feat: Adding outputs required for custom domain DNS validation on the…

… CDN profile (Azure#3918) ## Description Users asked for custom domain TxtRecordName, TxtRecordValue, ValidationExpiry and EndpointHostName to be released as outputs of the CDN profile main module in order to complete DNS validation for custom domains. This PR closes Azure#3371 ## Pipeline Reference | Pipeline | | -------- | | [![avm.res.cdn.profile](https://github.com/gbeaud/bicep-registry-modules/actions/workflows/avm.res.cdn.profile.yml/badge.svg?branch=FR%233371-DNSValidationOutputs)](https://github.com/gbeaud/bicep-registry-modules/actions/workflows/avm.res.cdn.profile.yml) | ## Type of Change  - [ ] Update to CI Environment or utilities (Non-module affecting changes) - [ ] Azure Verified Module updates: - [ ] Bugfix containing backwards-compatible bug fixes, and I have NOT bumped the MAJOR or MINOR version in `version.json`: - [ ] Someone has opened a bug report issue, and I have included "Closes #{bug_report_issue_number}" in the PR description. - [ ] The bug was found by the module author, and no one has opened an issue to report it yet. - [x] Feature update backwards compatible feature updates, and I have bumped the MINOR version in `version.json`. - [ ] Breaking changes and I have bumped the MAJOR version in `version.json`. - [ ] Update to documentation ## Checklist - [x] I'm sure there are no other open Pull Requests for the same update/change - [x] I have run `Set-AVMModule` locally to generate the supporting module files. - [x] My corresponding pipelines / checks run clean and green without any errors or warnings
peterbud · Dec 13, 2024 · a2e8781 · a2e8781
1 parent a0f7796
commit a2e8781
Show file tree

Hide file tree

Showing 21 changed files with 310 additions and 254 deletions.
diff --git a/avm/res/cdn/profile/README.md b/avm/res/cdn/profile/README.md
@@ -27,7 +27,7 @@ This module deploys a CDN Profile.
 | `Microsoft.Cdn/profiles/ruleSets` | [2023-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Cdn/2023-05-01/profiles/ruleSets) |
 | `Microsoft.Cdn/profiles/ruleSets/rules` | [2023-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Cdn/2023-05-01/profiles/ruleSets/rules) |
 | `Microsoft.Cdn/profiles/secrets` | [2023-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Cdn/2023-05-01/profiles/secrets) |
-| `Microsoft.Cdn/profiles/securityPolicies` | [2024-02-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Cdn/profiles/securityPolicies) |
+| `Microsoft.Cdn/profiles/securityPolicies` | [2024-02-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Cdn/2024-02-01/profiles/securityPolicies) |
 
 ## Usage examples
 
@@ -418,6 +418,11 @@ module profile 'br/public:avm/res/cdn/profile:<version>' = {
         hostName: 'dep-test-cdnpafd-custom-domain.azurewebsites.net'
         name: 'dep-test-cdnpafd-custom-domain'
       }
+      {
+        certificateType: 'ManagedCertificate'
+        hostName: 'dep-test2-cdnpafd-custom-domain.azurewebsites.net'
+        name: 'dep-test2-cdnpafd-custom-domain'
+      }
     ]
     location: 'global'
     managedIdentities: {
@@ -514,6 +519,11 @@ module profile 'br/public:avm/res/cdn/profile:<version>' = {
           "certificateType": "ManagedCertificate",
           "hostName": "dep-test-cdnpafd-custom-domain.azurewebsites.net",
           "name": "dep-test-cdnpafd-custom-domain"
+        },
+        {
+          "certificateType": "ManagedCertificate",
+          "hostName": "dep-test2-cdnpafd-custom-domain.azurewebsites.net",
+          "name": "dep-test2-cdnpafd-custom-domain"
         }
       ]
     },
@@ -614,6 +624,11 @@ param customDomains = [
     hostName: 'dep-test-cdnpafd-custom-domain.azurewebsites.net'
     name: 'dep-test-cdnpafd-custom-domain'
   }
+  {
+    certificateType: 'ManagedCertificate'
+    hostName: 'dep-test2-cdnpafd-custom-domain.azurewebsites.net'
+    name: 'dep-test2-cdnpafd-custom-domain'
+  }
 ]
 param location = 'global'
 param managedIdentities = {
@@ -2215,8 +2230,10 @@ Endpoint tags.
 
