From 2ff6bd588e7d96d63d4e3ef3dfb6068daf27928f Mon Sep 17 00:00:00 2001 From: Seif Bassem <38246040+sebassem@users.noreply.github.com> Date: Sun, 20 Oct 2024 21:10:57 +0300 Subject: [PATCH] Refactor code to improve performance and readability --- avm/ptn/lz/sub-vending/main.json | 805 ++++++------------------------- 1 file changed, 141 insertions(+), 664 deletions(-) diff --git a/avm/ptn/lz/sub-vending/main.json b/avm/ptn/lz/sub-vending/main.json index 2ae16bde42..657cbd9f62 100644 --- a/avm/ptn/lz/sub-vending/main.json +++ b/avm/ptn/lz/sub-vending/main.json @@ -1,234 +1,17 @@ { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", - "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.30.23.60470", - "templateHash": "85471030435862531" + "templateHash": "15297648363887235052" }, "name": "Sub-vending", "description": "This module deploys a subscription to accelerate deployment of landing zones. For more information on how to use it, please visit this [Wiki](https://github.com/Azure/bicep-lz-vending/wiki).", "owner": "Azure/module-maintainers", "details": "These are the input parameters for the Bicep module: [`main.bicep`](./main.bicep)\n\nThis is the orchestration module that is used and called by a consumer of the module to deploy a Landing Zone Subscription and its associated resources, based on the parameter input values that are provided to it at deployment time.\n\n> For more information and examples please see the [wiki](https://github.com/Azure/bicep-lz-vending/wiki)" }, - "definitions": { - "_1.constrainedDelegationTemplatesType": { - "type": "object", - "discriminator": { - "propertyName": "templateName", - "mapping": { - "excludeRoles": { - "$ref": "#/definitions/_1.excludeRolesType" - }, - "constrainRoles": { - "$ref": "#/definitions/_1.constrainRolesType" - }, - "constrainRolesAndPrincipalTypes": { - "$ref": "#/definitions/_1.constrainRolesAndPrincipalTypesType" - }, - "constrainRolesAndPrincipals": { - "$ref": "#/definitions/_1.constrainRolesAndPrincipalsType" - } - } - }, - "metadata": { - "__bicep_imported_from!": { - "sourceTemplate": "modules/subResourceWrapper.bicep" - } - } - }, - "_1.constrainRolesAndPrincipalsType": { - "type": "object", - "properties": { - "templateName": { - "type": "string", - "allowedValues": [ - "constrainRolesAndPrincipals" - ], - "metadata": { - "description": "Required. Name of the RBAC condition template." - } - }, - "rolesToAssign": { - "type": "array", - "metadata": { - "description": "Required. The list of roles that are allowed to be assigned by the delegate." - } - }, - "principalsToAssignTo": { - "type": "array", - "metadata": { - "description": "Required. The list of principals that are allowed to be assigned roles by the delegate." - } - } - }, - "metadata": { - "__bicep_imported_from!": { - "sourceTemplate": "modules/subResourceWrapper.bicep" - } - } - }, - "_1.constrainRolesAndPrincipalTypesType": { - "type": "object", - "properties": { - "templateName": { - "type": "string", - "allowedValues": [ - "constrainRolesAndPrincipalTypes" - ], - "metadata": { - "description": "Required. Name of the RBAC condition template." - } - }, - "rolesToAssign": { - "type": "array", - "metadata": { - "description": "Required. The list of roles that are allowed to be assigned by the delegate." - } - }, - "principleTypesToAssign": { - "type": "array", - "allowedValues": [ - "Group", - "ServicePrincipal", - "User" - ], - "metadata": { - "description": "Required. The list of principle types that are allowed to be assigned roles by the delegate." - } - } - }, - "metadata": { - "__bicep_imported_from!": { - "sourceTemplate": "modules/subResourceWrapper.bicep" - } - } - }, - "_1.constrainRolesType": { - "type": "object", - "properties": { - "templateName": { - "type": "string", - "allowedValues": [ - "constrainRoles" - ], - "metadata": { - "description": "Required. Name of the RBAC condition template." - } - }, - "rolesToAssign": { - "type": "array", - "metadata": { - "description": "Required. The list of roles that are allowed to be assigned by the