From e4e03661ae9b4e396165ea94fe5839162c7dadf1 Mon Sep 17 00:00:00 2001 From: Morten Schmidt Date: Thu, 16 May 2024 08:23:56 +0200 Subject: [PATCH] AISearchService with adminkeys in keyvault --- avm/ptn/security/security-center/main.json | 10 +- avm/res/aad/domain-service/main.json | 4 +- avm/res/analysis-services/server/main.json | 4 +- .../service/api-version-set/main.json | 4 +- avm/res/api-management/service/api/main.json | 8 +- .../service/api/policy/main.json | 4 +- .../service/authorization-server/main.json | 4 +- .../api-management/service/backend/main.json | 4 +- .../api-management/service/cache/main.json | 4 +- .../service/identity-provider/README.md | 4 +- .../service/identity-provider/main.json | 4 +- avm/res/api-management/service/main.json | 2 +- .../service/named-value/main.json | 4 +- .../api-management/service/policy/main.json | 4 +- .../service/portalsetting/main.json | 4 +- .../service/product/api/main.json | 4 +- .../service/product/group/main.json | 4 +- .../api-management/service/product/main.json | 12 +- .../service/subscription/main.json | 4 +- avm/res/app/job/main.json | 4 +- avm/res/batch/batch-account/README.md | 2 +- avm/res/batch/batch-account/main.json | 4 +- avm/res/cache/redis/main.json | 4 +- avm/res/cdn/profile/afdEndpoint/main.json | 8 +- .../cdn/profile/afdEndpoint/route/main.json | 4 +- avm/res/cdn/profile/customdomain/main.json | 4 +- avm/res/cdn/profile/endpoint/main.json | 8 +- avm/res/cdn/profile/endpoint/origin/main.json | 4 +- avm/res/cdn/profile/origingroup/main.json | 8 +- .../cdn/profile/origingroup/origin/main.json | 4 +- avm/res/cdn/profile/ruleset/main.json | 8 +- avm/res/cdn/profile/ruleset/rule/main.json | 4 +- avm/res/cdn/profile/secret/main.json | 4 +- avm/res/cognitive-services/account/main.json | 4 +- avm/res/compute/availability-set/main.json | 4 +- avm/res/compute/disk-encryption-set/main.json | 14 +- avm/res/compute/disk/main.json | 4 +- avm/res/search/search-service/README.md | 138 ++++++++++++++++- avm/res/search/search-service/main.json | 139 +++++++++++++++++- .../shared-private-link-resource/main.json | 4 +- 40 files changed, 363 insertions(+), 106 deletions(-) diff --git a/avm/ptn/security/security-center/main.json b/avm/ptn/security/security-center/main.json index 9216e95469..3e7a244558 100644 --- a/avm/ptn/security/security-center/main.json +++ b/avm/ptn/security/security-center/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "5215368682061207752" + "version": "0.26.170.59819", + "templateHash": "18438423837890128986" }, "name": "Azure Security Center (Defender for Cloud)", "description": "This module deploys an Azure Security Center (Defender for Cloud) Configuration.", @@ -372,8 +372,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "11694037879563074763" + "version": "0.26.170.59819", + "templateHash": "16876993197536829325" } }, "parameters": { @@ -423,4 +423,4 @@ "value": "Security" } } -} +} \ No newline at end of file diff --git a/avm/res/aad/domain-service/main.json b/avm/res/aad/domain-service/main.json index b82ba31545..352f88edd8 100644 --- a/avm/res/aad/domain-service/main.json +++ b/avm/res/aad/domain-service/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "7265620724598107360" + "version": "0.26.170.59819", + "templateHash": "9940505035843194916" }, "name": "Azure Active Directory Domain Services", "description": "This module deploys an Azure Active Directory Domain Services (AADDS) instance.", diff --git a/avm/res/analysis-services/server/main.json b/avm/res/analysis-services/server/main.json index 499b9433a1..5fc2826031 100644 --- a/avm/res/analysis-services/server/main.json +++ b/avm/res/analysis-services/server/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "1590669612196455003" + "version": "0.26.170.59819", + "templateHash": "10166979415850302029" }, "name": "Analysis Services Servers", "description": "This module deploys an Analysis Services Server.", diff --git a/avm/res/api-management/service/api-version-set/main.json b/avm/res/api-management/service/api-version-set/main.json index b20b0388c7..e72964e17a 100644 --- a/avm/res/api-management/service/api-version-set/main.json +++ b/avm/res/api-management/service/api-version-set/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "14411287735172753559" + "version": "0.26.170.59819", + "templateHash": "2022925118326989470" }, "name": "API