + +Whether to enable use of this rule. + +- Required: No +- Type: string +- Allowed: + ```Bicep + [ + 'Disabled' + 'Enabled' + ] + ``` + +### Parameter: `routes.forwardingProtocol` + +The protocol this rule will use when forwarding traffic to backends. + +- Required: No +- Type: string +- Allowed: + ```Bicep + [ + 'HttpOnly' + 'HttpsOnly' + 'MatchRequest' + ] + ``` + +### Parameter: `routes.httpsRedirect` + +Whether to automatically redirect HTTP traffic to HTTPS traffic. + +- Required: No +- Type: string +- Allowed: + ```Bicep + [ + 'Disabled' + 'Enabled' + ] + ``` + +### Parameter: `routes.linkToDefaultDomain` + +Whether this route will be linked to the default endpoint domain. + +- Required: No +- Type: string +- Allowed: + ```Bicep + [ + 'Disabled' + 'Enabled' + ] + ``` + +### Parameter: `routes.originPath` + +A directory path on the origin that AzureFrontDoor can use to retrieve content from, e.g. contoso.cloudapp.net/originpath. + +- Required: No +- Type: string + +### Parameter: `routes.patternsToMatch` + +The route patterns of the rule. + +- Required: No +- Type: array + +### Parameter: `routes.ruleSets` + +The rule sets of the rule. + +- Required: No +- Type: array + +### Parameter: `routes.supportedProtocols` + +The supported protocols of the rule. + +- Required: No +- Type: array + ### Parameter: `tags` The tags of the AFD Endpoint. diff --git a/avm/res/cdn/profile/afdEndpoint/main.bicep b/avm/res/cdn/profile/afdEndpoint/main.bicep index a280fcf07f..84644ab9ff 100644 --- a/avm/res/cdn/profile/afdEndpoint/main.bicep +++ b/avm/res/cdn/profile/afdEndpoint/main.bicep @@ -31,7 +31,7 @@ param autoGeneratedDomainNameLabelScope string = 'TenantReuse' param enabledState string = 'Enabled' @description('Optional. The list of routes for this AFD Endpoint.') -param routes array? +param routes routeType[]? resource profile 'Microsoft.Cdn/profiles@2023-05-01' existing = { name: profileName @@ -84,3 +84,27 @@ output location string = afdEndpoint.location @description('The list of routes assigned to the AFD endpoint.') output routes array = routes ?? [] + +// =============== // +// Definitions // +// =============== // + +import { routeType } from './route/main.bicep' + +@export() +type afdEndpointType = { + @description('Required. The name of the AFD Endpoint.') + name: string + + @description('Optional. The list of routes for this AFD Endpoint.') + routes: routeType[]? + + @description('Optional. The tags for the AFD Endpoint.') + tags: object? + + @description('Optional. The scope of the auto-generated domain name label.') + autoGeneratedDomainNameLabelScope: 'NoReuse' | 'ResourceGroupReuse' | 'SubscriptionReuse' | 'TenantReuse' | null + + @description('Optional. The state of the AFD Endpoint.') + enabledState: 'Enabled' | 'Disabled' | null +} diff --git a/avm/res/cdn/profile/afdEndpoint/main.json b/avm/res/cdn/profile/afdEndpoint/main.json index 7cfef24e3f..866c19c60f 100644 --- a/avm/res/cdn/profile/afdEndpoint/main.json +++ b/avm/res/cdn/profile/afdEndpoint/main.json @@ -5,13 +5,237 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "792735746278824384" + "version": "0.31.34.60546", + "templateHash": "16899001110062450573" }, "name": "CDN Profiles AFD Endpoints", "description": "This module deploys a CDN Profile AFD Endpoint.", "owner": "Azure/module-maintainers" }, + "definitions": { + "afdEndpointType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the AFD Endpoint." + } + }, + "routes": { + "type": "array", + "items": { + "$ref": "#/definitions/routeType" + }, + "nullable": true, + "metadata": { + "description": "Optional. The list of routes for this AFD Endpoint." + } + }, + "tags": { + "type": "object", + "nullable": true, + "metadata": { + "description": "Optional. The tags for the AFD Endpoint." + } + }, + "autoGeneratedDomainNameLabelScope": { + "type": "string", + "allowedValues": [ + "NoReuse", + "ResourceGroupReuse", + "SubscriptionReuse", + "TenantReuse" + ], + "nullable": true, + "metadata": { + "description": "Optional. The scope of the auto-generated domain name label." + } + }, + "enabledState": { + "type": "string", + "allowedValues": [ + "Disabled", + "Enabled" + ], + "nullable": true, + "metadata": { + "description": "Optional. The state of the AFD Endpoint." + } + } + }, + "metadata": { + "__bicep_export!": true + } + }, + "_1.afdRoutecacheConfigurationType": { + "type": "object", + "properties": { + "compressionSettings": { + "type": "object", + "properties": { + "contentTypesToCompress": { + "type": "array", + "items": { + "type": "string" + }, + "metadata": { + "description": "Required. List of content types on which compression applies. The value should be a valid MIME type." + } + }, + "iscontentTypeToCompressAll": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Indicates whether content compression is enabled on AzureFrontDoor. Default value is false. If compression is enabled, content will be served as compressed if user requests for a compressed version. Content won't be compressed on AzureFrontDoor when requested content is smaller than 1 byte or larger than 1 MB." + } + } + }, + "metadata": { + "description": "Required. Compression settings." + } + }, + "queryParameters": { + "type": "string", + "metadata": { + "description": "Required. Query parameters to include or exclude (comma separated)." + } + }, + "queryStringCachingBehavior": { + "type": "string", + "allowedValues": [ + "IgnoreQueryString", + "IgnoreSpecifiedQueryStrings", + "IncludeSpecifiedQueryStrings", + "UseQueryString" + ], + "metadata": { + "description": "Required. Defines how Frontdoor caches requests that include query strings." + } + } + }, + "metadata": { + "__bicep_imported_from!": { + "sourceTemplate": "route/main.bicep" + } + } + }, + "routeType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the route." + } + }, + "cacheConfiguration": { + "$ref": "#/definitions/_1.afdRoutecacheConfigurationType", + "nullable": true, + "metadata": { + "description": "Optional. The caching configuration for this route. To disable caching, do not provide a cacheConfiguration object." + } + }, + "customDomainNames": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true, + "metadata": { + "description": "Optional. The names of the custom domains." + } + }, + "enabledState": { + "type": "string", + "allowedValues": [ + "Disabled", + "Enabled" + ], + "nullable": true, + "metadata": { + "description": "Optional. Whether to enable use of this rule." + } + }, + "forwardingProtocol": { + "type": "string", + "allowedValues": [ + "HttpOnly", + "HttpsOnly", + "MatchRequest" + ], + "nullable": true, + "metadata": { + "description": "Optional. The protocol this rule will use when forwarding traffic to backends." + } + }, + "httpsRedirect": { + "type": "string", + "allowedValues": [ + "Disabled", + "Enabled" + ], + "nullable": true, + "metadata": { + "description": "Optional. Whether to automatically redirect HTTP traffic to HTTPS traffic." + } + }, + "linkToDefaultDomain": { + "type": "string", + "allowedValues": [ + "Disabled", + "Enabled" + ], + "nullable": true, + "metadata": { + "description": "Optional. Whether this route will be linked to the default endpoint domain." + } + }, + "originGroupName": { + "type": "string", + "metadata": { + "description": "Required. The name of the origin group." + } + }, + "originPath": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. A directory path on the origin that AzureFrontDoor can use to retrieve content from, e.g. contoso.cloudapp.net/originpath." + } + }, + "patternsToMatch": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. The route patterns of the rule." + } + }, + "ruleSets": { + "type": "array", + "items": { + "type": "object" + }, + "nullable": true, + "metadata": { + "description": "Optional. The rule sets of the rule." + } + }, + "supportedProtocols": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. The supported protocols of the rule." + } + } + }, + "metadata": { + "__bicep_imported_from!": { + "sourceTemplate": "route/main.bicep" + } + } + } + }, "parameters": { "name": { "type": "string", @@ -65,6 +289,9 @@ }, "routes": { "type": "array", + "items": { + "$ref": "#/definitions/routeType" + }, "nullable": true, "metadata": { "description": "Optional. The list of routes for this AFD Endpoint." @@ -87,10 +314,7 @@ "properties": { "autoGeneratedDomainNameLabelScope": "[parameters('autoGeneratedDomainNameLabelScope')]", "enabledState": "[parameters('enabledState')]" - }, - "dependsOn": [ - "profile" - ] + } }, "afdEndpoint_routes": { "copy": { @@ -156,13 +380,175 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "1034122698174669197" + "version": "0.31.34.60546", + "templateHash": "15873678240851060540" }, "name": "CDN Profiles AFD Endpoint Route", "description": "This module deploys a CDN Profile AFD Endpoint route.", "owner": "Azure/module-maintainers" }, + "definitions": { + "routeType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the route." + } + }, + "cacheConfiguration": { + "$ref": "#/definitions/afdRoutecacheConfigurationType", + "nullable": true, + "metadata": { + "description": "Optional. The caching configuration for this route. To disable caching, do not provide a cacheConfiguration object." + } + }, + "customDomainNames": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true, + "metadata": { + "description": "Optional. The names of the custom domains." + } + }, + "enabledState": { + "type": "string", + "allowedValues": [ + "Disabled", + "Enabled" + ], + "nullable": true, + "metadata": { + "description": "Optional. Whether to enable use of this rule." + } + }, + "forwardingProtocol": { + "type": "string", + "allowedValues": [ + "HttpOnly", + "HttpsOnly", + "MatchRequest" + ], + "nullable": true, + "metadata": { + "description": "Optional. The protocol this rule will use when forwarding traffic to backends." + } + }, + "httpsRedirect": { + "type": "string", + "allowedValues": [ + "Disabled", + "Enabled" + ], + "nullable": true, + "metadata": { + "description": "Optional. Whether to automatically redirect HTTP traffic to HTTPS traffic." + } + }, + "linkToDefaultDomain": { + "type": "string", + "allowedValues": [ + "Disabled", + "Enabled" + ], + "nullable": true, + "metadata": { + "description": "Optional. Whether this route will be linked to the default endpoint domain." + } + }, + "originGroupName": { + "type": "string", + "metadata": { + "description": "Required. The name of the origin group." + } + }, + "originPath": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. A directory path on the origin that AzureFrontDoor can use to retrieve content from, e.g. contoso.cloudapp.net/originpath." + } + }, + "patternsToMatch": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. The route patterns of the rule." + } + }, + "ruleSets": { + "type": "array", + "items": { + "type": "object" + }, + "nullable": true, + "metadata": { + "description": "Optional. The rule sets of the rule." + } + }, + "supportedProtocols": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. The supported protocols of the rule." + } + } + }, + "metadata": { + "__bicep_export!": true + } + }, + "afdRoutecacheConfigurationType": { + "type": "object", + "properties": { + "compressionSettings": { + "type": "object", + "properties": { + "contentTypesToCompress": { + "type": "array", + "items": { + "type": "string" + }, + "metadata": { + "description": "Required. List of content types on which compression applies. The value should be a valid MIME type." + } + }, + "iscontentTypeToCompressAll": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Indicates whether content compression is enabled on AzureFrontDoor. Default value is false. If compression is enabled, content will be served as compressed if user requests for a compressed version. Content won't be compressed on AzureFrontDoor when requested content is smaller than 1 byte or larger than 1 MB." + } + } + }, + "metadata": { + "description": "Required. Compression settings." + } + }, + "queryParameters": { + "type": "string", + "metadata": { + "description": "Required. Query parameters to include or exclude (comma separated)." + } + }, + "queryStringCachingBehavior": { + "type": "string", + "allowedValues": [ + "IgnoreQueryString", + "IgnoreSpecifiedQueryStrings", + "IncludeSpecifiedQueryStrings", + "UseQueryString" + ], + "metadata": { + "description": "Required. Defines how Frontdoor caches requests that include query strings." + } + } + } + } + }, "parameters": { "name": { "type": "string", @@ -288,10 +674,7 @@ "existing": true, "type": "Microsoft.Cdn/profiles/afdEndpoints", "apiVersion": "2023-05-01", - "name": "[format('{0}/{1}', parameters('profileName'), parameters('afdEndpointName'))]", - "dependsOn": [ - "profile" - ] + "name": "[format('{0}/{1}', parameters('profileName'), parameters('afdEndpointName'))]" }, "profile::customDomains": { "copy": { @@ -301,19 +684,13 @@ "existing": true, "type": "Microsoft.Cdn/profiles/customDomains", "apiVersion": "2023-05-01", - "name": "[format('{0}/{1}', parameters('profileName'), coalesce(parameters('customDomainNames'), createArray())[copyIndex()])]", - "dependsOn": [ - "profile" - ] + "name": "[format('{0}/{1}', parameters('profileName'), coalesce(parameters('customDomainNames'), createArray())[copyIndex()])]" }, "profile::originGroup": { "existing": true, "type": "Microsoft.Cdn/profiles/originGroups", "apiVersion": "2023-05-01", - "name": "[format('{0}/{1}', parameters('profileName'), parameters('originGroupName'))]", - "dependsOn": [ - "profile" - ] + "name": "[format('{0}/{1}', parameters('profileName'), parameters('originGroupName'))]" }, "profile::ruleSet": { "copy": { @@ -323,10 +700,7 @@ "existing": true, "type": "Microsoft.Cdn/profiles/ruleSets", "apiVersion": "2023-05-01", - "name": "[format('{0}/{1}', parameters('profileName'), parameters('ruleSets')[copyIndex()].name)]", - "dependsOn": [ - "profile" - ] + "name": "[format('{0}/{1}', parameters('profileName'), parameters('ruleSets')[copyIndex()].name)]" }, "profile": { "existing": true, @@ -366,10 +740,7 @@ "originPath": "[parameters('originPath')]", "patternsToMatch": "[parameters('patternsToMatch')]", "supportedProtocols": "[parameters('supportedProtocols')]" - }, - "dependsOn": [ - "profile::afdEndpoint" - ] + } } }, "outputs": { @@ -398,8 +769,7 @@ } }, "dependsOn": [ - "afdEndpoint", - "profile" + "afdEndpoint" ] } }, diff --git a/avm/res/cdn/profile/afdEndpoint/route/main.bicep b/avm/res/cdn/profile/afdEndpoint/route/main.bicep index 36bfd40c15..265bd43405 100644 --- a/avm/res/cdn/profile/afdEndpoint/route/main.bicep +++ b/avm/res/cdn/profile/afdEndpoint/route/main.bicep @@ -122,3 +122,66 @@ output resourceId string = route.id @description('The name of the resource group the route was created in.') output resourceGroupName string = resourceGroup().name + +// =============== // +// Definitions // +// =============== // + +@export() +type routeType = { + @description('Required. The name of the route.') + name: string + + @description('Optional. The caching configuration for this route. To disable caching, do not provide a cacheConfiguration object.') + cacheConfiguration: afdRoutecacheConfigurationType? + + @description('Optional. The names of the custom domains.') + customDomainNames: string[]? + + @description('Optional. Whether to enable use of this rule.') + enabledState: 'Enabled' | 'Disabled' | null + + @description('Optional. The protocol this rule will use when forwarding traffic to backends.') + forwardingProtocol: 'HttpOnly' | 'HttpsOnly' | 'MatchRequest' | null + + @description('Optional. Whether to automatically redirect HTTP traffic to HTTPS traffic.') + httpsRedirect: 'Enabled' | 'Disabled' | null + + @description('Optional. Whether this route will be linked to the default endpoint domain.') + linkToDefaultDomain: 'Enabled' | 'Disabled' | null + + @description('Required. The name of the origin group.') + originGroupName: string + + @description('Optional. A directory path on the origin that AzureFrontDoor can use to retrieve content from, e.g. contoso.cloudapp.net/originpath.') + originPath: string? + + @description('Optional. The route patterns of the rule.') + patternsToMatch: array? + + @description('Optional. The rule sets of the rule.') + ruleSets: object[]? + + @description('Optional. The supported protocols of the rule.') + supportedProtocols: array? +} + +type afdRoutecacheConfigurationType = { + @description('Required. Compression settings.') + compressionSettings: { + @description('Required. List of content types on which compression applies. The value should be a valid MIME type.') + contentTypesToCompress: string[] + + @description('Optional. Indicates whether content compression is enabled on AzureFrontDoor. Default value is false. If compression is enabled, content will be served as compressed if user requests for a compressed version. Content won\'t be compressed on AzureFrontDoor when requested content is smaller than 1 byte or larger than 1 MB.') + iscontentTypeToCompressAll: bool? + } + @description('Required. Query parameters to include or exclude (comma separated).') + queryParameters: string + + @description('Required. Defines how Frontdoor caches requests that include query strings.') + queryStringCachingBehavior: + | 'IgnoreQueryString' + | 'IgnoreSpecifiedQueryStrings' + | 'IncludeSpecifiedQueryStrings' + | 'UseQueryString' +} diff --git a/avm/res/cdn/profile/afdEndpoint/route/main.json b/avm/res/cdn/profile/afdEndpoint/route/main.json index 852e97f10c..eae2b5bfce 100644 --- a/avm/res/cdn/profile/afdEndpoint/route/main.json +++ b/avm/res/cdn/profile/afdEndpoint/route/main.json @@ -5,13 +5,175 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "1034122698174669197" + "version": "0.31.34.60546", + "templateHash": "15873678240851060540" }, "name": "CDN Profiles AFD Endpoint Route", "description": "This module deploys a CDN Profile AFD Endpoint route.", "owner": "Azure/module-maintainers" }, + "definitions": { + "routeType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the route." + } + }, + "cacheConfiguration": { + "$ref": "#/definitions/afdRoutecacheConfigurationType", + "nullable": true, + "metadata": { + "description": "Optional. The caching configuration for this route. To disable caching, do not provide a cacheConfiguration object." + } + }, + "customDomainNames": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true, + "metadata": { + "description": "Optional. The names of the custom domains." + } + }, + "enabledState": { + "type": "string", + "allowedValues": [ + "Disabled", + "Enabled" + ], + "nullable": true, + "metadata": { + "description": "Optional. Whether to enable use of this rule." + } + }, + "forwardingProtocol": { + "type": "string", + "allowedValues": [ + "HttpOnly", + "HttpsOnly", + "MatchRequest" + ], + "nullable": true, + "metadata": { + "description": "Optional. The protocol this rule will use when forwarding traffic to backends." + } + }, + "httpsRedirect": { + "type": "string", + "allowedValues": [ + "Disabled", + "Enabled" + ], + "nullable": true, + "metadata": { + "description": "Optional. Whether to automatically redirect HTTP traffic to HTTPS traffic." + } + }, + "linkToDefaultDomain": { + "type": "string", + "allowedValues": [ + "Disabled", + "Enabled" + ], + "nullable": true, + "metadata": { + "description": "Optional. Whether this route will be linked to the default endpoint domain." + } + }, + "originGroupName": { + "type": "string", + "metadata": { + "description": "Required. The name of the origin group." + } + }, + "originPath": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. A directory path on the origin that AzureFrontDoor can use to retrieve content from, e.g. contoso.cloudapp.net/originpath." + } + }, + "patternsToMatch": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. The route patterns of the rule." + } + }, + "ruleSets": { + "type": "array", + "items": { + "type": "object" + }, + "nullable": true, + "metadata": { + "description": "Optional. The rule sets of the rule." + } + }, + "supportedProtocols": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. The supported protocols of the rule." + } + } + }, + "metadata": { + "__bicep_export!": true + } + }, + "afdRoutecacheConfigurationType": { + "type": "object", + "properties": { + "compressionSettings": { + "type": "object", + "properties": { + "contentTypesToCompress": { + "type": "array", + "items": { + "type": "string" + }, + "metadata": { + "description": "Required. List of content types on which compression applies. The value should be a valid MIME type." + } + }, + "iscontentTypeToCompressAll": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Indicates whether content compression is enabled on AzureFrontDoor. Default value is false. If compression is enabled, content will be served as compressed if user requests for a compressed version. Content won't be compressed on AzureFrontDoor when requested content is smaller than 1 byte or larger than 1 MB." + } + } + }, + "metadata": { + "description": "Required. Compression settings." + } + }, + "queryParameters": { + "type": "string", + "metadata": { + "description": "Required. Query parameters to include or exclude (comma separated)." + } + }, + "queryStringCachingBehavior": { + "type": "string", + "allowedValues": [ + "IgnoreQueryString", + "IgnoreSpecifiedQueryStrings", + "IncludeSpecifiedQueryStrings", + "UseQueryString" + ], + "metadata": { + "description": "Required. Defines how Frontdoor caches requests that include query strings." + } + } + } + } + }, "parameters": { "name": { "type": "string", @@ -137,10 +299,7 @@ "existing": true, "type": "Microsoft.Cdn/profiles/afdEndpoints", "apiVersion": "2023-05-01", - "name": "[format('{0}/{1}', parameters('profileName'), parameters('afdEndpointName'))]", - "dependsOn": [ - "profile" - ] + "name": "[format('{0}/{1}', parameters('profileName'), parameters('afdEndpointName'))]" }, "profile::customDomains": { "copy": { @@ -150,19 +309,13 @@ "existing": true, "type": "Microsoft.Cdn/profiles/customDomains", "apiVersion": "2023-05-01", - "name": "[format('{0}/{1}', parameters('profileName'), coalesce(parameters('customDomainNames'), createArray())[copyIndex()])]", - "dependsOn": [ - "profile" - ] + "name": "[format('{0}/{1}', parameters('profileName'), coalesce(parameters('customDomainNames'), createArray())[copyIndex()])]" }, "profile::originGroup": { "existing": true, "type": "Microsoft.Cdn/profiles/originGroups", "apiVersion": "2023-05-01", - "name": "[format('{0}/{1}', parameters('profileName'), parameters('originGroupName'))]", - "dependsOn": [ - "profile" - ] + "name": "[format('{0}/{1}', parameters('profileName'), parameters('originGroupName'))]" }, "profile::ruleSet": { "copy": { @@ -172,10 +325,7 @@ "existing": true, "type": "Microsoft.Cdn/profiles/ruleSets", "apiVersion": "2023-05-01", - "name": "[format('{0}/{1}', parameters('profileName'), parameters('ruleSets')[copyIndex()].name)]", - "dependsOn": [ - "profile" - ] + "name": "[format('{0}/{1}', parameters('profileName'), parameters('ruleSets')[copyIndex()].name)]" }, "profile": { "existing": true, @@ -215,10 +365,7 @@ "originPath": "[parameters('originPath')]", "patternsToMatch": "[parameters('patternsToMatch')]", "supportedProtocols": "[parameters('supportedProtocols')]" - }, - "dependsOn": [ - "profile::afdEndpoint" - ] + } } }, "outputs": { diff --git a/avm/res/cdn/profile/customdomain/README.md b/avm/res/cdn/profile/customdomain/README.md index 39077a14be..37e9d735de 100644 --- a/avm/res/cdn/profile/customdomain/README.md +++ b/avm/res/cdn/profile/customdomain/README.md @@ -49,6 +49,7 @@ The type of the certificate used for secure delivery. - Allowed: ```Bicep [ + 'AzureFirstPartyManagedCertificate' 'CustomerCertificate' 'ManagedCertificate' ] diff --git a/avm/res/cdn/profile/customdomain/main.bicep b/avm/res/cdn/profile/customdomain/main.bicep index a0a4f4477f..efe67a0569 100644 --- a/avm/res/cdn/profile/customdomain/main.bicep +++ b/avm/res/cdn/profile/customdomain/main.bicep @@ -21,6 +21,7 @@ param extendedProperties object = {} param preValidatedCustomDomainResourceId string = '' @allowed([ + 'AzureFirstPartyManagedCertificate' 'CustomerCertificate' 'ManagedCertificate' ]) @@ -40,10 +41,9 @@ param secretName string = '' resource profile 'Microsoft.Cdn/profiles@2023-05-01' existing = { name: profileName - resource secrect 'secrets@2023-05-01' existing = - if (!empty(secretName)) { - name: secretName - } + resource secrect 'secrets@2023-05-01' existing = if (!empty(secretName)) { + name: secretName + } } resource customDomain 'Microsoft.Cdn/profiles/customDomains@2023-05-01' = { @@ -82,3 +82,33 @@ output resourceId string = customDomain.id @description('The name of the resource group the custom domain was created in.') output resourceGroupName string = resourceGroup().name + +// =============== // +// Definitions // +// =============== // +@export() +type customDomainType = { + @description('Required. The name of the custom domain.') + name: string + + @description('Required. The host name of the custom domain.') + hostName: string + + @description('Required. The type of the certificate.') + certificateType: 'AzureFirstPartyManagedCertificate' | 'CustomerCertificate' | 'ManagedCertificate' + + @description('Optional. The resource ID of the Azure DNS zone.') + azureDnsZoneResourceId: string? + + @description('Optional. The resource ID of the pre-validated custom domain.') + preValidatedCustomDomainResourceId: string? + + @description('Optional. The name of the secret.') + secretName: string? + + @description('Optional. The minimum TLS version.') + minimumTlsVersion: 'TLS10' | 'TLS12' | null + + @description('Optional. Extended properties.') + extendedProperties: object? +} diff --git a/avm/res/cdn/profile/customdomain/main.json b/avm/res/cdn/profile/customdomain/main.json index e45727e4ad..b88c221734 100644 --- a/avm/res/cdn/profile/customdomain/main.json +++ b/avm/res/cdn/profile/customdomain/main.json @@ -1,16 +1,89 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "16955838730426729961" + "version": "0.31.34.60546", + "templateHash": "10387694873442665915" }, "name": "CDN Profiles Custom Domains", "description": "This module deploys a CDN Profile Custom Domains.", "owner": "Azure/module-maintainers" }, + "definitions": { + "customDomainType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the custom domain." + } + }, + "hostName": { + "type": "string", + "metadata": { + "description": "Required. The host name of the custom domain." + } + }, + "certificateType": { + "type": "string", + "allowedValues": [ + "AzureFirstPartyManagedCertificate", + "CustomerCertificate", + "ManagedCertificate" + ], + "metadata": { + "description": "Required. The type of the certificate." + } + }, + "azureDnsZoneResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The resource ID of the Azure DNS zone." + } + }, + "preValidatedCustomDomainResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The resource ID of the pre-validated custom domain." + } + }, + "secretName": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name of the secret." + } + }, + "minimumTlsVersion": { + "type": "string", + "allowedValues": [ + "TLS10", + "TLS12" + ], + "nullable": true, + "metadata": { + "description": "Optional. The minimum TLS version." + } + }, + "extendedProperties": { + "type": "object", + "nullable": true, + "metadata": { + "description": "Optional. Extended properties." + } + } + }, + "metadata": { + "__bicep_export!": true + } + } + }, "parameters": { "name": { "type": "string", @@ -54,6 +127,7 @@ "certificateType": { "type": "string", "allowedValues": [ + "AzureFirstPartyManagedCertificate", "CustomerCertificate", "ManagedCertificate" ], @@ -80,8 +154,21 @@ } } }, - "resources": [ - { + "resources": { + "profile::secrect": { + "condition": "[not(empty(parameters('secretName')))]", + "existing": true, + "type": "Microsoft.Cdn/profiles/secrets", + "apiVersion": "2023-05-01", + "name": "[format('{0}/{1}', parameters('profileName'), parameters('secretName'))]" + }, + "profile": { + "existing": true, + "type": "Microsoft.Cdn/profiles", + "apiVersion": "2023-05-01", + "name": "[parameters('profileName')]" + }, + "customDomain": { "type": "Microsoft.Cdn/profiles/customDomains", "apiVersion": "2023-05-01", "name": "[format('{0}/{1}', parameters('profileName'), parameters('name'))]", @@ -97,7 +184,7 @@ } } } - ], + }, "outputs": { "name": { "type": "string", diff --git a/avm/res/cdn/profile/endpoint/main.json b/avm/res/cdn/profile/endpoint/main.json index 273dbe9fce..ca9c1a9478 100644 --- a/avm/res/cdn/profile/endpoint/main.json +++ b/avm/res/cdn/profile/endpoint/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "3460565146034921053" + "version": "0.31.34.60546", + "templateHash": "5709530270456479127" }, "name": "CDN Profiles Endpoints", "description": "This module deploys a CDN Profile Endpoint.", @@ -59,10 +59,7 @@ "name": "[format('{0}/{1}', parameters('profileName'), parameters('name'))]", "location": "[parameters('location')]", "properties": "[parameters('properties')]", - "tags": "[parameters('tags')]", - "dependsOn": [ - "profile" - ] + "tags": "[parameters('tags')]" }, "endpoint_origins": { "copy": { @@ -125,8 +122,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "4151069688274070352" + "version": "0.31.34.60546", + "templateHash": "12416203553821456162" }, "name": "CDN Profiles Endpoints Origins", "description": "This module deploys a CDN Profile Endpoint Origin.", @@ -233,19 +230,13 @@ "existing": true, "type": "Microsoft.Cdn/profiles/endpoints", "apiVersion": "2021-06-01", - "name": "[format('{0}/{1}', parameters('profileName'), parameters('endpointName'))]", - "dependsOn": [ - "profile" - ] + "name": "[format('{0}/{1}', parameters('profileName'), parameters('endpointName'))]" }, "origin": { "type": "Microsoft.Cdn/profiles/endpoints/origins", "apiVersion": "2021-06-01", "name": "[format('{0}/{1}/{2}', parameters('profileName'), parameters('endpointName'), parameters('name'))]", - "properties": "[union(createObject('hostName', parameters('hostName'), 'httpPort', parameters('httpPort'), 'enabled', parameters('enabled'), 'httpsPort', parameters('httpsPort')), if(or(greater(parameters('priority'), 0), greater(parameters('weight'), 0)), createObject('priority', parameters('priority'), 'weight', parameters('weight')), createObject()), if(and(not(empty(parameters('privateLinkAlias'))), not(empty(parameters('privateLinkLocation')))), createObject('privateLinkAlias', parameters('privateLinkAlias'), 'privateLinkLocation', parameters('privateLinkLocation')), createObject()), if(not(empty(parameters('privateLinkResourceId'))), createObject('privateLinkResourceId', parameters('privateLinkResourceId')), createObject()), if(not(empty(parameters('originHostHeader'))), createObject('originHostHeader', parameters('originHostHeader')), createObject()))]", - "dependsOn": [ - "endpoint" - ] + "properties": "[union(createObject('hostName', parameters('hostName'), 'httpPort', parameters('httpPort'), 'enabled', parameters('enabled'), 'httpsPort', parameters('httpsPort')), if(or(greater(parameters('priority'), 0), greater(parameters('weight'), 0)), createObject('priority', parameters('priority'), 'weight', parameters('weight')), createObject()), if(and(not(empty(parameters('privateLinkAlias'))), not(empty(parameters('privateLinkLocation')))), createObject('privateLinkAlias', parameters('privateLinkAlias'), 'privateLinkLocation', parameters('privateLinkLocation')), createObject()), if(not(empty(parameters('privateLinkResourceId'))), createObject('privateLinkResourceId', parameters('privateLinkResourceId')), createObject()), if(not(empty(parameters('originHostHeader'))), createObject('originHostHeader', parameters('originHostHeader')), createObject()))]" } }, "outputs": { @@ -281,8 +272,7 @@ } }, "dependsOn": [ - "endpoint", - "profile" + "endpoint" ] } }, diff --git a/avm/res/cdn/profile/endpoint/origin/main.json b/avm/res/cdn/profile/endpoint/origin/main.json index f4c079ff44..e71c4745c1 100644 --- a/avm/res/cdn/profile/endpoint/origin/main.json +++ b/avm/res/cdn/profile/endpoint/origin/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "4151069688274070352" + "version": "0.31.34.60546", + "templateHash": "12416203553821456162" }, "name": "CDN Profiles Endpoints Origins", "description": "This module deploys a CDN Profile Endpoint Origin.", @@ -113,19 +113,13 @@ "existing": true, "type": "Microsoft.Cdn/profiles/endpoints", "apiVersion": "2021-06-01", - "name": "[format('{0}/{1}', parameters('profileName'), parameters('endpointName'))]", - "dependsOn": [ - "profile" - ] + "name": "[format('{0}/{1}', parameters('profileName'), parameters('endpointName'))]" }, "origin": { "type": "Microsoft.Cdn/profiles/endpoints/origins", "apiVersion": "2021-06-01", "name": "[format('{0}/{1}/{2}', parameters('profileName'), parameters('endpointName'), parameters('name'))]", - "properties": "[union(createObject('hostName', parameters('hostName'), 'httpPort', parameters('httpPort'), 'enabled', parameters('enabled'), 'httpsPort', parameters('httpsPort')), if(or(greater(parameters('priority'), 0), greater(parameters('weight'), 0)), createObject('priority', parameters('priority'), 'weight', parameters('weight')), createObject()), if(and(not(empty(parameters('privateLinkAlias'))), not(empty(parameters('privateLinkLocation')))), createObject('privateLinkAlias', parameters('privateLinkAlias'), 'privateLinkLocation', parameters('privateLinkLocation')), createObject()), if(not(empty(parameters('privateLinkResourceId'))), createObject('privateLinkResourceId', parameters('privateLinkResourceId')), createObject()), if(not(empty(parameters('originHostHeader'))), createObject('originHostHeader', parameters('originHostHeader')), createObject()))]", - "dependsOn": [ - "endpoint" - ] + "properties": "[union(createObject('hostName', parameters('hostName'), 'httpPort', parameters('httpPort'), 'enabled', parameters('enabled'), 'httpsPort', parameters('httpsPort')), if(or(greater(parameters('priority'), 0), greater(parameters('weight'), 0)), createObject('priority', parameters('priority'), 'weight', parameters('weight')), createObject()), if(and(not(empty(parameters('privateLinkAlias'))), not(empty(parameters('privateLinkLocation')))), createObject('privateLinkAlias', parameters('privateLinkAlias'), 'privateLinkLocation', parameters('privateLinkLocation')), createObject()), if(not(empty(parameters('privateLinkResourceId'))), createObject('privateLinkResourceId', parameters('privateLinkResourceId')), createObject()), if(not(empty(parameters('originHostHeader'))), createObject('originHostHeader', parameters('originHostHeader')), createObject()))]" } }, "outputs": { diff --git a/avm/res/cdn/profile/main.bicep b/avm/res/cdn/profile/main.bicep index 2c30c0c2e2..ae15d9234b 100644 --- a/avm/res/cdn/profile/main.bicep +++ b/avm/res/cdn/profile/main.bicep @@ -38,16 +38,16 @@ param endpointProperties object? param secrets array = [] @description('Optional. Array of custom domain objects.') -param customDomains array = [] +param customDomains customDomainType[] = [] @description('Conditional. Array of origin group objects. Required if the afdEndpoints is specified.') -param originGroups array = [] +param originGroups originGroupType[] = [] @description('Optional. Array of rule set objects.') -param ruleSets array = [] +param ruleSets ruleSetType[] = [] @description('Optional. Array of AFD endpoint objects.') -param afdEndpoints array = [] +param afdEndpoints afdEndpointType[] = [] @description('Optional. Array of Security Policy objects (see https://learn.microsoft.com/en-us/azure/templates/microsoft.cdn/profiles/securitypolicies for details).') param securityPolicies securityPolicyType = [] @@ -320,6 +320,14 @@ output systemAssignedMIPrincipalId string = profile.?identity.?principalId ?? '' // Definitions // // =============== // +import { afdEndpointType } from 'afdEndpoint/main.bicep' +import { customDomainType } from 'customdomain/main.bicep' +import { originGroupType } from 'origingroup/main.bicep' +import { originType } from 'origingroup//origin/main.bicep' +import { associationsType } from 'securityPolicies/main.bicep' +import { ruleSetType } from 'ruleset/main.bicep' +import { ruleType } from 'ruleset/rule/main.bicep' + type managedIdentitiesType = { @description('Optional. Enables system assigned managed identity on the resource.') systemAssigned: bool? @@ -328,7 +336,7 @@ type managedIdentitiesType = { userAssignedResourceIds: string[]? }? -import { associationsType } from 'securityPolicies/main.bicep' +@export() type securityPolicyType = { @description('Required. Name of the security policy.') name: string diff --git a/avm/res/cdn/profile/main.json b/avm/res/cdn/profile/main.json index ff95fa664e..1d5952c679 100644 --- a/avm/res/cdn/profile/main.json +++ b/avm/res/cdn/profile/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "17027452417371199673" + "version": "0.31.34.60546", + "templateHash": "10761375864597089825" }, "name": "CDN Profiles", "description": "This module deploys a CDN Profile.", @@ -60,6 +60,9 @@ } } } + }, + "metadata": { + "__bicep_export!": true } }, "lockType": { @@ -160,6 +163,388 @@ }, "nullable": true }, + "_1.afdRoutecacheConfigurationType": { + "type": "object", + "properties": { + "compressionSettings": { + "type": "object", + "properties": { + "contentTypesToCompress": { + "type": "array", + "items": { + "type": "string" + }, + "metadata": { + "description": "Required. List of content types on which compression applies. The value should be a valid MIME type." + } + }, + "iscontentTypeToCompressAll": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Indicates whether content compression is enabled on AzureFrontDoor. Default value is false. If compression is enabled, content will be served as compressed if user requests for a compressed version. Content won't be compressed on AzureFrontDoor when requested content is smaller than 1 byte or larger than 1 MB." + } + } + }, + "metadata": { + "description": "Required. Compression settings." + } + }, + "queryParameters": { + "type": "string", + "metadata": { + "description": "Required. Query parameters to include or exclude (comma separated)." + } + }, + "queryStringCachingBehavior": { + "type": "string", + "allowedValues": [ + "IgnoreQueryString", + "IgnoreSpecifiedQueryStrings", + "IncludeSpecifiedQueryStrings", + "UseQueryString" + ], + "metadata": { + "description": "Required. Defines how Frontdoor caches requests that include query strings." + } + } + }, + "metadata": { + "__bicep_imported_from!": { + "sourceTemplate": "afdEndpoint/route/main.bicep" + } + } + }, + "_1.routeType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the route." + } + }, + "cacheConfiguration": { + "$ref": "#/definitions/_1.afdRoutecacheConfigurationType", + "nullable": true, + "metadata": { + "description": "Optional. The caching configuration for this route. To disable caching, do not provide a cacheConfiguration object." + } + }, + "customDomainNames": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true, + "metadata": { + "description": "Optional. The names of the custom domains." + } + }, + "enabledState": { + "type": "string", + "allowedValues": [ + "Disabled", + "Enabled" + ], + "nullable": true, + "metadata": { + "description": "Optional. Whether to enable use of this rule." + } + }, + "forwardingProtocol": { + "type": "string", + "allowedValues": [ + "HttpOnly", + "HttpsOnly", + "MatchRequest" + ], + "nullable": true, + "metadata": { + "description": "Optional. The protocol this rule will use when forwarding traffic to backends." + } + }, + "httpsRedirect": { + "type": "string", + "allowedValues": [ + "Disabled", + "Enabled" + ], + "nullable": true, + "metadata": { + "description": "Optional. Whether to automatically redirect HTTP traffic to HTTPS traffic." + } + }, + "linkToDefaultDomain": { + "type": "string", + "allowedValues": [ + "Disabled", + "Enabled" + ], + "nullable": true, + "metadata": { + "description": "Optional. Whether this route will be linked to the default endpoint domain." + } + }, + "originGroupName": { + "type": "string", + "metadata": { + "description": "Required. The name of the origin group." + } + }, + "originPath": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. A directory path on the origin that AzureFrontDoor can use to retrieve content from, e.g. contoso.cloudapp.net/originpath." + } + }, + "patternsToMatch": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. The route patterns of the rule." + } + }, + "ruleSets": { + "type": "array", + "items": { + "type": "object" + }, + "nullable": true, + "metadata": { + "description": "Optional. The rule sets of the rule." + } + }, + "supportedProtocols": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. The supported protocols of the rule." + } + } + }, + "metadata": { + "__bicep_imported_from!": { + "sourceTemplate": "afdEndpoint/route/main.bicep" + } + } + }, + "_2.healthProbeSettingsType": { + "type": "object", + "properties": { + "probePath": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The path relative to the origin that is used to determine the health of the origin." + } + }, + "probeProtocol": { + "type": "string", + "allowedValues": [ + "Http", + "Https", + "NotSet" + ], + "nullable": true, + "metadata": { + "description": "Optional. Protocol to use for health probe." + } + }, + "probeRequestType": { + "type": "string", + "allowedValues": [ + "GET", + "HEAD", + "NotSet" + ], + "nullable": true, + "metadata": { + "description": "Optional. The request type to probe." + } + }, + "probeIntervalInSeconds": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. The