Merge branch 'main' of https://github.com/Azure/bicep-registry-modules …

…into users/krbar/dcrKind

avm/res/network/virtual-network/subnet/README.md

@@ -14,91 +14,82 @@ This module deploys a Virtual Network Subnet.
 | Resource Type | API Version |
 | :-- | :-- |
 | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) |
-| `Microsoft.Network/virtualNetworks/subnets` | [2023-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-11-01/virtualNetworks/subnets) |
+| `Microsoft.Network/virtualNetworks/subnets` | [2024-01-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/virtualNetworks/subnets) |
 
 ## Parameters
 
-**Required parameters**
-
-| Parameter | Type | Description |
-| :-- | :-- | :-- |
-| [`addressPrefix`](#parameter-addressprefix) | string | The address prefix for the subnet. |
-
 **Conditional parameters**
 
 | Parameter | Type | Description |
 | :-- | :-- | :-- |
+| [`addressPrefix`](#parameter-addressprefix) | string | The address prefix for the subnet. Required if `addressPrefixes` is empty. |
+| [`addressPrefixes`](#parameter-addressprefixes) | array | List of address prefixes for the subnet. Required if `addressPrefix` is empty. |
 | [`virtualNetworkName`](#parameter-virtualnetworkname) | string | The name of the parent virtual network. Required if the template is used in a standalone deployment. |
 
 **Optional parameters**
 
 | Parameter | Type | Description |
 | :-- | :-- | :-- |
-| [`addressPrefixes`](#parameter-addressprefixes) | array | List of address prefixes for the subnet. |
 | [`applicationGatewayIPConfigurations`](#parameter-applicationgatewayipconfigurations) | array | Application gateway IP configurations of virtual network resource. |
-| [`delegations`](#parameter-delegations) | array | The delegations to enable on the subnet. |
-| [`ipAllocations`](#parameter-ipallocations) | array | Array of IpAllocation which reference this subnet. |
-| [`name`](#parameter-name) | string | The Name of the subnet resource. |
+| [`defaultOutboundAccess`](#parameter-defaultoutboundaccess) | bool | Set this property to false to disable default outbound connectivity for all VMs in the subnet. This property can only be set at the time of subnet creation and cannot be updated for an existing subnet. |
+| [`delegation`](#parameter-delegation) | string | The delegation to enable on the subnet. |
 | [`natGatewayResourceId`](#parameter-natgatewayresourceid) | string | The resource ID of the NAT Gateway to use for the subnet. |
 | [`networkSecurityGroupResourceId`](#parameter-networksecuritygroupresourceid) | string | The resource ID of the network security group to assign to the subnet. |
-| [`privateEndpointNetworkPolicies`](#parameter-privateendpointnetworkpolicies) | string | enable or disable apply network policies on private endpoint in the subnet. |
-| [`privateLinkServiceNetworkPolicies`](#parameter-privatelinkservicenetworkpolicies) | string | enable or disable apply network policies on private link service in the subnet. |
+| [`privateEndpointNetworkPolicies`](#parameter-privateendpointnetworkpolicies) | string | Enable or disable apply network policies on private endpoint in the subnet. |
+| [`privateLinkServiceNetworkPolicies`](#parameter-privatelinkservicenetworkpolicies) | string | Enable or disable apply network policies on private link service in the subnet. |
 | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignments to create. |
 | [`routeTableResourceId`](#parameter-routetableresourceid) | string | The resource ID of the route table to assign to the subnet. |
 | [`serviceEndpointPolicies`](#parameter-serviceendpointpolicies) | array | An array of service endpoint policies. |
 | [`serviceEndpoints`](#parameter-serviceendpoints) | array | The service endpoints to enable on the subnet. |
+| [`sharingScope`](#parameter-sharingscope) | string | Set this property to Tenant to allow sharing subnet with other subscriptions in your AAD tenant. This property can only be set if defaultOutboundAccess is set to false, both properties can only be set if subnet is empty. |
 
-### Parameter: `addressPrefix`
-
-The address prefix for the subnet.
+**Requird parameters**
 
-- Required: Yes
-- Type: string
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`name`](#parameter-name) | string | The Name of the subnet resource. |
 
-### Parameter: `virtualNetworkName`
+### Parameter: `addressPrefix`
 
-The name of the parent virtual network. Required if the template is used in a standalone deployment.
+The address prefix for the subnet. Required if `addressPrefixes` is empty.
 
-- Required: Yes
+- Required: No
 - Type: string
 
 ### Parameter: `addressPrefixes`
 
-List of address prefixes for the subnet.
+List of address prefixes for the subnet. Required if `addressPrefix` is empty.
 