Management Service API Version Sets", "description": "This module deploys an API Management Service API Version Set.", diff --git a/avm/res/api-management/service/api/main.json b/avm/res/api-management/service/api/main.json index 149062f9e8..c7694d5324 100644 --- a/avm/res/api-management/service/api/main.json +++ b/avm/res/api-management/service/api/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "5827467280453778347" + "version": "0.26.170.59819", + "templateHash": "4982579131778182813" }, "name": "API Management Service APIs", "description": "This module deploys an API Management Service API.", @@ -267,8 +267,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "11734266416309377949" + "version": "0.26.170.59819", + "templateHash": "7030990401011468302" }, "name": "API Management Service APIs Policies", "description": "This module deploys an API Management Service API Policy.", diff --git a/avm/res/api-management/service/api/policy/main.json b/avm/res/api-management/service/api/policy/main.json index bcbaf1d3bc..dac60a7818 100644 --- a/avm/res/api-management/service/api/policy/main.json +++ b/avm/res/api-management/service/api/policy/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "11734266416309377949" + "version": "0.26.170.59819", + "templateHash": "7030990401011468302" }, "name": "API Management Service APIs Policies", "description": "This module deploys an API Management Service API Policy.", diff --git a/avm/res/api-management/service/authorization-server/main.json b/avm/res/api-management/service/authorization-server/main.json index 78869fc966..7409325aee 100644 --- a/avm/res/api-management/service/authorization-server/main.json +++ b/avm/res/api-management/service/authorization-server/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "505882801529152233" + "version": "0.26.170.59819", + "templateHash": "18174659605054562490" }, "name": "API Management Service Authorization Servers", "description": "This module deploys an API Management Service Authorization Server.", diff --git a/avm/res/api-management/service/backend/main.json b/avm/res/api-management/service/backend/main.json index bba5ebcc1f..6735b4b4cd 100644 --- a/avm/res/api-management/service/backend/main.json +++ b/avm/res/api-management/service/backend/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "5914852504306173482" + "version": "0.26.170.59819", + "templateHash": "2373122860271627831" }, "name": "API Management Service Backends", "description": "This module deploys an API Management Service Backend.", diff --git a/avm/res/api-management/service/cache/main.json b/avm/res/api-management/service/cache/main.json index 537d4e1259..635fc75b2e 100644 --- a/avm/res/api-management/service/cache/main.json +++ b/avm/res/api-management/service/cache/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "5452536693649070190" + "version": "0.26.170.59819", + "templateHash": "7716740574911932509" }, "name": "API Management Service Caches", "description": "This module deploys an API Management Service Cache.", diff --git a/avm/res/api-management/service/identity-provider/README.md b/avm/res/api-management/service/identity-provider/README.md index bb82ad51bc..e6efa155c5 100644 --- a/avm/res/api-management/service/identity-provider/README.md +++ b/avm/res/api-management/service/identity-provider/README.md @@ -141,12 +141,12 @@ Identity Provider Type identifier. - Allowed: ```Bicep [ - 'aad' - 'aadB2C' 'facebook' 'google' 'microsoft' 'twitter' + 'aad' + 'aadB2C' ] ``` diff --git a/avm/res/api-management/service/identity-provider/main.json b/avm/res/api-management/service/identity-provider/main.json index d1ac06182d..e707857bc2 100644 --- a/avm/res/api-management/service/identity-provider/main.json +++ b/avm/res/api-management/service/identity-provider/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "6944159515007886666" + "version": "0.26.170.59819", + "templateHash": "3154989001112723220" }, "name": "API Management Service Identity Providers", "description": "This module deploys an API Management Service Identity Provider.", diff --git a/avm/res/api-management/service/main.json b/avm/res/api-management/service/main.json index 6e828a8cfc..83c5695051 100644 --- a/avm/res/api-management/service/main.json +++ b/avm/res/api-management/service/main.json @@ -2899,4 +2899,4 @@ "value": "[reference('service', '2021-08-01', 'full').location]" } } -} +} \ No newline at end of file diff --git a/avm/res/api-management/service/named-value/main.json b/avm/res/api-management/service/named-value/main.json index 2087682ca4..40ba0474c7 100644 --- a/avm/res/api-management/service/named-value/main.json +++ b/avm/res/api-management/service/named-value/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "17256518550792037410" + "version": "0.26.170.59819", + "templateHash": "8836145661772426348" }, "name": "API Management Service Named Values", "description": "This module deploys an API Management Service Named Value.", diff --git a/avm/res/api-management/service/policy/main.json b/avm/res/api-management/service/policy/main.json index a2d8a0624c..789f442757 100644 --- a/avm/res/api-management/service/policy/main.json +++ b/avm/res/api-management/service/policy/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "12407621079025229005" + "version": "0.26.170.59819", + "templateHash": "11401408412631964174" }, "name": "API Management Service Policies", "description": "This module deploys an API Management Service Policy.", diff --git a/avm/res/api-management/service/portalsetting/main.json b/avm/res/api-management/service/portalsetting/main.json index 510cbe1b2c..f6882b3f61 100644 --- a/avm/res/api-management/service/portalsetting/main.json +++ b/avm/res/api-management/service/portalsetting/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "6528716876560144579" + "version": "0.26.170.59819", + "templateHash": "17742652979966426375" }, "name": "API Management Service Portal Settings", "description": "This module deploys an API Management Service Portal Setting.", diff --git a/avm/res/api-management/service/product/api/main.json b/avm/res/api-management/service/product/api/main.json index 6e0c22412b..6a8980317c 100644 --- a/avm/res/api-management/service/product/api/main.json +++ b/avm/res/api-management/service/product/api/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "2440306385645798125" + "version": "0.26.170.59819", + "templateHash": "11861068623935926152" }, "name": "API Management Service Products APIs", "description": "This module deploys an API Management Service Product API.", diff --git a/avm/res/api-management/service/product/group/main.json b/avm/res/api-management/service/product/group/main.json index af4900659f..b676f6bf18 100644 --- a/avm/res/api-management/service/product/group/main.json +++ b/avm/res/api-management/service/product/group/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "7056381119937736015" + "version": "0.26.170.59819", + "templateHash": "16009390664131411394" }, "name": "API Management Service Products Groups", "description": "This module deploys an API Management Service Product Group.", diff --git a/avm/res/api-management/service/product/main.json b/avm/res/api-management/service/product/main.json index 36c877e581..1e5cde7d1f 100644 --- a/avm/res/api-management/service/product/main.json +++ b/avm/res/api-management/service/product/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "2407987626180908324" + "version": "0.26.170.59819", + "templateHash": "11338797354163447995" }, "name": "API Management Service Products", "description": "This module deploys an API Management Service Product.", @@ -126,8 +126,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "2440306385645798125" + "version": "0.26.170.59819", + "templateHash": "11861068623935926152" }, "name": "API Management Service Products APIs", "description": "This module deploys an API Management Service Product API.", @@ -216,8 +216,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "7056381119937736015" + "version": "0.26.170.59819", + "templateHash": "16009390664131411394" }, "name": "API Management Service Products Groups", "description": "This module deploys an API Management Service Product Group.", diff --git a/avm/res/api-management/service/subscription/main.json b/avm/res/api-management/service/subscription/main.json index 7bfb9de555..911fa7543e 100644 --- a/avm/res/api-management/service/subscription/main.json +++ b/avm/res/api-management/service/subscription/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "12071485798846786639" + "version": "0.26.170.59819", + "templateHash": "1707587491854823408" }, "name": "API Management Service