number of seconds between health probes.Default is 240sec." + } + } + }, + "metadata": { + "__bicep_imported_from!": { + "sourceTemplate": "origingroup/main.bicep" + } + } + }, + "_2.loadBalancingSettingsType": { + "type": "object", + "properties": { + "additionalLatencyInMilliseconds": { + "type": "int", + "metadata": { + "description": "Required. Additional latency in milliseconds for probes to the backend. Must be between 0 and 1000." + } + }, + "sampleSize": { + "type": "int", + "metadata": { + "description": "Required. Number of samples to consider for load balancing decisions." + } + }, + "successfulSamplesRequired": { + "type": "int", + "metadata": { + "description": "Required. Number of samples within the sample window that must be successful to mark the backend as healthy." + } + } + }, + "metadata": { + "__bicep_imported_from!": { + "sourceTemplate": "origingroup/main.bicep" + } + } + }, + "_3.originType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the origion." + } + }, + "hostName": { + "type": "string", + "metadata": { + "description": "Required. The address of the origin. Domain names, IPv4 addresses, and IPv6 addresses are supported.This should be unique across all origins in an endpoint." + } + }, + "enabledState": { + "type": "string", + "allowedValues": [ + "Disabled", + "Enabled" + ], + "nullable": true, + "metadata": { + "description": "Optional. Whether to enable health probes to be made against backends defined under backendPools. Health probes can only be disabled if there is a single enabled backend in single enabled backend pool." + } + }, + "enforceCertificateNameCheck": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Whether to enable certificate name check at origin level." + } + }, + "httpPort": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. The value of the HTTP port. Must be between 1 and 65535." + } + }, + "httpsPort": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. The value of the HTTPS port. Must be between 1 and 65535." + } + }, + "originHostHeader": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The host header value sent to the origin with each request. If you leave this blank, the request hostname determines this value. Azure Front Door origins, such as Web Apps, Blob Storage, and Cloud Services require this host header value to match the origin hostname by default. This overrides the host header defined at Endpoint." + } + }, + "priority": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. Priority of origin in given origin group for load balancing. Higher priorities will not be used for load balancing if any lower priority origin is healthy.Must be between 1 and 5." + } + }, + "weight": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. Weight of the origin in given origin group for load balancing. Must be between 1 and 1000." + } + }, + "sharedPrivateLinkResource": { + "type": "object", + "nullable": true, + "metadata": { + "description": "Optional. The properties of the private link resource for private origin." + } + } + }, + "metadata": { + "__bicep_imported_from!": { + "sourceTemplate": "origingroup/origin/main.bicep" + } + } + }, + "afdEndpointType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the AFD Endpoint." + } + }, + "routes": { + "type": "array", + "items": { + "$ref": "#/definitions/_1.routeType" + }, + "nullable": true, + "metadata": { + "description": "Optional. The list of routes for this AFD Endpoint." + } + }, + "tags": { + "type": "object", + "nullable": true, + "metadata": { + "description": "Optional. The tags for the AFD Endpoint." + } + }, + "autoGeneratedDomainNameLabelScope": { + "type": "string", + "allowedValues": [ + "NoReuse", + "ResourceGroupReuse", + "SubscriptionReuse", + "TenantReuse" + ], + "nullable": true, + "metadata": { + "description": "Optional. The scope of the auto-generated domain name label." + } + }, + "enabledState": { + "type": "string", + "allowedValues": [ + "Disabled", + "Enabled" + ], + "nullable": true, + "metadata": { + "description": "Optional. The state of the AFD Endpoint." + } + } + }, + "metadata": { + "__bicep_imported_from!": { + "sourceTemplate": "afdEndpoint/main.bicep" + } + } + }, "associationsType": { "type": "array", "items": { @@ -195,7 +580,290 @@ }, "metadata": { "__bicep_imported_from!": { - "sourceTemplate": "securityPolicies/main.bicep" + "sourceTemplate": "securityPolicies/main.bicep" + } + } + }, + "customDomainType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the custom domain." + } + }, + "hostName": { + "type": "string", + "metadata": { + "description": "Required. The host name of the custom domain." + } + }, + "certificateType": { + "type": "string", + "allowedValues": [ + "AzureFirstPartyManagedCertificate", + "CustomerCertificate", + "ManagedCertificate" + ], + "metadata": { + "description": "Required. The type of the certificate." + } + }, + "azureDnsZoneResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The resource ID of the Azure DNS zone." + } + }, + "preValidatedCustomDomainResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The resource ID of the pre-validated custom domain." + } + }, + "secretName": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name of the secret." + } + }, + "minimumTlsVersion": { + "type": "string", + "allowedValues": [ + "TLS10", + "TLS12" + ], + "nullable": true, + "metadata": { + "description": "Optional. The minimum TLS version." + } + }, + "extendedProperties": { + "type": "object", + "nullable": true, + "metadata": { + "description": "Optional. Extended properties." + } + } + }, + "metadata": { + "__bicep_imported_from!": { + "sourceTemplate": "customdomain/main.bicep" + } + } + }, + "originGroupType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the origin group." + } + }, + "loadBalancingSettings": { + "$ref": "#/definitions/_2.loadBalancingSettingsType", + "metadata": { + "description": "Required. Load balancing settings for a backend pool." + } + }, + "healthProbeSettings": { + "$ref": "#/definitions/_2.healthProbeSettingsType", + "nullable": true, + "metadata": { + "description": "Optional. Health probe settings to the origin that is used to determine the health of the origin." + } + }, + "sessionAffinityState": { + "type": "string", + "allowedValues": [ + "Disabled", + "Enabled" + ], + "nullable": true, + "metadata": { + "description": "Optional. Whether to allow session affinity on this host." + } + }, + "trafficRestorationTimeToHealedOrNewEndpointsInMinutes": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. Time in minutes to shift the traffic to the endpoint gradually when an unhealthy endpoint comes healthy or a new endpoint is added. Default is 10 mins." + } + }, + "origins": { + "type": "array", + "items": { + "$ref": "#/definitions/_3.originType" + }, + "metadata": { + "description": "Required. The list of origins within the origin group." + } + } + }, + "metadata": { + "__bicep_imported_from!": { + "sourceTemplate": "origingroup/main.bicep" + } + } + }, + "originType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the origion." + } + }, + "hostName": { + "type": "string", + "metadata": { + "description": "Required. The address of the origin. Domain names, IPv4 addresses, and IPv6 addresses are supported.This should be unique across all origins in an endpoint." + } + }, + "enabledState": { + "type": "string", + "allowedValues": [ + "Disabled", + "Enabled" + ], + "nullable": true, + "metadata": { + "description": "Optional. Whether to enable health probes to be made against backends defined under backendPools. Health probes can only be disabled if there is a single enabled backend in single enabled backend pool." + } + }, + "enforceCertificateNameCheck": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Whether to enable certificate name check at origin level." + } + }, + "httpPort": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. The value of the HTTP port. Must be between 1 and 65535." + } + }, + "httpsPort": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. The value of the HTTPS port. Must be between 1 and 65535." + } + }, + "originHostHeader": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The host header value sent to the origin with each request. If you leave this blank, the request hostname determines this value. Azure Front Door origins, such as Web Apps, Blob Storage, and Cloud Services require this host header value to match the origin hostname by default. This overrides the host header defined at Endpoint." + } + }, + "priority": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. Priority of origin in given origin group for load balancing. Higher priorities will not be used for load balancing if any lower priority origin is healthy.Must be between 1 and 5." + } + }, + "weight": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. Weight of the origin in given origin group for load balancing. Must be between 1 and 1000." + } + }, + "sharedPrivateLinkResource": { + "type": "object", + "nullable": true, + "metadata": { + "description": "Optional. The properties of the private link resource for private origin." + } + } + }, + "metadata": { + "__bicep_imported_from!": { + "sourceTemplate": "origingroup//origin/main.bicep" + } + } + }, + "ruleSetType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. Name of the rule set." + } + }, + "rules": { + "type": "array", + "items": { + "$ref": "#/definitions/ruleType" + }, + "nullable": true, + "metadata": { + "description": "Optional. Array of rules." + } + } + }, + "metadata": { + "__bicep_imported_from!": { + "sourceTemplate": "ruleset/main.bicep" + } + } + }, + "ruleType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the rule." + } + }, + "order": { + "type": "int", + "metadata": { + "description": "Required. The order in which the rules are applied for the endpoint." + } + }, + "actions": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. A list of actions that are executed when all the conditions of a rule are satisfied.." + } + }, + "conditions": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. A list of conditions that must be matched for the actions to be executed." + } + }, + "matchProcessingBehavior": { + "type": "string", + "allowedValues": [ + "Continue", + "Stop" + ], + "nullable": true, + "metadata": { + "description": "Optional. If this rule is a match should the rules engine continue running the remaining rules or stop. If not present, defaults to Continue." + } + } + }, + "metadata": { + "__bicep_imported_from!": { + "sourceTemplate": "ruleset/rule/main.bicep" } } } @@ -264,6 +932,9 @@ }, "customDomains": { "type": "array", + "items": { + "$ref": "#/definitions/customDomainType" + }, "defaultValue": [], "metadata": { "description": "Optional. Array of custom domain objects." @@ -271,6 +942,9 @@ }, "originGroups": { "type": "array", + "items": { + "$ref": "#/definitions/originGroupType" + }, "defaultValue": [], "metadata": { "description": "Conditional. Array of origin group objects. Required if the afdEndpoints is specified." @@ -278,6 +952,9 @@ }, "ruleSets": { "type": "array", + "items": { + "$ref": "#/definitions/ruleSetType" + }, "defaultValue": [], "metadata": { "description": "Optional. Array of rule set objects." @@ -285,6 +962,9 @@ }, "afdEndpoints": { "type": "array", + "items": { + "$ref": "#/definitions/afdEndpointType" + }, "defaultValue": [], "metadata": { "description": "Optional. Array of AFD endpoint objects." @@ -454,8 +1134,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "3460565146034921053" + "version": "0.31.34.60546", + "templateHash": "5709530270456479127" }, "name": "CDN Profiles Endpoints", "description": "This module deploys a CDN Profile Endpoint.", @@ -508,10 +1188,7 @@ "name": "[format('{0}/{1}', parameters('profileName'), parameters('name'))]", "location": "[parameters('location')]", "properties": "[parameters('properties')]", - "tags": "[parameters('tags')]", - "dependsOn": [ - "profile" - ] + "tags": "[parameters('tags')]" }, "endpoint_origins": { "copy": { @@ -574,8 +1251,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "4151069688274070352" + "version": "0.31.34.60546", + "templateHash": "12416203553821456162" }, "name": "CDN Profiles Endpoints Origins", "description": "This module deploys a CDN Profile Endpoint Origin.", @@ -682,19 +1359,13 @@ "existing": true, "type": "Microsoft.Cdn/profiles/endpoints", "apiVersion": "2021-06-01", - "name": "[format('{0}/{1}', parameters('profileName'), parameters('endpointName'))]", - "dependsOn": [ - "profile" - ] + "name": "[format('{0}/{1}', parameters('profileName'), parameters('endpointName'))]" }, "origin": { "type": "Microsoft.Cdn/profiles/endpoints/origins", "apiVersion": "2021-06-01", "name": "[format('{0}/{1}/{2}', parameters('profileName'), parameters('endpointName'), parameters('name'))]", - "properties": "[union(createObject('hostName', parameters('hostName'), 'httpPort', parameters('httpPort'), 'enabled', parameters('enabled'), 'httpsPort', parameters('httpsPort')), if(or(greater(parameters('priority'), 0), greater(parameters('weight'), 0)), createObject('priority', parameters('priority'), 'weight', parameters('weight')), createObject()), if(and(not(empty(parameters('privateLinkAlias'))), not(empty(parameters('privateLinkLocation')))), createObject('privateLinkAlias', parameters('privateLinkAlias'), 'privateLinkLocation', parameters('privateLinkLocation')), createObject()), if(not(empty(parameters('privateLinkResourceId'))), createObject('privateLinkResourceId', parameters('privateLinkResourceId')), createObject()), if(not(empty(parameters('originHostHeader'))), createObject('originHostHeader', parameters('originHostHeader')), createObject()))]", - "dependsOn": [ - "endpoint" - ] + "properties": "[union(createObject('hostName', parameters('hostName'), 'httpPort', parameters('httpPort'), 