 - Required: No
 - Type: array
-- Default: `[]`
 
-### Parameter: `applicationGatewayIPConfigurations`
+### Parameter: `virtualNetworkName`
 
-Application gateway IP configurations of virtual network resource.
+The name of the parent virtual network. Required if the template is used in a standalone deployment.
 
-- Required: No
-- Type: array
-- Default: `[]`
+- Required: Yes
+- Type: string
 
-### Parameter: `delegations`
+### Parameter: `applicationGatewayIPConfigurations`
 
-The delegations to enable on the subnet.
+Application gateway IP configurations of virtual network resource.
 
 - Required: No
 - Type: array
 - Default: `[]`
 
-### Parameter: `ipAllocations`
+### Parameter: `defaultOutboundAccess`
 
-Array of IpAllocation which reference this subnet.
+Set this property to false to disable default outbound connectivity for all VMs in the subnet. This property can only be set at the time of subnet creation and cannot be updated for an existing subnet.
 
 - Required: No
-- Type: array
-- Default: `[]`
+- Type: bool
 
-### Parameter: `name`
+### Parameter: `delegation`
 
-The Name of the subnet resource.
+The delegation to enable on the subnet.
 
-- Required: Yes
+- Required: No
 - Type: string
 
 ### Parameter: `natGatewayResourceId`
@@ -107,19 +98,17 @@ The resource ID of the NAT Gateway to use for the subnet.
 
 - Required: No
 - Type: string
-- Default: `''`
 
 ### Parameter: `networkSecurityGroupResourceId`
 
 The resource ID of the network security group to assign to the subnet.
 
 - Required: No
 - Type: string
-- Default: `''`
 
 ### Parameter: `privateEndpointNetworkPolicies`
 
-enable or disable apply network policies on private endpoint in the subnet.
+Enable or disable apply network policies on private endpoint in the subnet.
 
 - Required: No
 - Type: string
@@ -135,7 +124,7 @@ enable or disable apply network policies on private endpoint in the subnet.
 
 ### Parameter: `privateLinkServiceNetworkPolicies`
 
-enable or disable apply network policies on private link service in the subnet.
+Enable or disable apply network policies on private link service in the subnet.
 
 - Required: No
 - Type: string
@@ -252,7 +241,6 @@ The resource ID of the route table to assign to the subnet.
 
 - Required: No
 - Type: string
-- Default: `''`
 
 ### Parameter: `serviceEndpointPolicies`
 
@@ -270,15 +258,36 @@ The service endpoints to enable on the subnet.
 - Type: array
 - Default: `[]`
 
+### Parameter: `sharingScope`
+
+Set this property to Tenant to allow sharing subnet with other subscriptions in your AAD tenant. This property can only be set if defaultOutboundAccess is set to false, both properties can only be set if subnet is empty.
+
+- Required: No
+- Type: string
+- Allowed:
+  ```Bicep
+  [
+    'DelegatedServices'
+    'Tenant'
+  ]
+  ```
+
+### Parameter: `name`
+
+The Name of the subnet resource.
+
+- Required: Yes
+- Type: string
+
 ## Outputs
 
 | Output | Type | Description |
 | :-- | :-- | :-- |
+| `addressPrefix` | string | The address prefix for the subnet. |
+| `addressPrefixes` | array | List of address prefixes for the subnet. |
 | `name` | string | The name of the virtual network peering. |
 | `resourceGroupName` | string | The resource group the virtual network peering was deployed into. |
 | `resourceId` | string | The resource ID of the virtual network peering. |
-| `subnetAddressPrefix` | string | The address prefix for the subnet. |
-| `subnetAddressPrefixes` | array | List of address prefixes for the subnet. |
 
 ## Notes
 

avm/res/network/virtual-network/subnet/main.bicep

@@ -2,55 +2,58 @@ metadata name = 'Virtual Network Subnets'
 metadata description = 'This module deploys a Virtual Network Subnet.'
 metadata owner = 'Azure/module-maintainers'
 
-@description('Optional. The Name of the subnet resource.')
+@description('Requird. The Name of the subnet resource.')
 param name string
 
 @description('Conditional. The name of the parent virtual network. Required if the template is used in a standalone deployment.')
 param virtualNetworkName string
 
-@description('Required. The address prefix for the subnet.')
-param addressPrefix string
+@description('Conditional. The address prefix for the subnet. Required if `addressPrefixes` is empty.')
+param addressPrefix string?
 
 @description('Optional. The resource ID of the network security group to assign to the subnet.')
-param networkSecurityGroupResourceId string = ''
+param networkSecurityGroupResourceId string?
 