delegate." - } - } - }, - "metadata": { - "__bicep_imported_from!": { - "sourceTemplate": "modules/subResourceWrapper.bicep" - } - } - }, - "_1.excludeRolesType": { - "type": "object", - "properties": { - "templateName": { - "type": "string", - "allowedValues": [ - "excludeRoles" - ], - "metadata": { - "description": "Required. Name of the RBAC condition template." - } - }, - "ExludededRoles": { - "type": "array", - "metadata": { - "description": "Required. The list of roles that are not allowed to be assigned by the delegate." - } - } - }, - "metadata": { - "__bicep_imported_from!": { - "sourceTemplate": "modules/subResourceWrapper.bicep" - } - } - }, - "_1.roleAssignmentConditionType": { - "type": "object", - "properties": { - "roleConditionType": { - "$ref": "#/definitions/_1.constrainedDelegationTemplatesType", - "nullable": true, - "metadata": { - "description": "Required. The type of template for the role assignment condition." - } - }, - "conditionVersion": { - "type": "string", - "allowedValues": [ - "2.0" - ], - "nullable": true, - "metadata": { - "description": "Optional. The version of the condition template." - } - }, - "delegationCode": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The code for a custom condition if no template is used. The user should supply their own custom code if the available templates are not matching their requirements. If a value is provided, this will overwrite any added template. All single quotes needs to be skipped using '." - } - } - }, - "metadata": { - "__bicep_imported_from!": { - "sourceTemplate": "modules/subResourceWrapper.bicep" - } - } - }, - "roleAssignmentType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "principalId": { - "type": "string", - "metadata": { - "description": "Required. The principal ID of the user, group, or service principal." - } - }, - "definition": { - "type": "string", - "metadata": { - "description": "Required. The role definition ID or name." - } - }, - "relativeScope": { - "type": "string", - "metadata": { - "description": "Required. The relative scope of the role assignment." - } - }, - "roleAssignmentCondition": { - "$ref": "#/definitions/_1.roleAssignmentConditionType", - "nullable": true, - "metadata": { - "description": "Optional. The condition for the role assignment." - } - } - } - }, - "metadata": { - "__bicep_imported_from!": { - "sourceTemplate": "modules/subResourceWrapper.bicep" - } - } - } - }, "parameters": { "subscriptionAliasEnabled": { "type": "bool", @@ -452,7 +235,7 @@ } }, "roleAssignments": { - "$ref": "#/definitions/roleAssignmentType", + "type": "array", "defaultValue": [], "metadata": { "description": "Optional. Supply an array of objects containing the details of the role assignments to create.\n\nEach object must contain the following `keys`:\n- `principalId` = The Object ID of the User, Group, SPN, Managed Identity to assign the RBAC role too.\n- `definition` = The Name of one of the pre-defined built-In RBAC Roles or a Resource ID of a Built-in or custom RBAC Role Definition as follows:\n - You can only provide the RBAC role name of the pre-defined roles (Contributor, Owner, Reader, Role Based Access Control Administrator (Preview), and User Access Administrator). We only provide those roles as they are the most common ones to assign to a new subscription, also to reduce the template size and complexity in case we define each and every Built-in RBAC role.\n - You can provide the Resource ID of a Built-in or custom RBAC Role Definition\n - e.g. `/providers/Microsoft.Authorization/roleDefinitions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx`\n- `relativeScope` = 2 options can be provided for input value:\n 1. `''` *(empty string)* = Make RBAC Role Assignment to Subscription scope\n 2. `'/resourceGroups/'` = Make RBAC Role Assignment to specified Resource Group.