'enabled', parameters('enabled'), 'httpsPort', parameters('httpsPort')), if(or(greater(parameters('priority'), 0), greater(parameters('weight'), 0)), createObject('priority', parameters('priority'), 'weight', parameters('weight')), createObject()), if(and(not(empty(parameters('privateLinkAlias'))), not(empty(parameters('privateLinkLocation')))), createObject('privateLinkAlias', parameters('privateLinkAlias'), 'privateLinkLocation', parameters('privateLinkLocation')), createObject()), if(not(empty(parameters('privateLinkResourceId'))), createObject('privateLinkResourceId', parameters('privateLinkResourceId')), createObject()), if(not(empty(parameters('originHostHeader'))), createObject('originHostHeader', parameters('originHostHeader')), createObject()))]" } }, "outputs": { @@ -730,8 +1401,7 @@ } }, "dependsOn": [ - "endpoint", - "profile" + "endpoint" ] } }, @@ -827,8 +1497,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "9127977884501208410" + "version": "0.31.34.60546", + "templateHash": "135211401759640973" }, "name": "CDN Profiles Secret", "description": "This module deploys a CDN Profile Secret.", @@ -972,17 +1642,90 @@ }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "16955838730426729961" + "version": "0.31.34.60546", + "templateHash": "10387694873442665915" }, "name": "CDN Profiles Custom Domains", "description": "This module deploys a CDN Profile Custom Domains.", "owner": "Azure/module-maintainers" }, + "definitions": { + "customDomainType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the custom domain." + } + }, + "hostName": { + "type": "string", + "metadata": { + "description": "Required. The host name of the custom domain." + } + }, + "certificateType": { + "type": "string", + "allowedValues": [ + "AzureFirstPartyManagedCertificate", + "CustomerCertificate", + "ManagedCertificate" + ], + "metadata": { + "description": "Required. The type of the certificate." + } + }, + "azureDnsZoneResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The resource ID of the Azure DNS zone." + } + }, + "preValidatedCustomDomainResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The resource ID of the pre-validated custom domain." + } + }, + "secretName": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name of the secret." + } + }, + "minimumTlsVersion": { + "type": "string", + "allowedValues": [ + "TLS10", + "TLS12" + ], + "nullable": true, + "metadata": { + "description": "Optional. The minimum TLS version." + } + }, + "extendedProperties": { + "type": "object", + "nullable": true, + "metadata": { + "description": "Optional. Extended properties." + } + } + }, + "metadata": { + "__bicep_export!": true + } + } + }, "parameters": { "name": { "type": "string", @@ -1026,6 +1769,7 @@ "certificateType": { "type": "string", "allowedValues": [ + "AzureFirstPartyManagedCertificate", "CustomerCertificate", "ManagedCertificate" ], @@ -1052,8 +1796,21 @@ } } }, - "resources": [ - { + "resources": { + "profile::secrect": { + "condition": "[not(empty(parameters('secretName')))]", + "existing": true, + "type": "Microsoft.Cdn/profiles/secrets", + "apiVersion": "2023-05-01", + "name": "[format('{0}/{1}', parameters('profileName'), parameters('secretName'))]" + }, + "profile": { + "existing": true, + "type": "Microsoft.Cdn/profiles", + "apiVersion": "2023-05-01", + "name": "[parameters('profileName')]" + }, + "customDomain": { "type": "Microsoft.Cdn/profiles/customDomains", "apiVersion": "2023-05-01", "name": "[format('{0}/{1}', parameters('profileName'), parameters('name'))]", @@ -1069,7 +1826,7 @@ } } } - ], + }, "outputs": { "name": { "type": "string", @@ -1143,13 +1900,223 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "16948516107556143812" + "version": "0.31.34.60546", + "templateHash": "15886213526918072525" }, "name": "CDN Profiles Origin Group", "description": "This module deploys a CDN Profile Origin Group.", "owner": "Azure/module-maintainers" }, + "definitions": { + "originGroupType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the origin group." + } + }, + "loadBalancingSettings": { + "$ref": "#/definitions/loadBalancingSettingsType", + "metadata": { + "description": "Required. Load balancing settings for a backend pool." + } + }, + "healthProbeSettings": { + "$ref": "#/definitions/healthProbeSettingsType", + "nullable": true, + "metadata": { + "description": "Optional. Health probe settings to the origin that is used to determine the health of the origin." + } + }, + "sessionAffinityState": { + "type": "string", + "allowedValues": [ + "Disabled", + "Enabled" + ], + "nullable": true, + "metadata": { + "description": "Optional. Whether to allow session affinity on this host." + } + }, + "trafficRestorationTimeToHealedOrNewEndpointsInMinutes": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. Time in minutes to shift the traffic to the endpoint gradually when an unhealthy endpoint comes healthy or a new endpoint is added. Default is 10 mins." + } + }, + "origins": { + "type": "array", + "items": { + "$ref": "#/definitions/originType" + }, + "metadata": { + "description": "Required. The list of origins within the origin group." + } + } + }, + "metadata": { + "__bicep_export!": true + } + }, + "loadBalancingSettingsType": { + "type": "object", + "properties": { + "additionalLatencyInMilliseconds": { + "type": "int", + "metadata": { + "description": "Required. Additional latency in milliseconds for probes to the backend. Must be between 0 and 1000." + } + }, + "sampleSize": { + "type": "int", + "metadata": { + "description": "Required. Number of samples to consider for load balancing decisions." + } + }, + "successfulSamplesRequired": { + "type": "int", + "metadata": { + "description": "Required. Number of samples within the sample window that must be successful to mark the backend as healthy." + } + } + }, + "metadata": { + "__bicep_export!": true + } + }, + "healthProbeSettingsType": { + "type": "object", + "properties": { + "probePath": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The path relative to the origin that is used to determine the health of the origin." + } + }, + "probeProtocol": { + "type": "string", + "allowedValues": [ + "Http", + "Https", + "NotSet" + ], + "nullable": true, + "metadata": { + "description": "Optional. Protocol to use for health probe." + } + }, + "probeRequestType": { + "type": "string", + "allowedValues": [ + "GET", + "HEAD", + "NotSet" + ], + "nullable": true, + "metadata": { + "description": "Optional. The request type to probe." + } + }, + "probeIntervalInSeconds": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. The number of seconds between health probes.Default is 240sec." + } + } + }, + "metadata": { + "__bicep_export!": true + } + }, + "originType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the origion." + } + }, + "hostName": { + "type": "string", + "metadata": { + "description": "Required. The address of the origin. Domain names, IPv4 addresses, and IPv6 addresses are supported.This should be unique across all origins in an endpoint." + } + }, + "enabledState": { + "type": "string", + "allowedValues": [ + "Disabled", + "Enabled" + ], + "nullable": true, + "metadata": { + "description": "Optional. Whether to enable health probes to be made against backends defined under backendPools. Health probes can only be disabled if there is a single enabled backend in single enabled backend pool." + } + }, + "enforceCertificateNameCheck": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Whether to enable certificate name check at origin level." + } + }, + "httpPort": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. The value of the HTTP port. Must be between 1 and 65535." + } + }, + "httpsPort": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. The value of the HTTPS port. Must be between 1 and 65535." + } + }, + "originHostHeader": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The host header value sent to the origin with each request. If you leave this blank, the request hostname determines this value. Azure Front Door origins, such as Web Apps, Blob Storage, and Cloud Services require this host header value to match the origin hostname by default. This overrides the host header defined at Endpoint." + } + }, + "priority": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. Priority of origin in given origin group for load balancing. Higher priorities will not be used for load balancing if any lower priority origin is healthy.Must be between 1 and 5." + } + }, + "weight": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. Weight of the origin in given origin group for load balancing. Must be between 1 and 1000." + } + }, + "sharedPrivateLinkResource": { + "type": "object", + "nullable": true, + "metadata": { + "description": "Optional. The properties of the private link resource for private origin." + } + } + }, + "metadata": { + "__bicep_imported_from!": { + "sourceTemplate": "origin/main.bicep" + } + } + } + }, "parameters": { "name": { "type": "string", @@ -1217,10 +2184,7 @@ "loadBalancingSettings": "[parameters('loadBalancingSettings')]", "sessionAffinityState": "[parameters('sessionAffinityState')]", "trafficRestorationTimeToHealedOrNewEndpointsInMinutes": "[parameters('trafficRestorationTimeToHealedOrNewEndpointsInMinutes')]" - }, - "dependsOn": [ - "profile" - ] + } }, "originGroup_origins": { "copy": { @@ -1280,13 +2244,95 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "4669077701065465911" + "version": "0.31.34.60546", + "templateHash": "3615112055594041997" }, "name": "CDN Profiles Origin", "description": "This module deploys a CDN Profile Origin.", "owner": "Azure/module-maintainers" }, + "definitions": { + "originType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the origion." + } + }, + "hostName": { + "type": "string", + "metadata": { + "description": "Required. The address of the origin. Domain names, IPv4 addresses, and IPv6 addresses are supported.This should be unique across all origins in an endpoint." + } + }, + "enabledState": { + "type": "string", + "allowedValues": [ + "Disabled", + "Enabled" + ], + "nullable": true, + "metadata": { + "description": "Optional. Whether to enable health probes to be made against backends defined under backendPools. Health probes can only be disabled if there is a single enabled backend in single enabled backend pool." + } + }, + "enforceCertificateNameCheck": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Whether to enable certificate name check at origin level." + } + }, + "httpPort": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. The value of the HTTP port. Must be between 1 and 65535." + } + }, + "httpsPort": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. The value of the HTTPS port. Must be between 1 and 65535." + } + }, + "originHostHeader": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The host header value sent to the origin with each request. If you leave this blank, the request hostname determines this value. Azure Front Door origins, such as Web Apps, Blob Storage, and Cloud Services require this host header value to match the origin hostname by default. This overrides the host header defined at Endpoint." + } + }, + "priority": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. Priority of origin in given origin group for load balancing. Higher priorities will not be used for load balancing if any lower priority origin is healthy.Must be between 1 and 5." + } + }, + "weight": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. Weight of the origin in given origin group for load balancing. Must be between 1 and 1000." + } + }, + "sharedPrivateLinkResource": { + "type": "object", + "nullable": true, + "metadata": { + "description": "Optional. The properties of the private link resource for private origin." + } + } + }, + "metadata": { + "__bicep_export!": true + } + } + }, "parameters": { "name": { "type": "string", @@ -1378,10 +2424,7 @@ "existing": true, "type": "Microsoft.Cdn/profiles/originGroups", "apiVersion": "2023-05-01", - "name": "[format('{0}/{1}', parameters('profileName'), parameters('originGroupName'))]", - "dependsOn": [ - "profile" - ] + "name": "[format('{0}/{1}', parameters('profileName'), parameters('originGroupName'))]" }, "profile": { "existing": true, @@ -1403,10 +2446,7 @@ "priority": "[parameters('priority')]", "sharedPrivateLinkResource": "[parameters('sharedPrivateLinkResource')]", "weight": "[parameters('weight')]" - }, - "dependsOn": [ - "profile::originGroup" - ] + } } }, "outputs": { @@ -1506,12 +2546,85 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "11520922481694023973" + "version": "0.31.34.60546", + "templateHash": "4753233857701337613" + }, + "name": "CDN Profiles Rule Sets", + "description": "This module deploys a CDN Profile rule set.", + "owner": "Azure/module-maintainers" + }, + "definitions": { + "ruleSetType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. Name of the rule set." + } + }, + "rules": { + "type": "array", + "items": { + "$ref": "#/definitions/ruleType" + }, + "nullable": true, + "metadata": { + "description": "Optional. Array of rules." + } + } + }, + "metadata": { + "__bicep_export!": true + } }, - "name": "CDN Profiles Rule Sets", - "description": "This module deploys a CDN Profile rule set.", - "owner": "Azure/module-maintainers" + "ruleType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the rule." + } + }, + "order": { + "type": "int", + "metadata": { + "description": "Required. The order in which the rules are applied for the endpoint." + } + }, + "actions": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. A list of actions that are executed when all the conditions of a rule are satisfied.." + } + }, + "conditions": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. A list of conditions that must be matched for the actions to be