Subscriptions", "description": "This module deploys an API Management Service Subscription.", diff --git a/avm/res/app/job/main.json b/avm/res/app/job/main.json index 6d8ee06c25..58fed4a24e 100644 --- a/avm/res/app/job/main.json +++ b/avm/res/app/job/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.27.1.19265", - "templateHash": "11649443218681434280" + "version": "0.26.170.59819", + "templateHash": "3096359783958038878" }, "name": "Container App Jobs", "description": "This module deploys a Container App Job.", diff --git a/avm/res/batch/batch-account/README.md b/avm/res/batch/batch-account/README.md index f2d6ddd938..90a7b88bdb 100644 --- a/avm/res/batch/batch-account/README.md +++ b/avm/res/batch/batch-account/README.md @@ -691,9 +691,9 @@ List of allowed authentication modes for the Batch account that can be used to a - Allowed: ```Bicep [ - 'AAD' 'SharedKey' 'TaskAuthenticationToken' + 'AAD' ] ``` diff --git a/avm/res/batch/batch-account/main.json b/avm/res/batch/batch-account/main.json index 918b144932..982aca6bf9 100644 --- a/avm/res/batch/batch-account/main.json +++ b/avm/res/batch/batch-account/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "11103817479788393007" + "version": "0.26.170.59819", + "templateHash": "3893634721932693918" }, "name": "Batch Accounts", "description": "This module deploys a Batch Account.", diff --git a/avm/res/cache/redis/main.json b/avm/res/cache/redis/main.json index b7da02c047..d2c8d21350 100644 --- a/avm/res/cache/redis/main.json +++ b/avm/res/cache/redis/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "15170120544539480286" + "version": "0.26.170.59819", + "templateHash": "14610347286140734482" }, "name": "Redis Cache", "description": "This module deploys a Redis Cache.", diff --git a/avm/res/cdn/profile/afdEndpoint/main.json b/avm/res/cdn/profile/afdEndpoint/main.json index dbaf3c9233..23fd2d72d2 100644 --- a/avm/res/cdn/profile/afdEndpoint/main.json +++ b/avm/res/cdn/profile/afdEndpoint/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "8869132357079269087" + "version": "0.26.170.59819", + "templateHash": "3255198433705940781" }, "name": "CDN Profiles AFD Endpoints", "description": "This module deploys a CDN Profile AFD Endpoint.", @@ -156,8 +156,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "8525791914559803218" + "version": "0.26.170.59819", + "templateHash": "12469321322924109409" }, "name": "CDN Profiles AFD Endpoint Route", "description": "This module deploys a CDN Profile AFD Endpoint route.", diff --git a/avm/res/cdn/profile/afdEndpoint/route/main.json b/avm/res/cdn/profile/afdEndpoint/route/main.json index ce9f9ea2c5..1144b0099f 100644 --- a/avm/res/cdn/profile/afdEndpoint/route/main.json +++ b/avm/res/cdn/profile/afdEndpoint/route/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "8525791914559803218" + "version": "0.26.170.59819", + "templateHash": "12469321322924109409" }, "name": "CDN Profiles AFD Endpoint Route", "description": "This module deploys a CDN Profile AFD Endpoint route.", diff --git a/avm/res/cdn/profile/customdomain/main.json b/avm/res/cdn/profile/customdomain/main.json index 54f6fa7a8d..2834e7dc00 100644 --- a/avm/res/cdn/profile/customdomain/main.json +++ b/avm/res/cdn/profile/customdomain/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "15657388199001378642" + "version": "0.26.170.59819", + "templateHash": "15721665305636481516" }, "name": "CDN Profiles Custom Domains", "description": "This module deploys a CDN Profile Custom Domains.", diff --git a/avm/res/cdn/profile/endpoint/main.json b/avm/res/cdn/profile/endpoint/main.json index 4866a4cf53..f38b67df97 100644 --- a/avm/res/cdn/profile/endpoint/main.json +++ b/avm/res/cdn/profile/endpoint/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "5516612458443504281" + "version": "0.26.170.59819", + "templateHash": "2906172435071993445" }, "name": "CDN Profiles Endpoints", "description": "This module deploys a CDN Profile Endpoint.", @@ -125,8 +125,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "11112660703037023992" + "version": "0.26.170.59819", + "templateHash": "3665403791951260301" }, "name": "CDN Profiles Endpoints Origins", "description": "This module deploys a CDN Profile Endpoint Origin.", diff --git a/avm/res/cdn/profile/endpoint/origin/main.json b/avm/res/cdn/profile/endpoint/origin/main.json index bb4eefa74d..139f01f24a 