\n" @@ -510,7 +293,7 @@ }, "deploymentScriptStorageAccountName": { "type": "string", - "defaultValue": "[format('stgds{0}', substring(uniqueString(deployment().name, parameters('virtualNetworkLocation')), 0, 10))]", + "defaultValue": "[format('stgds{0}', substring(uniqueString(deployment().name, parameters('virtualNetworkLocation')), 0, 4))]", "metadata": { "description": "Optional. The name of the storage account for the deployment script." } @@ -610,8 +393,8 @@ "createSubscriptionResources": "[take(format('lz-vend-sub-res-create-{0}-{1}', parameters('subscriptionAliasName'), uniqueString(parameters('subscriptionAliasName'), parameters('subscriptionDisplayName'), parameters('subscriptionBillingScope'), parameters('subscriptionWorkload'), parameters('existingSubscriptionId'), deployment().name)), 64)]" } }, - "resources": { - "avmTelemetry": { + "resources": [ + { "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", @@ -632,7 +415,7 @@ } } }, - "createSubscription": { + { "condition": "[and(parameters('subscriptionAliasEnabled'), empty(parameters('existingSubscriptionId')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -757,7 +540,7 @@ } } }, - "createSubscriptionResources": { + { "condition": "[or(parameters('subscriptionAliasEnabled'), not(empty(parameters('existingSubscriptionId'))))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -769,7 +552,7 @@ }, "mode": "Incremental", "parameters": { - "subscriptionId": "[if(and(parameters('subscriptionAliasEnabled'), empty(parameters('existingSubscriptionId'))), createObject('value', reference('createSubscription').outputs.subscriptionId.value), createObject('value', parameters('existingSubscriptionId')))]", + "subscriptionId": "[if(and(parameters('subscriptionAliasEnabled'), empty(parameters('existingSubscriptionId'))), createObject('value', reference(extensionResourceId(managementGroup().id, 'Microsoft.Resources/deployments', variables('deploymentNames').createSubscription), '2022-09-01').outputs.subscriptionId.value), createObject('value', parameters('existingSubscriptionId')))]", "managementGroupAssociationDelayCount": { "value": "[parameters('managementGroupAssociationDelayCount')]" }, @@ -875,321 +658,17 @@ }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", - "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.30.23.60470", - "templateHash": "14273192856936260326" + "templateHash": "16600088245608261230" }, "name": "`/subResourcesWrapper/deploy.bicep` Parameters", "description": "This module is used by the [`bicep-lz-vending`](https://aka.ms/sub-vending/bicep) module to help orchestrate the deployment", "details": "These are the input parameters for the Bicep module: [`deploy.bicep`](./deploy.bicep)\n\nThis is the sub-orchestration module that is used and called by the [`main.bicep`](../../../main.bicep) module to deploy the resources into the subscription that has been created (or an existing one provided), based on the parameter input values that are provided to it at deployment time from the `main.bicep` orchestration module.\n\n> ⚠️ It is not intended for this module to be called outside of being a sub-orchestration module for the `main.bicep` module ⚠️" }, - "definitions": { - "roleAssignmentType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "principalId": { - "type": "string", - "metadata": { - "description": "Required. The principal ID of the user, group, or service principal." - } - }, - "definition": { - "type": "string", - "metadata": { - "description": "Required. The role definition ID or name." - } - }, - "relativeScope": { - "type": "string", - "metadata": { - "description": "Required. The relative scope of the role assignment." - } - }, - "roleAssignmentCondition": { - "$ref": "#/definitions/roleAssignmentConditionType", - "nullable": true, - "metadata": { - "description": "Optional. The condition for the role assignment." - } - } - } - }, - "metadata": { - "__bicep_export!": true - } - }, - "constrainRolesType": { - "type": "object", - "properties": { - "templateName": { - "type": "string", - "allowedValues": [ - "constrainRoles" - ], - "metadata": { - "description": "Required. Name of the RBAC condition template." - } - }, - "rolesToAssign": { - "type": "array", - "metadata": { - "description": "Required. The list of roles that are allowed to be assigned by the delegate." - } - } - }, - "metadata": { - "__bicep_export!": true - } - }, - "constrainRolesAndPrincipalTypesType": { - "type": "object", - "properties": { - "templateName": { - "type": "string", - "allowedValues": [ - "constrainRolesAndPrincipalTypes" - ], - "metadata": { - "description": "Required. Name of the RBAC condition template." - } - }, - "rolesToAssign": { - "type": "array", - "metadata": { - "description": "Required. The list of roles that are allowed to be assigned by the delegate." - } - }, - "principleTypesToAssign": { - "type": "array", - "allowedValues": [ - "Group", - "ServicePrincipal", - "User" - ], - "metadata": { - "description": "Required. The list of principle types that are allowed to be assigned roles by the delegate." - } - } - }, - "metadata": { - "__bicep_export!": true - } - }, - "constrainRolesAndPrincipalsType": { - "type": "object", - "properties": { - "templateName": { - "type": "string", - "allowedValues": [ - "constrainRolesAndPrincipals" - ], - "metadata": { - "description": "Required. Name of the RBAC condition template." - } - }, - "rolesToAssign": { - "type": "array", - "metadata": { - "description": "Required. The list of roles that are allowed to be assigned by the delegate." - } - }, - "principalsToAssignTo": { - "type": "array", - "metadata": { - "description": "Required. The list of principals that are allowed to be assigned roles by the delegate." - } - } - }, - "metadata": { - "__bicep_export!": true - } - }, - "excludeRolesType": { - "type": "object", - "properties": { - "templateName": { - "type": "string", - "allowedValues": [ - "excludeRoles" - ], - "metadata": { - "description": "Required. Name of the RBAC condition template." - } - }, - "ExludededRoles": { - "type": "array", - "metadata": { - "description": "Required. The list of roles that are not allowed to be assigned by the delegate." - } - } - }, - "metadata": { - "__bicep_export!": true - } - }, - "constrainedDelegationTemplatesType": { - "type": "object", - "discriminator": { - "propertyName": "templateName", - "mapping": { - "excludeRoles": { - "$ref": "#/definitions/excludeRolesType" - }, - "constrainRoles": { - "$ref": "#/definitions/constrainRolesType" - }, - "constrainRolesAndPrincipalTypes": { - "$ref": "#/definitions/constrainRolesAndPrincipalTypesType" - }, - "constrainRolesAndPrincipals": { - "$ref": "#/definitions/constrainRolesAndPrincipalsType" - } - } - }, - "metadata": { - "__bicep_export!": true - } - }, - "roleAssignmentConditionType": { - "type": "object", - "properties": { - "roleConditionType": { - "$ref": "#/definitions/constrainedDelegationTemplatesType", - "nullable": true, - "metadata": { - "description": "Required. The type of template for the role assignment condition." - } - }, - "conditionVersion": { - "type": "string", - "allowedValues": [ - "2.0" - ], - "nullable": true, - "metadata": { - "description": "Optional. The version of the condition template." - } - }, - "delegationCode": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The code for a custom condition if no template is used. The user should supply their own custom code if the available templates are not matching their requirements. If a value is provided, this will overwrite any added template. All single quotes needs to be skipped using '." - } - } - }, - "metadata": { - "__bicep_export!": true - } - } - }, - "functions": [ - { - "namespace": "__bicep", - "members": { - "generateCodeRolesType": { - "parameters": [ - { - "$ref": "#/definitions/constrainRolesType", - "name": "constrainRoles" - } - ], - "output": { - "type": "string", - "value": "[format('((!(ActionMatches{{''Microsoft.Authorization/roleAssignments/write''}})) OR (@Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {{{0}}}) AND ((!(ActionMatches{{''Microsoft.Authorization/roleAssignments/delete''}}) OR (@Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {{{1}}}))))', __bicep.joinArray(parameters('constrainRoles').rolesToAssign), __bicep.joinArray(parameters('constrainRoles').rolesToAssign))]" - }, - "metadata": { - "description": "Generates the code for the \"Constrain Roles\" condition template.", - "__bicep_export!": true - } - }, - "generateCodeRolesAndPrincipalsTypes": { - "parameters": [ - { - "$ref": "#/definitions/constrainRolesAndPrincipalTypesType", - "name": "constrainRolesAndPrincipalsTypes" - } - ], - "output": { - "type": "string", - "value": "[format('((!