executed." + } + }, + "matchProcessingBehavior": { + "type": "string", + "allowedValues": [ + "Continue", + "Stop" + ], + "nullable": true, + "metadata": { + "description": "Optional. If this rule is a match should the rules engine continue running the remaining rules or stop. If not present, defaults to Continue." + } + } + }, + "metadata": { + "__bicep_imported_from!": { + "sourceTemplate": "rule/main.bicep" + } + } + } }, "parameters": { "name": { @@ -1528,6 +2641,9 @@ }, "rules": { "type": "array", + "items": { + "$ref": "#/definitions/ruleType" + }, "nullable": true, "metadata": { "description": "Optinal. The rules to apply to the rule set." @@ -1544,10 +2660,7 @@ "ruleSet": { "type": "Microsoft.Cdn/profiles/ruleSets", "apiVersion": "2023-05-01", - "name": "[format('{0}/{1}', parameters('profileName'), parameters('name'))]", - "dependsOn": [ - "profile" - ] + "name": "[format('{0}/{1}', parameters('profileName'), parameters('name'))]" }, "ruleSet_rules": { "copy": { @@ -1592,13 +2705,60 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "8818585542646204223" + "version": "0.31.34.60546", + "templateHash": "11756620080021514486" }, "name": "CDN Profiles Rules", "description": "This module deploys a CDN Profile rule.", "owner": "Azure/module-maintainers" }, + "definitions": { + "ruleType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the rule." + } + }, + "order": { + "type": "int", + "metadata": { + "description": "Required. The order in which the rules are applied for the endpoint." + } + }, + "actions": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. A list of actions that are executed when all the conditions of a rule are satisfied.." + } + }, + "conditions": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. A list of conditions that must be matched for the actions to be executed." + } + }, + "matchProcessingBehavior": { + "type": "string", + "allowedValues": [ + "Continue", + "Stop" + ], + "nullable": true, + "metadata": { + "description": "Optional. If this rule is a match should the rules engine continue running the remaining rules or stop. If not present, defaults to Continue." + } + } + }, + "metadata": { + "__bicep_export!": true + } + } + }, "parameters": { "name": { "type": "string", @@ -1655,10 +2815,7 @@ "existing": true, "type": "Microsoft.Cdn/profiles/ruleSets", "apiVersion": "2023-05-01", - "name": "[format('{0}/{1}', parameters('profileName'), parameters('ruleSetName'))]", - "dependsOn": [ - "profile" - ] + "name": "[format('{0}/{1}', parameters('profileName'), parameters('ruleSetName'))]" }, "profile": { "existing": true, @@ -1675,10 +2832,7 @@ "actions": "[parameters('actions')]", "conditions": "[parameters('conditions')]", "matchProcessingBehavior": "[parameters('matchProcessingBehavior')]" - }, - "dependsOn": [ - "profile::ruleSet" - ] + } } }, "outputs": { @@ -1780,13 +2934,237 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "792735746278824384" + "version": "0.31.34.60546", + "templateHash": "16899001110062450573" }, "name": "CDN Profiles AFD Endpoints", "description": "This module deploys a CDN Profile AFD Endpoint.", "owner": "Azure/module-maintainers" }, + "definitions": { + "afdEndpointType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the AFD Endpoint." + } + }, + "routes": { + "type": "array", + "items": { + "$ref": "#/definitions/routeType" + }, + "nullable": true, + "metadata": { + "description": "Optional. The list of routes for this AFD Endpoint." + } + }, + "tags": { + "type": "object", + "nullable": true, + "metadata": { + "description": "Optional. The tags for the AFD Endpoint." + } + }, + "autoGeneratedDomainNameLabelScope": { + "type": "string", + "allowedValues": [ + "NoReuse", + "ResourceGroupReuse", + "SubscriptionReuse", + "TenantReuse" + ], + "nullable": true, + "metadata": { + "description": "Optional. The scope of the auto-generated domain name label." + } + }, + "enabledState": { + "type": "string", + "allowedValues": [ + "Disabled", + "Enabled" + ], + "nullable": true, + "metadata": { + "description": "Optional. The state of the AFD Endpoint." + } + } + }, + "metadata": { + "__bicep_export!": true + } + }, + "_1.afdRoutecacheConfigurationType": { + "type": "object", + "properties": { + "compressionSettings": { + "type": "object", + "properties": { + "contentTypesToCompress": { + "type": "array", + "items": { + "type": "string" + }, + "metadata": { + "description": "Required. List of content types on which compression applies. The value should be a valid MIME type." + } + }, + "iscontentTypeToCompressAll": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Indicates whether content compression is enabled on AzureFrontDoor. Default value is false. If compression is enabled, content will be served as compressed if user requests for a compressed version. Content won't be compressed on AzureFrontDoor when requested content is smaller than 1 byte or larger than 1 MB." + } + } + }, + "metadata": { + "description": "Required. Compression settings." + } + }, + "queryParameters": { + "type": "string", + "metadata": { + "description": "Required. Query parameters to include or exclude (comma separated)." + } + }, + "queryStringCachingBehavior": { + "type": "string", + "allowedValues": [ + "IgnoreQueryString", + "IgnoreSpecifiedQueryStrings", + "IncludeSpecifiedQueryStrings", + "UseQueryString" + ], + "metadata": { + "description": "Required. Defines how Frontdoor caches requests that include query strings." + } + } + }, + "metadata": { + "__bicep_imported_from!": { + "sourceTemplate": "route/main.bicep" + } + } + }, + "routeType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the route." + } + }, + "cacheConfiguration": { + "$ref": "#/definitions/_1.afdRoutecacheConfigurationType", + "nullable": true, + "metadata": { + "description": "Optional. The caching configuration for this route. To disable caching, do not provide a cacheConfiguration object." + } + }, + "customDomainNames": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true, + "metadata": { + "description": "Optional. The names of the custom domains." + } + }, + "enabledState": { + "type": "string", + "allowedValues": [ + "Disabled", + "Enabled" + ], + "nullable": true, + "metadata": { + "description": "Optional. Whether to enable use of this rule." + } + }, + "forwardingProtocol": { + "type": "string", + "allowedValues": [ + "HttpOnly", + "HttpsOnly", + "MatchRequest" + ], + "nullable": true, + "metadata": { + "description": "Optional. The protocol this rule will use when forwarding traffic to backends." + } + }, + "httpsRedirect": { + "type": "string", + "allowedValues": [ + "Disabled", + "Enabled" + ], + "nullable": true, + "metadata": { + "description": "Optional. Whether to automatically redirect HTTP traffic to HTTPS traffic." + } + }, + "linkToDefaultDomain": { + "type": "string", + "allowedValues": [ + "Disabled", + "Enabled" + ], + "nullable": true, + "metadata": { + "description": "Optional. Whether this route will be linked to the default endpoint domain." + } + }, + "originGroupName": { + "type": "string", + "metadata": { + "description": "Required. The name of the origin group." + } + }, + "originPath": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. A directory path on the origin that AzureFrontDoor can use to retrieve content from, e.g. contoso.cloudapp.net/originpath." + } + }, + "patternsToMatch": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. The route patterns of the rule." + } + }, + "ruleSets": { + "type": "array", + "items": { + "type": "object" + }, + "nullable": true, + "metadata": { + "description": "Optional. The rule sets of the rule." + } + }, + "supportedProtocols": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. The supported protocols of the rule." + } + } + }, + "metadata": { + "__bicep_imported_from!": { + "sourceTemplate": "route/main.bicep" + } + } + } + }, "parameters": { "name": { "type": "string", @@ -1840,6 +3218,9 @@ }, "routes": { "type": "array", + "items": { + "$ref": "#/definitions/routeType" + }, "nullable": true, "metadata": { "description": "Optional. The list of routes for this AFD Endpoint." @@ -1862,10 +3243,7 @@ "properties": { "autoGeneratedDomainNameLabelScope": "[parameters('autoGeneratedDomainNameLabelScope')]", "enabledState": "[parameters('enabledState')]" - }, - "dependsOn": [ - "profile" - ] + } }, "afdEndpoint_routes": { "copy": { @@ -1931,13 +3309,175 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "1034122698174669197" + "version": "0.31.34.60546", + "templateHash": "15873678240851060540" }, "name": "CDN Profiles AFD Endpoint Route", "description": "This module deploys a CDN Profile AFD Endpoint route.", "owner": "Azure/module-maintainers" }, + "definitions": { + "routeType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the route." + } + }, + "cacheConfiguration": { + "$ref": "#/definitions/afdRoutecacheConfigurationType", + "nullable": true, + "metadata": { + "description": "Optional. The caching configuration for this route. To disable caching, do not provide a cacheConfiguration object." + } + }, + "customDomainNames": { + "type": "array", + "items": { + "type": "string" + }, + "nullable": true, + "metadata": { + "description": "Optional. The names of the custom domains." + } + }, + "enabledState": { + "type": "string", + "allowedValues": [ + "Disabled", + "Enabled" + ], + "nullable": true, + "metadata": { + "description": "Optional. Whether to enable use of this rule." + } + }, + "forwardingProtocol": { + "type": "string", + "allowedValues": [ + "HttpOnly", + "HttpsOnly", + "MatchRequest" + ], + "nullable": true, + "metadata": { + "description": "Optional. The protocol this rule will use when forwarding traffic to backends." + } + }, + "httpsRedirect": { + "type": "string", + "allowedValues": [ + "Disabled", + "Enabled" + ], + "nullable": true, + "metadata": { + "description": "Optional. Whether to automatically redirect HTTP traffic to HTTPS traffic." + } + }, + "linkToDefaultDomain": { + "type": "string", + "allowedValues": [ + "Disabled", + "Enabled" + ], + "nullable": true, + "metadata": { + "description": "Optional. Whether this route will be linked to the default endpoint domain." + } + }, + "originGroupName": { + "type": "string", + "metadata": { + "description": "Required. The name of the origin group." + } + }, + "originPath": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. A directory path on the origin that AzureFrontDoor can use to retrieve content from, e.g. contoso.cloudapp.net/originpath." + } + }, + "patternsToMatch": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. The route patterns of the rule." + } + }, + "ruleSets": { + "type": "array", + "items": { + "type": "object" + }, + "nullable": true, + "metadata": { + "description": "Optional. The rule sets of the rule." + } + }, + "supportedProtocols": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. The supported protocols of the rule." + } + } + }, + "metadata": { + "__bicep_export!": true + } + }, + "afdRoutecacheConfigurationType": { + "type": "object", + "properties": { + "compressionSettings": { + "type": "object", + "properties": { + "contentTypesToCompress": { + "type": "array", + "items": { + "type": "string" + }, + "metadata": { + "description": "Required. List of content types on which compression applies. The value should be a valid MIME type." + } + }, + "iscontentTypeToCompressAll": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Indicates whether content compression is enabled on AzureFrontDoor. Default value is false. If compression is enabled, content will be served as compressed if user requests for a compressed version. Content won't be compressed on AzureFrontDoor when requested content is smaller than 1 byte or larger than 1 MB." + } + } + }, + "metadata": { + "description": "Required. Compression settings." + } + }, + "queryParameters": { + "type": "string", + "metadata": { + "description": "Required. Query parameters to include or exclude (comma separated)." + } + }, + "queryStringCachingBehavior": { + "type": "string", + "allowedValues": [ + "IgnoreQueryString", + "IgnoreSpecifiedQueryStrings", + "IncludeSpecifiedQueryStrings", + "UseQueryString" + ], + "metadata": { + "description": "Required. Defines how Frontdoor caches requests that include query strings." + } + } + } + } + }, "parameters": { "name": { "type": "string", @@ -2063,10 +3603,7 @@ "existing": true, "type": "Microsoft.Cdn/profiles/afdEndpoints", "apiVersion": "2023-05-01", - "name": "[format('{0}/{1}', parameters('profileName'), parameters('afdEndpointName'))]", - "dependsOn": [ - "profile" - ] + "name": "[format('{0}/{1}', parameters('profileName'), parameters('afdEndpointName'))]" }, "profile::customDomains": { "copy": { @@ -2076,19 +3613,13 @@ "existing": true, "type": "Microsoft.Cdn/profiles/customDomains", "apiVersion": "2023-05-01", - "name": "[format('{0}/{1}', parameters('profileName'), coalesce(parameters('customDomainNames'), createArray())[copyIndex()])]", - "dependsOn": [ - "profile" - ] + "name": "[format('{0}/{1}', parameters('profileName'), coalesce(parameters('customDomainNames'), createArray())[copyIndex()])]" }, "profile::originGroup": { "existing": true, "type": "Microsoft.Cdn/profiles/originGroups", "apiVersion": "2023-05-01", - "name": "[format('{0}/{1}', parameters('profileName'), parameters('originGroupName'))]", - "dependsOn": [ - "profile" - ] + "name": "[format('{0}/{1}', parameters('profileName'), parameters('originGroupName'))]" }, "profile::ruleSet": { "copy": { @@ -2098,10 +3629,7 @@ "existing": true, "type": "Microsoft.Cdn/profiles/ruleSets", "apiVersion": "2023-05-01", - "name": "[format('{0}/{1}', parameters('profileName'), parameters('ruleSets')[copyIndex()].name)]", - "dependsOn": [ - "profile" - ] + "name": "[format('{0}/{1}', parameters('profileName'), parameters('ruleSets')[copyIndex()].name)]" }, "profile": { "existing": true, @@ -2141,10 +3669,7 @@ "originPath": "[parameters('originPath')]", "patternsToMatch": "[parameters('patternsToMatch')]", "supportedProtocols": "[parameters('supportedProtocols')]" - }, - "dependsOn": [ - "profile::afdEndpoint" - ] + } } }, "outputs": { @@ -2173,8 +3698,7 @@ } }, "dependsOn": [ - "afdEndpoint", - "profile" + "afdEndpoint" ] } }, @@ -2258,8 +3782,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "11561080659040848436" + "version": "0.31.34.60546", + "templateHash": "3914917842985483427" }, "name": "CDN Profiles Security Policy", "description": "This module deploys a CDN Profile Security Policy.", @@ -2349,10 +3873,7 @@ }, "associations": "[parameters('associations')]" } - }, - "dependsOn": [ - "profile" - ] + } } }, "outputs": { diff --git a/avm/res/cdn/profile/origingroup/main.bicep b/avm/res/cdn/profile/origingroup/main.bicep index 258f75686f..f404a050eb 100644 --- a/avm/res/cdn/profile/origingroup/main.bicep +++ b/avm/res/cdn/profile/origingroup/main.bicep @@ -73,3 +73,56 @@ output resourceGroupName string = resourceGroup().name @description('The location the resource was deployed into.') output location string = profile.location + +// =============== // +// Definitions // +// =============== // + +import { originType } from './origin/main.bicep' +@export() +type originGroupType = { + @description('Required. The name of the origin group.') + name: string + + @description('Required. Load balancing settings for a backend pool.') + loadBalancingSettings: loadBalancingSettingsType + + @description('Optional. Health probe settings to the origin that is used to determine the health of the origin.') + healthProbeSettings: healthProbeSettingsType? + + @description('Optional. Whether to allow session affinity on this host.') + sessionAffinityState: 'Enabled' | 'Disabled' | null + + @description('Optional. Time in minutes to shift the traffic to the endpoint gradually when an unhealthy endpoint comes healthy or a new endpoint is added. Default is 10 mins.') + trafficRestorationTimeToHealedOrNewEndpointsInMinutes: int? + + @description('Required. The list of origins within the origin group.') + origins: originType[] +} + +@export() +type loadBalancingSettingsType = { + @description('Required. Additional latency in milliseconds for probes to the backend. Must be between 0 and 1000.') + additionalLatencyInMilliseconds: int + + @description('Required. Number of samples to consider for load balancing decisions.') + sampleSize: int + + @description('Required. Number of samples within the sample window that must be successful to mark the backend as healthy.') + successfulSamplesRequired: int +} + +@export() +type healthProbeSettingsType = { + @description('Optional. The path relative to the origin that is used to determine the health of the origin.') + probePath: string? + + @description('Optional. Protocol to use for health probe.') + probeProtocol: 'Http' | 'Https' | 'NotSet' | null + + @description('Optional. The request type to probe.') + probeRequestType: 'GET' | 'HEAD' | 'NotSet' | null + + @description('Optional. The number of seconds between health probes.Default is 240sec.') + probeIntervalInSeconds: int? +} diff --git a/avm/res/cdn/profile/origingroup/main.json b/avm/res/cdn/profile/origingroup/main.json index af9a692a27..7dd74caff6 100644 --- a/avm/res/cdn/profile/origingroup/main.json +++ b/avm/res/cdn/profile/origingroup/main.json @@ -5,13 +5,223 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "16948516107556143812" + "version": "0.31.34.60546", + "templateHash": "15886213526918072525" }, "name": "CDN Profiles Origin Group", "description": "This module deploys a CDN Profile Origin Group.", "owner": "Azure/module-maintainers" }, + "definitions": { + "originGroupType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the origin group." + } + }, + "loadBalancingSettings": { + "$ref": "#/definitions/loadBalancingSettingsType", + "metadata": { + "description": "Required. Load balancing settings for a backend pool." + } + }, + "healthProbeSettings": { + "$ref": "#/definitions/healthProbeSettingsType", + "nullable": true, + "metadata": { + "description": "Optional. Health probe settings to the origin that is used to determine the health of the origin." + } + }, + "sessionAffinityState": { + "type": "string", + "allowedValues": [ + "Disabled", + "Enabled" + ], + "nullable": true, + "metadata": { + "description": "Optional. Whether to allow session affinity on this host." + } + }, + "trafficRestorationTimeToHealedOrNewEndpointsInMinutes": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. Time in minutes to shift the traffic to the endpoint gradually when an unhealthy endpoint comes healthy or a new endpoint is added. Default is 10 mins." + } + }, + "origins": { + "type": "array", + "items": { + "$ref": "#/definitions/originType" + }, + "metadata": { + "description": "Required. The list of origins within the origin group." + } + } + }, + "metadata": { + "__bicep_export!": true + } + }, + "loadBalancingSettingsType": { + "type": "object", + "properties": { + "additionalLatencyInMilliseconds": { + "type": "int", + "metadata": { + "description": "Required. Additional latency in milliseconds for probes to the backend. Must be between 0 and 1000." + } + }, + "sampleSize": { + "type": "int", + "metadata": { + "description": "Required. Number of samples to consider for load balancing decisions." + } + }, + "successfulSamplesRequired": { + "type": "int", + "metadata": { + "description": "Required. Number of samples within the sample window that must be successful to mark the backend as healthy." + } + } + }, + "metadata": { + "__bicep_export!": true + } + }, + "healthProbeSettingsType": { + "type": "object", + "properties": { + "probePath": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The path relative to the origin that is used to determine the health of the origin." + } + }, + "probeProtocol": { + "type": "string", + "allowedValues": [ + "Http", + "Https", + "NotSet" + ], + "nullable": true, + "metadata": { + "description": "Optional. Protocol to use for health probe." + } + }, + "probeRequestType": { + "type": "string", + "allowedValues": [ + "GET", + "HEAD", + "NotSet" + ], + "nullable": true, + "metadata": { + "description": "Optional. The request type to probe." + } + }, + "probeIntervalInSeconds": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. The number of seconds between health probes.Default is 240sec." + } + } + }, + "metadata": { + "__bicep_export!": true + } + }, + "originType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the origion." + } + }, + "hostName": { + "type": "string", + "metadata": { + "description": "Required. The address of the origin. Domain names, IPv4 addresses, and IPv6 addresses are supported.This should be unique across all origins in an endpoint." + } + }, + "enabledState": { + "type": "string", + "allowedValues": [ + "Disabled", + "Enabled" + ], + "nullable": true, + "metadata": { + "description": "Optional. Whether to enable health probes to be made against backends defined under backendPools. Health probes can only be disabled if there is a single enabled backend in single enabled backend pool." + } + }, + "enforceCertificateNameCheck": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Whether to enable certificate name check at origin level." + } + }, + "httpPort": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. The value of the HTTP port. Must be between 1 and 65535." + } + }, + "httpsPort": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. The value of the HTTPS port. Must be between 1 and 65535." + } + }, + "originHostHeader": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The host header value sent to the origin with each request. If you leave this blank, the request hostname determines this value. Azure Front Door origins, such as Web Apps, Blob Storage, and Cloud Services require this host header value to match the origin hostname by default. This overrides the host header defined at Endpoint." + } + }, + "priority": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. Priority of origin in given origin group for load balancing. Higher priorities will not be used for load balancing if any lower priority origin is healthy.Must be between 1 and 5." + } + }, + "weight": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. Weight of the origin in given origin group for load balancing. Must be between 1 and 1000." + } + }, + "sharedPrivateLinkResource": { + "type": "object", + "nullable": true, + "metadata": { + "description": "Optional. The properties of the private link resource for private origin." + } + } + }, + "metadata": { + "__bicep_imported_from!": { + "sourceTemplate": "origin/main.bicep" + } + } + } + }, "parameters": { "name": { "type": "string", @@ -79,10 +289,7 @@ "loadBalancingSettings": "[parameters('loadBalancingSettings')]", "sessionAffinityState": "[parameters('sessionAffinityState')]", "trafficRestorationTimeToHealedOrNewEndpointsInMinutes": "[parameters('trafficRestorationTimeToHealedOrNewEndpointsInMinutes')]" - }, - "dependsOn": [ - "profile" - ] + } }, "originGroup_origins": { "copy": { @@ -142,13 +349,95 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "4669077701065465911" + "version": "0.31.34.60546", + "templateHash": "3615112055594041997" }, "name": "CDN Profiles Origin", "description": "This module deploys a CDN Profile Origin.", "owner": "Azure/module-maintainers" }, + "definitions": { + "originType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the origion." + } + }, + "hostName": { + "type": "string", + "metadata": { + "description": "Required. The address of the origin. Domain names, IPv4 addresses, and IPv6 addresses are supported.This should be unique across all origins in an endpoint." + } + }, + "enabledState": { + "type": "string", + "allowedValues": [ + "Disabled", + "Enabled" + ], + "nullable": true, + "metadata": { + "description": "Optional. Whether to enable health probes to be made against backends defined under backendPools. Health probes can only be disabled if there is a single enabled backend in single enabled backend pool." + } + }, + "enforceCertificateNameCheck": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Whether to enable certificate name check at origin level." + } + }, + "httpPort": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. The value of the HTTP port. Must be between 1 and 65535." + } + }, + "httpsPort": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. The value of the HTTPS port. Must be between 1 and 65535." + } + }, + "originHostHeader": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The host header value sent to the origin with each request. If you leave this blank, the request hostname determines this value. Azure Front Door origins, such as Web Apps, Blob Storage, and Cloud Services require this host header value to match the origin hostname by default. This overrides the host header defined at Endpoint." + } + }, + "priority": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. Priority of origin in given origin group for load balancing. Higher priorities will not be used for load balancing if any lower priority origin is healthy.Must be between 1 and 5." + } + }, + "weight": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. Weight of the origin in given origin group for load balancing. Must be between 1 and 1000." + } + }, + "sharedPrivateLinkResource": { + "type": "object", + "nullable": true, + "metadata": { + "description": "Optional. The properties of the private link resource for private origin." + } + } + }, + "metadata": { + "__bicep_export!": true + } + } + }, "parameters": { "name": { "type": "string", @@ -240,10 +529,7 @@ "existing": true, "type": "Microsoft.Cdn/profiles/originGroups", "apiVersion": "2023-05-01", - "name": "[format('{0}/{1}', parameters('profileName'), parameters('originGroupName'))]", - "dependsOn": [ - "profile" - ] + "name": "[format('{0}/{1}', parameters('profileName'), parameters('originGroupName'))]" }, "profile": { "existing": true, @@ -265,10 +551,7 @@ "priority": "[parameters('priority')]", "sharedPrivateLinkResource": "[parameters('sharedPrivateLinkResource')]", "weight": "[parameters('weight')]" - }, - "dependsOn": [ - "profile::originGroup" - ] + } } }, "outputs": { diff --git a/avm/res/cdn/profile/origingroup/origin/main.bicep b/avm/res/cdn/profile/origingroup/origin/main.bicep index ccf7a62aa1..166e2b43ac 100644 --- a/avm/res/cdn/profile/origingroup/origin/main.bicep +++ b/avm/res/cdn/profile/origingroup/origin/main.bicep @@ -74,3 +74,40 @@ output resourceId string = origin.id @description('The name of the resource group the origin was created in.') output resourceGroupName string = resourceGroup().name + +// =============== // +// Definitions // +// =============== // + +@export() +type originType = { + @description('Required. The name of the origion.') + name: string + + @description('Required. The address of the origin. Domain names, IPv4 addresses, and IPv6 addresses are supported.This should be unique across all origins in an endpoint.') + hostName: string + + @description('Optional. Whether to enable health probes to be made against backends defined under backendPools. Health probes can only be disabled if there is a single enabled backend in single enabled backend pool.') + enabledState: 'Enabled' | 'Disabled' | null + + @description('Optional. Whether to enable certificate name check at origin level.') + enforceCertificateNameCheck: bool? + + @description('Optional. The value of the HTTP port. Must be between 1 and 65535.') + httpPort: int? + + @description('Optional. The value of the HTTPS port. Must be between 1 and 65535.') + httpsPort: int? + + @description('Optional. The host header value sent to the origin with each request. If you leave this blank, the request hostname determines this value. Azure Front