 | Output | Type | Description |
 | :-- | :-- | :-- |
+| `dnsValidation` | array | The list of records required for custom domains validation. |
 | `endpointId` | string | The resource ID of the CDN profile endpoint. |
 | `endpointName` | string | The name of the CDN profile endpoint. |
+| `frontDoorEndpointHostNames` | array | The list of AFD endpoint host names. |
 | `location` | string | The location the resource was deployed into. |
 | `name` | string | The name of the CDN profile. |
 | `profileType` | string | The type of the CDN profile. |

diff --git a/avm/res/cdn/profile/afdEndpoint/README.md b/avm/res/cdn/profile/afdEndpoint/README.md
@@ -310,6 +310,7 @@ The tags of the AFD Endpoint.
 
 | Output | Type | Description |
 | :-- | :-- | :-- |
+| `frontDoorEndpointHostName` | string | The host name of the AFD endpoint. |
 | `location` | string | The location the resource was deployed into. |
 | `name` | string | The name of the AFD Endpoint. |
 | `resourceGroupName` | string | The name of the resource group the endpoint was created in. |

diff --git a/avm/res/cdn/profile/afdEndpoint/main.bicep b/avm/res/cdn/profile/afdEndpoint/main.bicep
@@ -85,6 +85,10 @@ output location string = afdEndpoint.location
 @description('The list of routes assigned to the AFD endpoint.')
 output routes array = routes ?? []
 
+@description('The host name of the AFD endpoint.')
+output frontDoorEndpointHostName string = afdEndpoint.properties.hostName
+
+
 // =============== //
 //   Definitions   //
 // =============== //