 @description('Optional. The resource ID of the route table to assign to the subnet.')
-param routeTableResourceId string = ''
+param routeTableResourceId string?
 
 @description('Optional. The service endpoints to enable on the subnet.')
-param serviceEndpoints array = []
+param serviceEndpoints string[] = []
 
-@description('Optional. The delegations to enable on the subnet.')
-param delegations array = []
+@description('Optional. The delegation to enable on the subnet.')
+param delegation string?
 
 @description('Optional. The resource ID of the NAT Gateway to use for the subnet.')
-param natGatewayResourceId string = ''
+param natGatewayResourceId string?
 
-@description('Optional. enable or disable apply network policies on private endpoint in the subnet.')
+@description('Optional. Enable or disable apply network policies on private endpoint in the subnet.')
 @allowed([
   'Disabled'
   'Enabled'
   ''
 ])
 param privateEndpointNetworkPolicies string = ''
 
-@description('Optional. enable or disable apply network policies on private link service in the subnet.')
+@description('Optional. Enable or disable apply network policies on private link service in the subnet.')
 @allowed([
   'Disabled'
   'Enabled'
   ''
 ])
 param privateLinkServiceNetworkPolicies string = ''
 
-@description('Optional. List of address prefixes for the subnet.')
-param addressPrefixes array = []
+@description('Conditional. List of address prefixes for the subnet. Required if `addressPrefix` is empty.')
+param addressPrefixes string[]?
+
+@description('Optional. Set this property to false to disable default outbound connectivity for all VMs in the subnet. This property can only be set at the time of subnet creation and cannot be updated for an existing subnet.')
+param defaultOutboundAccess bool?
+
+@description('Optional. Set this property to Tenant to allow sharing subnet with other subscriptions in your AAD tenant. This property can only be set if defaultOutboundAccess is set to false, both properties can only be set if subnet is empty.')
+param sharingScope ('DelegatedServices' | 'Tenant')?
 
 @description('Optional. Application gateway IP configurations of virtual network resource.')
 param applicationGatewayIPConfigurations array = []
 
-@description('Optional. Array of IpAllocation which reference this subnet.')
-param ipAllocations array = []
-
 @description('Optional. An array of service endpoint policies.')
 param serviceEndpointPolicies array = []
 
@@ -86,15 +89,16 @@ var formattedRoleAssignments = [
   })
 ]
 
-resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-11-01' existing = {
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2024-01-01' existing = {
   name: virtualNetworkName
 }
 
-resource subnet 'Microsoft.Network/virtualNetworks/subnets@2023-11-01' = {
+resource subnet 'Microsoft.Network/virtualNetworks/subnets@2024-01-01' = {
   name: name
   parent: virtualNetwork
   properties: {
     addressPrefix: addressPrefix
+    addressPrefixes: addressPrefixes
     networkSecurityGroup: !empty(networkSecurityGroupResourceId)
       ? {
           id: networkSecurityGroupResourceId
@@ -110,16 +114,29 @@ resource subnet 'Microsoft.Network/virtualNetworks/subnets@2023-11-01' = {
           id: natGatewayResourceId
         }
       : null
-    serviceEndpoints: serviceEndpoints
-    delegations: delegations
+    serviceEndpoints: [
+      for endpoint in serviceEndpoints: {
+        service: endpoint
+      }
+    ]
+    delegations: !empty(delegation)
+      ? [
+          {
+            name: delegation
+            properties: {
+              serviceName: delegation
+            }
+          }
+        ]
+      : []
     privateEndpointNetworkPolicies: !empty(privateEndpointNetworkPolicies) ? any(privateEndpointNetworkPolicies) : null
     privateLinkServiceNetworkPolicies: !empty(privateLinkServiceNetworkPolicies)
       ? any(privateLinkServiceNetworkPolicies)
       : null
-    addressPrefixes: addressPrefixes
     applicationGatewayIPConfigurations: applicationGatewayIPConfigurations
-    ipAllocations: ipAllocations
     serviceEndpointPolicies: serviceEndpointPolicies
+    defaultOutboundAccess: defaultOutboundAccess
+    sharingScope: sharingScope
   }
 }
 
@@ -149,10 +166,10 @@ output name string = subnet.name
 output resourceId string = subnet.id
 
 @description('The address prefix for the subnet.')
-output subnetAddressPrefix string = subnet.properties.addressPrefix
+output addressPrefix string = subnet.properties.?addressPrefix ?? ''
 
 @description('List of address prefixes for the subnet.')
-output subnetAddressPrefixes array = !empty(addressPrefixes) ? subnet.properties.addressPrefixes : []
+output addressPrefixes array = subnet.properties.?addressPrefixes ?? []
 
 // =============== //
 //   Definitions   //