(ActionMatches{{''Microsoft.Authorization/roleAssignments/write''}}) OR (@Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {{{0}}} AND @Request[Microsoft.Authorization/roleAssignments:PrincipalType] ForAnyOfAnyValues:StringEqualsIgnoreCase {{{1}}})) AND ((!(ActionMatches{{''Microsoft.Authorization/roleAssignments/delete''}})) OR (@Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {{{2}}} AND @Resource[Microsoft.Authorization/roleAssignments:PrincipalType] ForAnyOfAnyValues:StringEqualsIgnoreCase {{{3}}})))', __bicep.joinArray(parameters('constrainRolesAndPrincipalsTypes').rolesToAssign), __bicep.joinArrayIgnoreCase(parameters('constrainRolesAndPrincipalsTypes').principleTypesToAssign), __bicep.joinArray(parameters('constrainRolesAndPrincipalsTypes').rolesToAssign), __bicep.joinArrayIgnoreCase(parameters('constrainRolesAndPrincipalsTypes').principleTypesToAssign))]" - }, - "metadata": { - "description": "Generates the code for the \"Constrain Roles and Principal types\" condition template.", - "__bicep_export!": true - } - }, - "generateCodeRolesAndPrincipals": { - "parameters": [ - { - "$ref": "#/definitions/constrainRolesAndPrincipalsType", - "name": "constrainRolesAndPrincipals" - } - ], - "output": { - "type": "string", - "value": "[format('((!(ActionMatches{{''Microsoft.Authorization/roleAssignments/write''}}) OR (@Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {{{0}}} AND @Request[Microsoft.Authorization/roleAssignments:PrincipalId] ForAnyOfAnyValues:GuidEquals {{{1}}})) AND ((!(ActionMatches{{''Microsoft.Authorization/roleAssignments/delete''}})) OR (@Resource[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAnyValues:GuidEquals {{{2}}} AND @Resource[Microsoft.Authorization/roleAssignments:PrincipalId] ForAnyOfAnyValues:GuidEquals {{{3}}})))', __bicep.joinArray(parameters('constrainRolesAndPrincipals').rolesToAssign), __bicep.joinArray(parameters('constrainRolesAndPrincipals').principalsToAssignTo), __bicep.joinArray(parameters('constrainRolesAndPrincipals').rolesToAssign), __bicep.joinArray(parameters('constrainRolesAndPrincipals').principalsToAssignTo))]" - }, - "metadata": { - "description": "Generates the code for the \"Constrain Roles and Principals\" condition template.", - "__bicep_export!": true - } - }, - "generateCodeExcludeRoles": { - "parameters": [ - { - "$ref": "#/definitions/excludeRolesType", - "name": "excludeRoles" - } - ], - "output": { - "type": "string", - "value": "[format('((!(ActionMatches{{''Microsoft.Authorization/roleAssignments/write''}}) OR ( @Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAllValues:GuidNotEquals {{{0}}})) AND ((!(ActionMatches{{''Microsoft.Authorization/roleAssignments/delete''}}) OR (@Request[Microsoft.Authorization/roleAssignments:RoleDefinitionId] ForAnyOfAllValues:GuidNotEquals {{{1}}}))))', __bicep.joinArray(parameters('excludeRoles').ExludededRoles), __bicep.joinArray(parameters('excludeRoles').ExludededRoles))]" - }, - "metadata": { - "description": "Generates the code for the \"Exclude Roles\" condition template.", - "__bicep_export!": true - } - }, - "joinArray": { - "parameters": [ - { - "type": "array", - "name": "roles" - } - ], - "output": { - "type": "string", - "value": "[replace(join(parameters('roles'), ','), '\"', '')]" - }, - "metadata": { - "__bicep_export!": true - } - }, - "joinArrayIgnoreCase": { - "parameters": [ - { - "type": "array", - "name": "principalTypes" - } - ], - "output": { - "type": "string", - "value": "[format('''{0}''', replace(replace(join(parameters('principalTypes'), ','), '\"', ''''), ',', ''','''))]" - }, - "metadata": { - "__bicep_export!": true - } - } - } - } - ], "parameters": { "subscriptionId": { "type": "string", @@ -1352,7 +831,7 @@ } }, "roleAssignments": { - "$ref": "#/definitions/roleAssignmentType", + "type": "array", "defaultValue": [], "metadata": { "description": "Supply an array of objects containing the details of the role assignments to create." @@ -1540,8 +1019,8 @@ "virtualWanHubConnectionPropogatedLabels": "[if(not(empty(parameters('virtualNetworkVwanPropagatedLabels'))), parameters('virtualNetworkVwanPropagatedLabels'), createArray('default'))]", "resourceProvidersFormatted": "[replace(string(parameters('resourceProviders')), '\"', '\\\"')]" }, - "resources": { - "moveSubscriptionToManagementGroupDelay": { + "resources": [ + { "copy": { "name": "moveSubscriptionToManagementGroupDelay", "count": "[length(range(0, parameters('managementGroupAssociationDelayCount')))]", @@ -1562,7 +1041,7 @@ } } }, - "moveSubscriptionToManagementGroup": { + { "condition": "[and(parameters('subscriptionManagementGroupAssociationEnabled'), not(empty(parameters('subscriptionManagementGroupId'))))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -1620,7 +1099,7 @@ "moveSubscriptionToManagementGroupDelay" ] }, - "tagSubscription": { + { "condition": "[not(empty(parameters('subscriptionTags')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -1985,7 +1464,7 @@ } } }, - "createResourceGroupForLzNetworking": { + { "condition": "[and(and(parameters('virtualNetworkEnabled'), not(empty(parameters('virtualNetworkLocation')))), not(empty(parameters('virtualNetworkResourceGroupName'))))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -2446,7 +1925,7 @@ } } }, - "tagResourceGroup": { + { "condition": "[and(and(and(parameters('virtualNetworkEnabled'), not(empty(parameters('virtualNetworkLocation')))), not(empty(parameters('virtualNetworkResourceGroupName')))), not(empty(parameters('virtualNetworkResourceGroupTags'))))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -2814,10 +2293,10 @@ } }, "dependsOn": [ - "createResourceGroupForLzNetworking" + "[subscriptionResourceId(parameters('subscriptionId'), 'Microsoft.Resources/deployments', variables('deploymentNames').createResourceGroupForLzNetworking)]" ] }, - "createLzVnet": { + { "condition": "[and(and(and(and(parameters('virtualNetworkEnabled'), not(empty(parameters('virtualNetworkName')))), not(empty(parameters('virtualNetworkAddressSpace')))), not(empty(parameters('virtualNetworkLocation')))), not(empty(parameters('virtualNetworkResourceGroupName'))))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -2860,8 +2339,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.29.47.4906", - "templateHash": "15949466154563447171" + "version": "0.30.23.60470", + "templateHash": "5074972058800471543" }, "name": "Virtual Networks", "description": "This module deploys a Virtual Network (vNet).", @@ -3475,7 +2954,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.network-virtualnetwork.{0}.{1}', replace('0.4.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-virtualnetwork.{0}.{1}', replace('0.4.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -3659,8 +3138,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.29.47.4906", - "templateHash": "5699372618313647761" + "version": "0.30.23.60470", + "templateHash": "6677157161292207910" }, "name": "Virtual Network Subnets", "description": "This module deploys a Virtual Network Subnet.", @@ -4038,8 +3517,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.29.47.4906", - "templateHash": "5206620163504251868" + "version": "0.30.23.60470", + "templateHash": "345394220621166229" }, "name": "Virtual Network Peerings", "description": "This module deploys a Virtual Network Peering.", @@ -4144,7 +3623,8 @@ } }, "dependsOn": [ - "virtualNetwork" + "virtualNetwork", + "virtualNetwork_subnets" ] }, "virtualNetwork_peering_remote": { @@ -4195,8 +3675,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.29.47.4906", - "templateHash": "5206620163504251868" + "version": "0.30.23.60470", + "templateHash": "345394220621166229" }, "name": "Virtual Network Peerings", "description": "This module deploys a Virtual Network Peering.", @@ -4301,7 +3781,8 @@ } }, "dependsOn": [ - "virtualNetwork" + "virtualNetwork", + "virtualNetwork_subnets" ] } }, @@ -4358,10 +3839,10 @@ } }, "dependsOn": [ - "createResourceGroupForLzNetworking" + "[subscriptionResourceId(parameters('subscriptionId'), 