diff --git a/avm/res/cdn/profile/afdEndpoint/main.json b/avm/res/cdn/profile/afdEndpoint/main.json
@@ -5,8 +5,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.31.92.45157",
-      "templateHash": "8817136365913068133"
+      "version": "0.32.4.45862",
+      "templateHash": "5418845183779263042"
     },
     "name": "CDN Profiles AFD Endpoints",
     "description": "This module deploys a CDN Profile AFD Endpoint.",
@@ -314,10 +314,7 @@
       "properties": {
         "autoGeneratedDomainNameLabelScope": "[parameters('autoGeneratedDomainNameLabelScope')]",
         "enabledState": "[parameters('enabledState')]"
-      },
-      "dependsOn": [
-        "profile"
-      ]
+      }
     },
     "afdEndpoint_routes": {
       "copy": {
@@ -383,8 +380,8 @@
           "metadata": {
             "_generator": {
               "name": "bicep",
-              "version": "0.31.92.45157",
-              "templateHash": "17863230728556651506"
+              "version": "0.32.4.45862",
+              "templateHash": "11233659924871585320"
             },
             "name": "CDN Profiles AFD Endpoint Route",
             "description": "This module deploys a CDN Profile AFD Endpoint route.",
@@ -677,10 +674,7 @@
               "existing": true,
               "type": "Microsoft.Cdn/profiles/afdEndpoints",
               "apiVersion": "2023-05-01",
-              "name": "[format('{0}/{1}', parameters('profileName'), parameters('afdEndpointName'))]",
-              "dependsOn": [
-                "profile"
-              ]
+              "name": "[format('{0}/{1}', parameters('profileName'), parameters('afdEndpointName'))]"
             },
             "profile::customDomains": {
               "copy": {
@@ -690,19 +684,13 @@
               "existing": true,
               "type": "Microsoft.Cdn/profiles/customDomains",
               "apiVersion": "2023-05-01",
-              "name": "[format('{0}/{1}', parameters('profileName'), coalesce(parameters('customDomainNames'), createArray())[copyIndex()])]",
-              "dependsOn": [
-                "profile"
-              ]
+              "name": "[format('{0}/{1}', parameters('profileName'), coalesce(parameters('customDomainNames'), createArray())[copyIndex()])]"
             },
             "profile::originGroup": {
               "existing": true,
               "type": "Microsoft.Cdn/profiles/originGroups",
               "apiVersion": "2023-05-01",
-              "name": "[format('{0}/{1}', parameters('profileName'), parameters('originGroupName'))]",
-              "dependsOn": [
-                "profile"
-              ]
+              "name": "[format('{0}/{1}', parameters('profileName'), parameters('originGroupName'))]"
             },
             "profile::ruleSet": {
               "copy": {
@@ -712,10 +700,7 @@
               "existing": true,
               "type": "Microsoft.Cdn/profiles/ruleSets",
               "apiVersion": "2023-05-01",
-              "name": "[format('{0}/{1}', parameters('profileName'), parameters('ruleSets')[copyIndex()].name)]",
-              "dependsOn": [
-                "profile"
-              ]
+              "name": "[format('{0}/{1}', parameters('profileName'), parameters('ruleSets')[copyIndex()].name)]"
             },
             "profile": {
               "existing": true,
@@ -755,10 +740,7 @@
                 "originPath": "[parameters('originPath')]",
                 "patternsToMatch": "[parameters('patternsToMatch')]",
                 "supportedProtocols": "[parameters('supportedProtocols')]"
-              },
-              "dependsOn": [
-                "profile::afdEndpoint"
-              ]
+              }
             }
           },
           "outputs": {
@@ -787,8 +769,7 @@
         }
       },
       "dependsOn": [
-        "afdEndpoint",
-        "profile"
+        "afdEndpoint"
       ]
     }
   },
@@ -827,6 +808,13 @@
         "description": "The list of routes assigned to the AFD endpoint."
       },
       "value": "[coalesce(parameters('routes'), createArray())]"
+    },
+    "frontDoorEndpointHostName": {
+      "type": "string",
+      "metadata": {
+        "description": "The host name of the AFD endpoint."
+      },
+      "value": "[reference('afdEndpoint').hostName]"
     }
   }
 }
diff --git a/avm/res/cdn/profile/afdEndpoint/route/main.json b/avm/res/cdn/profile/afdEndpoint/route/main.json
@@ -5,8 +5,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.31.92.45157",
-      "templateHash": "17863230728556651506"
+      "version": "0.32.4.45862",
+      "templateHash": "11233659924871585320"
     },
     "name": "CDN Profiles AFD Endpoint Route",
     "description": "This module deploys a CDN Profile AFD Endpoint route.",
@@ -299,10 +299,7 @@
       "existing": true,
       "type": "Microsoft.Cdn/profiles/afdEndpoints",
       "apiVersion": "2023-05-01",
-      "name": "[format('{0}/{1}', parameters('profileName'), parameters('afdEndpointName'))]",
-      "dependsOn": [
-        "profile"
-      ]
+      "name": "[format('{0}/{1}', parameters('profileName'), parameters('afdEndpointName'))]"
     },
     "profile::customDomains": {
       "copy": {
@@ -312,19 +309,13 @@
       "existing": true,
       "type": "Microsoft.Cdn/profiles/customDomains",
       "apiVersion": "2023-05-01",
-      "name": "[format('{0}/{1}', parameters('profileName'), coalesce(parameters('customDomainNames'), createArray())[copyIndex()])]",
-      "dependsOn": [
-        "profile"
-      ]
+      "name": "[format('{0}/{1}', parameters('profileName'), coalesce(parameters('customDomainNames'), createArray())[copyIndex()])]"
     },
     "profile::originGroup": {
       "existing": true,
       "type": "Microsoft.Cdn/profiles/originGroups",
       "apiVersion": "2023-05-01",
-      "name": "[format('{0}/{1}', parameters('profileName'), parameters('originGroupName'))]",
-      "dependsOn": [
-        "profile"
-      ]
+      "name": "[format('{0}/{1}', parameters('profileName'), parameters('originGroupName'))]"
     },
     "profile::ruleSet": {
       "copy": {
@@ -334,10 +325,7 @@
       "existing": true,
       "type": "Microsoft.Cdn/profiles/ruleSets",
       "apiVersion": "2023-05-01",
-      "name": "[format('{0}/{1}', parameters('profileName'), parameters('ruleSets')[copyIndex()].name)]",
-      "dependsOn": [
-        "profile"
-      ]
+      "name": "[format('{0}/{1}', parameters('profileName'), parameters('ruleSets')[copyIndex()].name)]"
     },
     "profile": {
       "existing": true,
@@ -377,10 +365,7 @@
         "originPath": "[parameters('originPath')]",
         "patternsToMatch": "[parameters('patternsToMatch')]",
         "supportedProtocols": "[parameters('supportedProtocols')]"
-      },
-      "dependsOn": [
-        "profile::afdEndpoint"
-      ]
+      }
     }
   },
   "outputs": {

diff --git a/avm/res/cdn/profile/customdomain/README.md b/avm/res/cdn/profile/customdomain/README.md
@@ -127,6 +127,7 @@ Resource reference to the Azure DNS zone.
 