100644 --- a/avm/res/cdn/profile/endpoint/origin/main.json +++ b/avm/res/cdn/profile/endpoint/origin/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "11112660703037023992" + "version": "0.26.170.59819", + "templateHash": "3665403791951260301" }, "name": "CDN Profiles Endpoints Origins", "description": "This module deploys a CDN Profile Endpoint Origin.", diff --git a/avm/res/cdn/profile/origingroup/main.json b/avm/res/cdn/profile/origingroup/main.json index 4dce9e8ca3..7d36c13c02 100644 --- a/avm/res/cdn/profile/origingroup/main.json +++ b/avm/res/cdn/profile/origingroup/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "8706007645911322422" + "version": "0.26.170.59819", + "templateHash": "12438540618132459307" }, "name": "CDN Profiles Origin Group", "description": "This module deploys a CDN Profile Origin Group.", @@ -142,8 +142,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "16657064743499074369" + "version": "0.26.170.59819", + "templateHash": "8566106020570825253" }, "name": "CDN Profiles Origin", "description": "This module deploys a CDN Profile Origin.", diff --git a/avm/res/cdn/profile/origingroup/origin/main.json b/avm/res/cdn/profile/origingroup/origin/main.json index fb48ec8744..4f80a2bd95 100644 --- a/avm/res/cdn/profile/origingroup/origin/main.json +++ b/avm/res/cdn/profile/origingroup/origin/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "16657064743499074369" + "version": "0.26.170.59819", + "templateHash": "8566106020570825253" }, "name": "CDN Profiles Origin", "description": "This module deploys a CDN Profile Origin.", diff --git a/avm/res/cdn/profile/ruleset/main.json b/avm/res/cdn/profile/ruleset/main.json index 349d081644..9610ff8024 100644 --- a/avm/res/cdn/profile/ruleset/main.json +++ b/avm/res/cdn/profile/ruleset/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "1809010747275335698" + "version": "0.26.170.59819", + "templateHash": "5891069247146856543" }, "name": "CDN Profiles Rule Sets", "description": "This module deploys a CDN Profile rule set.", @@ -91,8 +91,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "8195283154733773558" + "version": "0.26.170.59819", + "templateHash": "4690708071413750601" }, "name": "CDN Profiles Rules", "description": "This module deploys a CDN Profile rule.", diff --git a/avm/res/cdn/profile/ruleset/rule/main.json b/avm/res/cdn/profile/ruleset/rule/main.json index dc817e69f6..7b3a3304f7 100644 --- a/avm/res/cdn/profile/ruleset/rule/main.json +++ b/avm/res/cdn/profile/ruleset/rule/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "8195283154733773558" + "version": "0.26.170.59819", + "templateHash": "4690708071413750601" }, "name": "CDN Profiles Rules", "description": "This module deploys a CDN Profile rule.", diff --git a/avm/res/cdn/profile/secret/main.json b/avm/res/cdn/profile/secret/main.json index 9ba045e7be..99e5939112 100644 --- a/avm/res/cdn/profile/secret/main.json +++ b/avm/res/cdn/profile/secret/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "7298174434641608123" + "version": "0.26.170.59819", + "templateHash": "364931243138434002" }, "name": "CDN Profiles Secret", "description": "This module deploys a CDN Profile Secret.", diff --git a/avm/res/cognitive-services/account/main.json b/avm/res/cognitive-services/account/main.json index 8b8cbfdf28..d121bff4e2 100644 --- a/avm/res/cognitive-services/account/main.json +++ b/avm/res/cognitive-services/account/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "16646471610876147779" + "version": "0.26.170.59819", + "templateHash": "499952504813132750" }, "name": "Cognitive Services", "description": "This module deploys a Cognitive Service.", diff --git a/avm/res/compute/availability-set/main.json b/avm/res/compute/availability-set/main.json index 290131af55..e5935e4235 100644 --- a/avm/res/compute/availability-set/main.json +++ b/avm/res/compute/availability-set/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "9732921541323544854" + "version": "0.26.170.59819", + "templateHash": "1482827040324478831" }, "name": "Availability Sets", "description": "This module deploys an Availability Set.", diff --git a/avm/res/compute/disk-encryption-set/main.json b/avm/res/compute/disk-encryption-set/main.json index db3719112f..d8c8ba7e58 100644 --- a/avm/res/compute/disk-encryption-set/main.json +++ b/avm/res/compute/disk-encryption-set/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "12741671665077521328" + "version": "0.26.170.59819", + "templateHash": "17419089387885253563" }, "name": "Disk Encryption Sets", "description": "This module deploys a Disk Encryption Set. The module will attempt to set permissions on the provided Key Vault for any used user-assigned identity.", @@ -374,8 +374,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "11328049361610922964" + "version": "0.26.170.59819", + "templateHash": "16786824117269367102" } }, "parameters": { @@ -462,8 +462,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "3020199531226338329" + "version": "0.26.170.59819", + "templateHash": "4087128099053179532" }, "name": "Key Vault Access Policies", "description": "This module deploys a Key Vault Access Policy.", @@ -735,4 +735,4 @@ "value": "[reference('diskEncryptionSet', '2023-10-02', 'full').location]" } } -} +} \ No newline at end of file diff --git a/avm/res/compute/disk/main.json b/avm/res/compute/disk/main.json index 3a754a36b6..c2622b1a78 100644 --- a/avm/res/compute/disk/main.json +++ b/avm/res/compute/disk/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "13557505070746246600" + "version": "0.26.170.59819", + "templateHash": "12176121248469967352" }, "name": "Compute Disks", "description": "This module deploys a Compute Disk", diff --git a/avm/res/search/search-service/README.md b/avm/res/search/search-service/README.md index fddc70b242..2389f6e886 100644 --- a/avm/res/search/search-service/README.md +++ b/avm/res/search/search-service/README.md @@ -18,6 +18,7 @@ This module deploys a Search Service. | `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | +| `Microsoft.KeyVault/vaults/secrets` | [2022-07-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.KeyVault/2022-07-01/vaults/secrets) | | `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) | | `Microsoft.Search/searchServices` | [2023-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Search/2023-11-01/searchServices) | @@ -32,9 +33,10 @@ The following section provides usage examples for the module, which were used to >**Note**: To reference the module, please use the following syntax `br/public:avm/res/search/search-service:`. - [Using only defaults](#example-1-using-only-defaults) -- [Using large parameter set](#example-2-using-large-parameter-set) -- [Private endpoint-enabled deployment](#example-3-private-endpoint-enabled-deployment) -- [WAF-aligned](#example-4-waf-aligned) +- [Deploying with a key vault reference to save secrets](#example-2-deploying-with-a-key-vault-reference-to-save-secrets) +- [Using large parameter set](#example-3-using-large-parameter-set) +- [Private endpoint-enabled deployment](#example-4-private-endpoint-enabled-deployment) +- [WAF-aligned](#example-5-waf-aligned) ### Example 1: _Using only defaults_ @@ -84,7 +86,81 @@ module searchService 'br/public:avm/res/search/search-service:' = {

-### Example 2: _Using large parameter set_ +### Example 2: _Deploying with a key vault reference to save secrets_ + +This instance deploys the module saving all its secrets in a key vault. + + +

+ +via Bicep module + +```bicep +module searchService 'br/public:avm/res/search/search-service:' = { + name: 'searchServiceDeployment' + params: { + // Required parameters + name: 'kv-ref' + // Non-required parameters + authOptions: { + aadOrApiKey: { + aadAuthFailureMode: 'http401WithBearerChallenge' + } + } + disableLocalAuth: false + location: '' + secretsKeyVault: { + keyVaultName: '' + primaryAdminKeySecretName: 'Primary-Admin-Key' + } + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "name": { + "value": "kv-ref" + }, + // Non-required parameters + "authOptions": { + "value": { + "aadOrApiKey": { + "aadAuthFailureMode": "http401WithBearerChallenge" + } + } + }, + "disableLocalAuth": { + "value": false + }, + "location": { + "value": "" + }, + "secretsKeyVault": { + "value": { + "keyVaultName": "", + "primaryAdminKeySecretName": "Primary-Admin-Key" + } + } + } +} +``` + +
+

+ +### Example 3: _Using large parameter set_ This instance deploys the module with most of its features enabled. @@ -290,7 +366,7 @@ module searchService 'br/public:avm/res/search/search-service:' = {

-### Example 3: _Private endpoint-enabled deployment_ +### Example 4: _Private endpoint-enabled deployment_ This instance deploys the module with private endpoints. @@ -426,7 +502,7 @@ module searchService 'br/public:avm/res/search/search-service:' = {