Door origins, such as Web Apps, Blob Storage, and Cloud Services require this host header value to match the origin hostname by default. This overrides the host header defined at Endpoint.') + originHostHeader: string? + + @description('Optional. Priority of origin in given origin group for load balancing. Higher priorities will not be used for load balancing if any lower priority origin is healthy.Must be between 1 and 5.') + priority: int? + + @description('Optional. Weight of the origin in given origin group for load balancing. Must be between 1 and 1000.') + weight: int? + + @description('Optional. The properties of the private link resource for private origin.') + sharedPrivateLinkResource: object? +} diff --git a/avm/res/cdn/profile/origingroup/origin/main.json b/avm/res/cdn/profile/origingroup/origin/main.json index 8ee5bf04df..6488e9907f 100644 --- a/avm/res/cdn/profile/origingroup/origin/main.json +++ b/avm/res/cdn/profile/origingroup/origin/main.json @@ -5,13 +5,95 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "4669077701065465911" + "version": "0.31.34.60546", + "templateHash": "3615112055594041997" }, "name": "CDN Profiles Origin", "description": "This module deploys a CDN Profile Origin.", "owner": "Azure/module-maintainers" }, + "definitions": { + "originType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the origion." + } + }, + "hostName": { + "type": "string", + "metadata": { + "description": "Required. The address of the origin. Domain names, IPv4 addresses, and IPv6 addresses are supported.This should be unique across all origins in an endpoint." + } + }, + "enabledState": { + "type": "string", + "allowedValues": [ + "Disabled", + "Enabled" + ], + "nullable": true, + "metadata": { + "description": "Optional. Whether to enable health probes to be made against backends defined under backendPools. Health probes can only be disabled if there is a single enabled backend in single enabled backend pool." + } + }, + "enforceCertificateNameCheck": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Whether to enable certificate name check at origin level." + } + }, + "httpPort": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. The value of the HTTP port. Must be between 1 and 65535." + } + }, + "httpsPort": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. The value of the HTTPS port. Must be between 1 and 65535." + } + }, + "originHostHeader": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The host header value sent to the origin with each request. If you leave this blank, the request hostname determines this value. Azure Front Door origins, such as Web Apps, Blob Storage, and Cloud Services require this host header value to match the origin hostname by default. This overrides the host header defined at Endpoint." + } + }, + "priority": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. Priority of origin in given origin group for load balancing. Higher priorities will not be used for load balancing if any lower priority origin is healthy.Must be between 1 and 5." + } + }, + "weight": { + "type": "int", + "nullable": true, + "metadata": { + "description": "Optional. Weight of the origin in given origin group for load balancing. Must be between 1 and 1000." + } + }, + "sharedPrivateLinkResource": { + "type": "object", + "nullable": true, + "metadata": { + "description": "Optional. The properties of the private link resource for private origin." + } + } + }, + "metadata": { + "__bicep_export!": true + } + } + }, "parameters": { "name": { "type": "string", @@ -103,10 +185,7 @@ "existing": true, "type": "Microsoft.Cdn/profiles/originGroups", "apiVersion": "2023-05-01", - "name": "[format('{0}/{1}', parameters('profileName'), parameters('originGroupName'))]", - "dependsOn": [ - "profile" - ] + "name": "[format('{0}/{1}', parameters('profileName'), parameters('originGroupName'))]" }, "profile": { "existing": true, @@ -128,10 +207,7 @@ "priority": "[parameters('priority')]", "sharedPrivateLinkResource": "[parameters('sharedPrivateLinkResource')]", "weight": "[parameters('weight')]" - }, - "dependsOn": [ - "profile::originGroup" - ] + } } }, "outputs": { diff --git a/avm/res/cdn/profile/ruleset/main.bicep b/avm/res/cdn/profile/ruleset/main.bicep index 9d96381236..dbaf29f99c 100644 --- a/avm/res/cdn/profile/ruleset/main.bicep +++ b/avm/res/cdn/profile/ruleset/main.bicep @@ -9,7 +9,7 @@ param name string param profileName string @description('Optinal. The rules to apply to the rule set.') -param rules array? +param rules ruleType[]? resource profile 'Microsoft.Cdn/profiles@2023-05-01' existing = { name: profileName @@ -35,6 +35,17 @@ module ruleSet_rules 'rule/main.bicep' = [ } ] +import { ruleType } from './rule/main.bicep' + +@export() +type ruleSetType = { + @description('Required. Name of the rule set.') + name: string + + @description('Optional. Array of rules.') + rules: ruleType[]? +} + @description('The name of the rule set.') output name string = ruleSet.name diff --git a/avm/res/cdn/profile/ruleset/main.json b/avm/res/cdn/profile/ruleset/main.json index 2d040690b5..cffc63c7ee 100644 --- a/avm/res/cdn/profile/ruleset/main.json +++ b/avm/res/cdn/profile/ruleset/main.json @@ -5,13 +5,86 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "11520922481694023973" + "version": "0.31.34.60546", + "templateHash": "4753233857701337613" }, "name": "CDN Profiles Rule Sets", "description": "This module deploys a CDN Profile rule set.", "owner": "Azure/module-maintainers" }, + "definitions": { + "ruleSetType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. Name of the rule set." + } + }, + "rules": { + "type": "array", + "items": { + "$ref": "#/definitions/ruleType" + }, + "nullable": true, + "metadata": { + "description": "Optional. Array of rules." + } + } + }, + "metadata": { + "__bicep_export!": true + } + }, + "ruleType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the rule." + } + }, + "order": { + "type": "int", + "metadata": { + "description": "Required. The order in which the rules are applied for the endpoint." + } + }, + "actions": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. A list of actions that are executed when all the conditions of a rule are satisfied.." + } + }, + "conditions": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. A list of conditions that must be matched for the actions to be executed." + } + }, + "matchProcessingBehavior": { + "type": "string", + "allowedValues": [ + "Continue", + "Stop" + ], + "nullable": true, + "metadata": { + "description": "Optional. If this rule is a match should the rules engine continue running the remaining rules or stop. If not present, defaults to Continue." + } + } + }, + "metadata": { + "__bicep_imported_from!": { + "sourceTemplate": "rule/main.bicep" + } + } + } + }, "parameters": { "name": { "type": "string", @@ -27,6 +100,9 @@ }, "rules": { "type": "array", + "items": { + "$ref": "#/definitions/ruleType" + }, "nullable": true, "metadata": { "description": "Optinal. The rules to apply to the rule set." @@ -43,10 +119,7 @@ "ruleSet": { "type": "Microsoft.Cdn/profiles/ruleSets", "apiVersion": "2023-05-01", - "name": "[format('{0}/{1}', parameters('profileName'), parameters('name'))]", - "dependsOn": [ - "profile" - ] + "name": "[format('{0}/{1}', parameters('profileName'), parameters('name'))]" }, "ruleSet_rules": { "copy": { @@ -91,13 +164,60 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "8818585542646204223" + "version": "0.31.34.60546", + "templateHash": "11756620080021514486" }, "name": "CDN Profiles Rules", "description": "This module deploys a CDN Profile rule.", "owner": "Azure/module-maintainers" }, + "definitions": { + "ruleType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the rule." + } + }, + "order": { + "type": "int", + "metadata": { + "description": "Required. The order in which the rules are applied for the endpoint." + } + }, + "actions": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. A list of actions that are executed when all the conditions of a rule are satisfied.." + } + }, + "conditions": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. A list of conditions that must be matched for the actions to be executed." + } + }, + "matchProcessingBehavior": { + "type": "string", + "allowedValues": [ + "Continue", + "Stop" + ], + "nullable": true, + "metadata": { + "description": "Optional. If this rule is a match should the rules engine continue running the remaining rules or stop. If not present, defaults to Continue." + } + } + }, + "metadata": { + "__bicep_export!": true + } + } + }, "parameters": { "name": { "type": "string", @@ -154,10 +274,7 @@ "existing": true, "type": "Microsoft.Cdn/profiles/ruleSets", "apiVersion": "2023-05-01", - "name": "[format('{0}/{1}', parameters('profileName'), parameters('ruleSetName'))]", - "dependsOn": [ - "profile" - ] + "name": "[format('{0}/{1}', parameters('profileName'), parameters('ruleSetName'))]" }, "profile": { "existing": true, @@ -174,10 +291,7 @@ "actions": "[parameters('actions')]", "conditions": "[parameters('conditions')]", "matchProcessingBehavior": "[parameters('matchProcessingBehavior')]" - }, - "dependsOn": [ - "profile::ruleSet" - ] + } } }, "outputs": { diff --git a/avm/res/cdn/profile/ruleset/rule/main.bicep b/avm/res/cdn/profile/ruleset/rule/main.bicep index 7851860264..2f172c93ce 100644 --- a/avm/res/cdn/profile/ruleset/rule/main.bicep +++ b/avm/res/cdn/profile/ruleset/rule/main.bicep @@ -54,3 +54,21 @@ output resourceId string = rule.id @description('The name of the resource group the custom domain was created in.') output resourceGroupName string = resourceGroup().name + +@export() +type ruleType = { + @description('Required. The name of the rule.') + name: string + + @description('Required. The order in which the rules are applied for the endpoint.') + order: int + + @description('Optional. A list of actions that are executed when all the conditions of a rule are satisfied..') + actions: array? + + @description('Optional. A list of conditions that must be matched for the actions to be executed.') + conditions: array? + + @description('Optional. If this rule is a match should the rules engine continue running the remaining rules or stop. If not present, defaults to Continue.') + matchProcessingBehavior: 'Continue' | 'Stop' | null +} diff --git a/avm/res/cdn/profile/ruleset/rule/main.json b/avm/res/cdn/profile/ruleset/rule/main.json index 98e0f0fef8..465bed9ee5 100644 --- a/avm/res/cdn/profile/ruleset/rule/main.json +++ b/avm/res/cdn/profile/ruleset/rule/main.json @@ -5,13 +5,60 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "8818585542646204223" + "version": "0.31.34.60546", + "templateHash": "11756620080021514486" }, "name": "CDN Profiles Rules", "description": "This module deploys a CDN Profile rule.", "owner": "Azure/module-maintainers" }, + "definitions": { + "ruleType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the rule." + } + }, + "order": { + "type": "int", + "metadata": { + "description": "Required. The order in which the rules are applied for the endpoint." + } + }, + "actions": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. A list of actions that are executed when all the conditions of a rule are satisfied.." + } + }, + "conditions": { + "type": "array", + "nullable": true, + "metadata": { + "description": "Optional. A list of conditions that must be matched for the actions to be executed." + } + }, + "matchProcessingBehavior": { + "type": "string", + "allowedValues": [ + "Continue", + "Stop" + ], + "nullable": true, + "metadata": { + "description": "Optional. If this rule is a match should the rules engine continue running the remaining rules or stop. If not present, defaults to Continue." + } + } + }, + "metadata": { + "__bicep_export!": true + } + } + }, "parameters": { "name": { "type": "string", @@ -68,10 +115,7 @@ "existing": true, "type": "Microsoft.Cdn/profiles/ruleSets", "apiVersion": "2023-05-01", - "name": "[format('{0}/{1}', parameters('profileName'), parameters('ruleSetName'))]", - "dependsOn": [ - "profile" - ] + "name": "[format('{0}/{1}', parameters('profileName'), parameters('ruleSetName'))]" }, "profile": { "existing": true, @@ -88,10 +132,7 @@ "actions": "[parameters('actions')]", "conditions": "[parameters('conditions')]", "matchProcessingBehavior": "[parameters('matchProcessingBehavior')]" - }, - "dependsOn": [ - "profile::ruleSet" - ] + } } }, "outputs": { diff --git a/avm/res/cdn/profile/secret/main.json b/avm/res/cdn/profile/secret/main.json index 77dc6a600b..4c2f0abd3c 100644 --- a/avm/res/cdn/profile/secret/main.json +++ b/avm/res/cdn/profile/secret/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "9127977884501208410" + "version": "0.31.34.60546", + "templateHash": "135211401759640973" }, "name": "CDN Profiles Secret", "description": "This module deploys a CDN Profile Secret.", diff --git a/avm/res/cdn/profile/securityPolicies/main.json b/avm/res/cdn/profile/securityPolicies/main.json index be06e14c99..e94a644cf3 100644 --- a/avm/res/cdn/profile/securityPolicies/main.json +++ b/avm/res/cdn/profile/securityPolicies/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.30.23.60470", - "templateHash": "11561080659040848436" + "version": "0.31.34.60546", + "templateHash": "3914917842985483427" }, "name": "CDN Profiles Security Policy", "description": "This module deploys a CDN Profile Security Policy.", @@ -96,10 +96,7 @@ }, "associations": "[parameters('associations')]" } - }, - "dependsOn": [ - "profile" - ] + } } }, "outputs": { diff --git a/avm/res/cdn/profile/version.json b/avm/res/cdn/profile/version.json index 35040975ae..0f81d22abc 100644 --- a/avm/res/cdn/profile/version.json +++ b/avm/res/cdn/profile/version.json @@ -1,7 +1,7 @@ { "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.7", + "version": "0.8", "pathFilters": [ "./main.json" ] -} +} \ No newline at end of file