 | Output | Type | Description |
 | :-- | :-- | :-- |
+| `dnsValidation` |  | The DNS validation records. |
 | `name` | string | The name of the custom domain. |
 | `resourceGroupName` | string | The name of the resource group the custom domain was created in. |
 | `resourceId` | string | The resource id of the custom domain. |
diff --git a/avm/res/cdn/profile/customdomain/main.bicep b/avm/res/cdn/profile/customdomain/main.bicep
@@ -83,9 +83,17 @@ output resourceId string = customDomain.id
 @description('The name of the resource group the custom domain was created in.')
 output resourceGroupName string = resourceGroup().name
 
+@description('The DNS validation records.')
+output dnsValidation dnsValidationType = {
+  dnsTxtRecordName: '_dnsauth.${customDomain.properties.hostName}'
+  dnsTxtRecordValue: customDomain.properties.validationProperties.validationToken
+  dnsTxtRecordExpiry: customDomain.properties.validationProperties.expirationDate
+}
+
 // =============== //
 //   Definitions   //
 // =============== //
+
 @export()
 type customDomainType = {
   @description('Required. The name of the custom domain.')
@@ -112,3 +120,15 @@ type customDomainType = {
   @description('Optional. Extended properties.')
   extendedProperties: object?
 }
+
+@export()
+type dnsValidationType = {
+  @description('Required. The DNS record name.')
+  dnsTxtRecordName: string
+
+  @description('Required. The DNS record value.')
+  dnsTxtRecordValue: string
+
+  @description('Required. The expiry date of the DNS record.')
+  dnsTxtRecordExpiry: string
+}
diff --git a/avm/res/cdn/profile/customdomain/main.json b/avm/res/cdn/profile/customdomain/main.json
@@ -5,8 +5,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.31.92.45157",
-      "templateHash": "420872064438039619"
+      "version": "0.32.4.45862",
+      "templateHash": "12647886167890211057"
     },
     "name": "CDN Profiles Custom Domains",
     "description": "This module deploys a CDN Profile Custom Domains.",
@@ -82,6 +82,32 @@
       "metadata": {
         "__bicep_export!": true
       }
+    },
+    "dnsValidationType": {
+      "type": "object",
+      "properties": {
+        "dnsTxtRecordName": {
+          "type": "string",
+          "metadata": {
+            "description": "Required. The DNS record name."
+          }
+        },
+        "dnsTxtRecordValue": {
+          "type": "string",
+          "metadata": {
+            "description": "Required. The DNS record value."
+          }
+        },
+        "dnsTxtRecordExpiry": {
+          "type": "string",
+          "metadata": {
+            "description": "Required. The expiry date of the DNS record."
+          }
+        }
+      },
+      "metadata": {
+        "__bicep_export!": true
+      }
     }
   },
   "parameters": {
@@ -160,10 +186,7 @@
       "existing": true,
       "type": "Microsoft.Cdn/profiles/secrets",
       "apiVersion": "2023-05-01",
-      "name": "[format('{0}/{1}', parameters('profileName'), parameters('secretName'))]",
-      "dependsOn": [
-        "profile"
-      ]
+      "name": "[format('{0}/{1}', parameters('profileName'), parameters('secretName'))]"
     },
     "profile": {
       "existing": true,
@@ -185,10 +208,7 @@
           "minimumTlsVersion": "[parameters('minimumTlsVersion')]",
           "secret": "[if(not(empty(parameters('secretName'))), createObject('id', resourceId('Microsoft.Cdn/profiles/secrets', parameters('profileName'), parameters('secretName'))), null())]"
         }
-      },
-      "dependsOn": [
-        "profile"
-      ]
+      }
     }
   },
   "outputs": {
@@ -212,6 +232,17 @@
         "description": "The name of the resource group the custom domain was created in."
       },
       "value": "[resourceGroup().name]"
+    },
+    "dnsValidation": {
+      "$ref": "#/definitions/dnsValidationType",
+      "metadata": {
+        "description": "The DNS validation records."
+      },
+      "value": {
+        "dnsTxtRecordName": "[format('_dnsauth.{0}', reference('customDomain').hostName)]",
+        "dnsTxtRecordValue": "[reference('customDomain').validationProperties.validationToken]",
+        "dnsTxtRecordExpiry": "[reference('customDomain').validationProperties.expirationDate]"
+      }
     }
   }
 }