-### Example 4: _WAF-aligned_ +### Example 5: _WAF-aligned_ This instance deploys the module in alignment with the best-practices of the Azure Well-Architected Framework. @@ -620,6 +696,7 @@ module searchService 'br/public:avm/res/search/search-service:' = { | [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | This value can be set to 'enabled' to avoid breaking changes on existing customer resources and templates. If set to 'disabled', traffic over public interface is not allowed, and private endpoint connections would be the exclusive access method. | | [`replicaCount`](#parameter-replicacount) | int | The number of replicas in the search service. If specified, it must be a value between 1 and 12 inclusive for standard SKUs or between 1 and 3 inclusive for basic SKU. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignments to create. | +| [`secretsKeyVault`](#parameter-secretskeyvault) | object | Key vault reference and secret settings to add the connection strings and keys generated by the cosmosdb account. | | [`semanticSearch`](#parameter-semanticsearch) | string | Sets options that control the availability of semantic search. This configuration is only possible for certain search SKUs in certain locations. | | [`sharedPrivateLinkResources`](#parameter-sharedprivatelinkresources) | array | The sharedPrivateLinkResources to create as part of the search Service. | | [`sku`](#parameter-sku) | string | Defines the SKU of an Azure Cognitive Search Service, which determines price tier and capacity limits. | @@ -1368,6 +1445,55 @@ The principal type of the assigned principal ID. ] ``` +### Parameter: `secretsKeyVault` + +Key vault reference and secret settings to add the connection strings and keys generated by the cosmosdb account. + +- Required: No +- Type: object + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`keyVaultName`](#parameter-secretskeyvaultkeyvaultname) | string | The key vault name where to store the keys and connection strings generated by the modules. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`primaryAdminKeySecretName`](#parameter-secretskeyvaultprimaryadminkeysecretname) | string | Default to API Primary admin key . The primary admin key secret name to create. | +| [`resourceGroupName`](#parameter-secretskeyvaultresourcegroupname) | string | Default to the resource group where this account is. The resource group name where the key vault is. | +| [`secondaryAdminKeySecretName`](#parameter-secretskeyvaultsecondaryadminkeysecretname) | string | Default to API Secondary admin key . The secondary admin key secret name to create. | + +### Parameter: `secretsKeyVault.keyVaultName` + +The key vault name where to store the keys and connection strings generated by the modules. + +- Required: Yes +- Type: string + +### Parameter: `secretsKeyVault.primaryAdminKeySecretName` + +Default to API Primary admin key . The primary admin key secret name to create. + +- Required: No +- Type: string + +### Parameter: `secretsKeyVault.resourceGroupName` + +Default to the resource group where this account is. The resource group name where the key vault is. + +- Required: No +- Type: string + +### Parameter: `secretsKeyVault.secondaryAdminKeySecretName` + +Default to API Secondary admin key . The secondary admin key secret name to create. + +- Required: No +- Type: string + ### Parameter: `semanticSearch` Sets options that control the availability of semantic search. This configuration is only possible for certain search SKUs in certain locations. diff --git a/avm/res/search/search-service/main.json b/avm/res/search/search-service/main.json index df489a9cab..d0103292f8 100644 --- a/avm/res/search/search-service/main.json +++ b/avm/res/search/search-service/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "13069544635575133650" + "version": "0.27.1.19265", + "templateHash": "4742187527066809212" }, "name": "Search Services", "description": "This module deploys a Search Service.", @@ -433,6 +433,38 @@ } }, "nullable": true + }, + "secretsKeyVaultType": { + "type": "object", + "properties": { + "keyVaultName": { + "type": "string", + "metadata": { + "description": "Required. The key vault name where to store the keys and connection strings