'Microsoft.Resources/deployments', variables('deploymentNames').createResourceGroupForLzNetworking)]" ] }, - "createLzVirtualWanConnection": { + { "condition": "[and(and(and(and(and(and(and(and(parameters('virtualNetworkEnabled'), parameters('virtualNetworkPeeringEnabled')), not(empty(variables('virtualHubResourceIdChecked')))), not(empty(parameters('virtualNetworkName')))), not(empty(parameters('virtualNetworkAddressSpace')))), not(empty(parameters('virtualNetworkLocation')))), not(empty(parameters('virtualNetworkResourceGroupName')))), not(empty(variables('virtualWanHubResourceGroupName')))), not(empty(variables('virtualWanHubSubscriptionId'))))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -4472,11 +3953,11 @@ } }, "dependsOn": [ - "createLzVnet", - "createResourceGroupForLzNetworking" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('virtualNetworkResourceGroupName')), 'Microsoft.Resources/deployments', variables('deploymentNames').createLzVnet)]", + "[subscriptionResourceId(parameters('subscriptionId'), 'Microsoft.Resources/deployments', variables('deploymentNames').createResourceGroupForLzNetworking)]" ] }, - "createLzRoleAssignmentsSub": { + { "copy": { "name": "createLzRoleAssignmentsSub", "count": "[length(variables('roleAssignmentsSubscription'))]" @@ -4503,9 +3984,7 @@ }, "subscriptionId": { "value": "[parameters('subscriptionId')]" - }, - "conditionVersion": "[if(not(empty(coalesce(tryGet(variables('roleAssignmentsSubscription')[copyIndex()], 'roleAssignmentCondition'), createObject()))), createObject('value', coalesce(tryGet(tryGet(variables('roleAssignmentsSubscription')[copyIndex()], 'roleAssignmentCondition'), 'conditionVersion'), '2.0')), createObject('value', null()))]", - "condition": "[if(empty(coalesce(tryGet(variables('roleAssignmentsSubscription')[copyIndex()], 'roleAssignmentCondition'), createObject())), createObject('value', null()), if(and(equals(tryGet(tryGet(variables('roleAssignmentsSubscription')[copyIndex()], 'roleAssignmentCondition'), 'roleConditionType', 'templateName'), 'constrainRoles'), empty(tryGet(tryGet(variables('roleAssignmentsSubscription')[copyIndex()], 'roleAssignmentCondition'), 'delegationCode'))), createObject('value', __bicep.generateCodeRolesType(tryGet(tryGet(variables('roleAssignmentsSubscription')[copyIndex()], 'roleAssignmentCondition'), 'roleConditionType'))), if(and(equals(tryGet(tryGet(variables('roleAssignmentsSubscription')[copyIndex()], 'roleAssignmentCondition'), 'roleConditionType', 'templateName'), 'constrainRolesAndPrincipalTypes'), empty(tryGet(tryGet(variables('roleAssignmentsSubscription')[copyIndex()], 'roleAssignmentCondition'), 'delegationCode'))), createObject('value', __bicep.generateCodeRolesAndPrincipalsTypes(tryGet(tryGet(variables('roleAssignmentsSubscription')[copyIndex()], 'roleAssignmentCondition'), 'roleConditionType'))), if(and(equals(tryGet(tryGet(variables('roleAssignmentsSubscription')[copyIndex()], 'roleAssignmentCondition'), 'roleConditionType', 'templateName'), 'constrainRolesAndPrincipals'), empty(tryGet(tryGet(variables('roleAssignmentsSubscription')[copyIndex()], 'roleAssignmentCondition'), 'delegationCode'))), createObject('value', __bicep.generateCodeRolesAndPrincipals(tryGet(tryGet(variables('roleAssignmentsSubscription')[copyIndex()], 'roleAssignmentCondition'), 'roleConditionType'))), if(and(equals(tryGet(tryGet(variables('roleAssignmentsSubscription')[copyIndex()], 'roleAssignmentCondition'), 'roleConditionType', 'templateName'), 'excludeRoles'), empty(tryGet(tryGet(variables('roleAssignmentsSubscription')[copyIndex()], 'roleAssignmentCondition'), 'delegationCode'))), createObject('value', __bicep.generateCodeExcludeRoles(tryGet(tryGet(variables('roleAssignmentsSubscription')[copyIndex()], 'roleAssignmentCondition'), 'roleConditionType'))), if(not(empty(tryGet(tryGet(variables('roleAssignmentsSubscription')[copyIndex()], 'roleAssignmentCondition'), 'delegationCode'))), createObject('value', tryGet(tryGet(variables('roleAssignmentsSubscription')[copyIndex()], 'roleAssignmentCondition'), 'delegationCode')), createObject('value', null())))))))]" + } }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", @@ -4513,8 +3992,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "4097241605548087035" + "version": "0.26.170.59819", + "templateHash": "4635601566143603046" }, "name": "Role Assignments (All scopes)", "description": "This module deploys a Role Assignment at a Management Group, Subscription or Resource Group scope.", @@ -4619,8 +4098,8 @@ { "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.ptn.authorization-roleassignment.