generated by the modules." + } + }, + "resourceGroupName": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Default to the resource group where this account is. The resource group name where the key vault is." + } + }, + "primaryAdminKeySecretName": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Default to API Primary admin key . The primary admin key secret name to create." + } + }, + "secondaryAdminKeySecretName": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Default to API Secondary admin key . The secondary admin key secret name to create." + } + } + } } }, "parameters": { @@ -539,6 +571,13 @@ "description": "Optional. This value can be set to 'enabled' to avoid breaking changes on existing customer resources and templates. If set to 'disabled', traffic over public interface is not allowed, and private endpoint connections would be the exclusive access method." } }, + "secretsKeyVault": { + "$ref": "#/definitions/secretsKeyVaultType", + "nullable": true, + "metadata": { + "description": "Optional. Key vault reference and secret settings to add the connection strings and keys generated by the cosmosdb account." + } + }, "replicaCount": { "type": "int", "defaultValue": 3, @@ -1439,8 +1478,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "4284041533987186633" + "version": "0.27.1.19265", + "templateHash": "12246294953666077655" }, "name": "Search Services Private Link Resources", "description": "This module deploys a Search Service Private Link Resource.", @@ -1535,6 +1574,98 @@ "dependsOn": [ "searchService" ] + }, + "keyVault": { + "condition": "[not(equals(parameters('secretsKeyVault'), null()))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2022-09-01", + "name": "[format('{0}-secrets-kv', uniqueString(deployment().name, parameters('location')))]", + "resourceGroup": "[coalesce(tryGet(parameters('secretsKeyVault'), 'resourceGroupName'), resourceGroup().name)]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "keyVaultName": { + "value": "[parameters('secretsKeyVault').keyVaultName]" + }, + "keySecrets": { + "value": [ + { + "secretName": "[coalesce(tryGet(parameters('secretsKeyVault'), 'primaryAdminKeySecretName'), 'Primary-Admin-Key')]", + "secretValue": "[listAdminKeys(resourceId('Microsoft.Search/searchServices', parameters('name')), '2023-11-01').primaryKey]" + }, + { + "secretName": "[coalesce(tryGet(parameters('secretsKeyVault'), 'secondaryAdminKeySecretName'), 'Secondary-Admin-Key')]", + "secretValue": "[listAdminKeys(resourceId('Microsoft.Search/searchServices', parameters('name')), '2023-11-01').secondaryKey]" + } + ] + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.27.1.19265", + "templateHash": "17423703517558214368" + } + }, + "definitions": { + "keySecret": { + "type": "object", + "properties": { + "secretName": { + "type": "string" + }, + "secretValue": { + "type": "securestring" + } + } + } + }, + "parameters": { + "keyVaultName": { + "type": "string" + }, + "keySecrets": { + "type": "array", + "items": { + "$ref": "#/definitions/keySecret" + } + } + }, + "resources": { + "kv": { + "existing": true, + "type": "Microsoft.KeyVault/vaults", + "apiVersion": "2022-07-01", + "name": "[parameters('keyVaultName')]" + }, + "keySecretsSecrets": { + "copy": { + "name": "keySecretsSecrets", + "count": "[length(parameters('keySecrets'))]" + }, + "type": "Microsoft.KeyVault/vaults/secrets", + "apiVersion": "2022-07-01", + "name": "[format('{0}/{1}', parameters('keyVaultName'), parameters('keySecrets')[copyIndex()].secretName)]", + "properties": { + "value": "[parameters('keySecrets')[copyIndex()].secretValue]" + }, + "dependsOn": [ + "kv" + ] + } + } + } + }, + "dependsOn": [ + "searchService" + ] } }, "outputs": { diff --git a/avm/res/search/search-service/shared-private-link-resource/main.json b/avm/res/search/search-service/shared-private-link-resource/main.json index e6f281a453..cd5294c419 100644 --- a/avm/res/search/search-service/shared-private-link-resource/main.json +++ b/avm/res/search/search-service/shared-private-link-resource/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.54.24096", - "templateHash": "4284041533987186633" + "version": "0.27.1.19265", + "templateHash": "12246294953666077655" }, "name": "Search Services Private Link Resources", "description": "This module deploys a Search Service Private Link Resource.",