{0}.{1}', replace('0.1.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "apiVersion": "2023-07-01", + "name": "[format('46d3xbcp.ptn.authorization-roleassignment.{0}.{1}', replace('0.1.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -4673,8 +4152,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "8906093264527258150" + "version": "0.26.170.59819", + "templateHash": "13749459126745145624" }, "name": "Role Assignments (Management Group scope)", "description": "This module deploys a Role Assignment at a Management Group scope.", @@ -4837,8 +4316,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "707244099707019442" + "version": "0.26.170.59819", + "templateHash": "4516670639800961845" }, "name": "Role Assignments (Subscription scope)", "description": "This module deploys a Role Assignment at a Subscription scope.", @@ -5009,8 +4488,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "14591941439222880522" + "version": "0.26.170.59819", + "templateHash": "7241874480439813582" }, "name": "Role Assignments (Resource Group scope)", "description": "This module deploys a Role Assignment at a Resource Group scope.", @@ -5175,7 +4654,7 @@ } } }, - "createLzRoleAssignmentsRsgsSelf": { + { "copy": { "name": "createLzRoleAssignmentsRsgsSelf", "count": "[length(variables('roleAssignmentsResourceGroupSelf'))]" @@ -5205,9 +4684,7 @@ }, "resourceGroupName": { "value": "[split(variables('roleAssignmentsResourceGroupSelf')[copyIndex()].relativeScope, '/')[2]]" - }, - "conditionVersion": "[if(not(empty(coalesce(tryGet(variables('roleAssignmentsResourceGroupSelf')[copyIndex()], 'roleAssignmentCondition'), createObject()))), createObject('value', coalesce(tryGet(tryGet(variables('roleAssignmentsResourceGroupSelf')[copyIndex()], 'roleAssignmentCondition'), 'conditionVersion'), '2.0')), createObject('value', null()))]", - "condition": "[if(empty(coalesce(tryGet(variables('roleAssignmentsResourceGroupSelf')[copyIndex()], 'roleAssignmentCondition'), createObject())), createObject('value', null()), if(and(equals(tryGet(tryGet(variables('roleAssignmentsResourceGroupSelf')[copyIndex()], 'roleAssignmentCondition'), 'roleConditionType', 'templateName'), 'constrainRoles'), empty(tryGet(tryGet(variables('roleAssignmentsResourceGroupSelf')[copyIndex()], 'roleAssignmentCondition'), 'delegationCode'))), createObject('value', __bicep.generateCodeRolesType(tryGet(tryGet(variables('roleAssignmentsResourceGroupSelf')[copyIndex()], 'roleAssignmentCondition'), 'roleConditionType'))), if(and(equals(tryGet(tryGet(variables('roleAssignmentsResourceGroupSelf')[copyIndex()], 'roleAssignmentCondition'), 'roleConditionType', 'templateName'), 'constrainRolesAndPrincipalTypes'), empty(tryGet(tryGet(variables('roleAssignmentsResourceGroupSelf')[copyIndex()], 'roleAssignmentCondition'), 'delegationCode'))), createObject('value', __bicep.generateCodeRolesAndPrincipalsTypes(tryGet(tryGet(variables('roleAssignmentsResourceGroupSelf')[copyIndex()], 'roleAssignmentCondition'), 'roleConditionType'))), if(and(equals(tryGet(tryGet(variables('roleAssignmentsResourceGroupSelf')[copyIndex()], 'roleAssignmentCondition'), 'roleConditionType', 'templateName'), 'constrainRolesAndPrincipals'), empty(tryGet(tryGet(variables('roleAssignmentsResourceGroupSelf')[copyIndex()], 'roleAssignmentCondition'), 'delegationCode'))), createObject('value', __bicep.generateCodeRolesAndPrincipals(tryGet(tryGet(variables('roleAssignmentsResourceGroupSelf')[copyIndex()], 'roleAssignmentCondition'), 'roleConditionType'))), if(and(equals(tryGet(tryGet(variables('roleAssignmentsResourceGroupSelf')[copyIndex()], 'roleAssignmentCondition'), 'roleConditionType', 'templateName'), 'excludeRoles'), empty(tryGet(tryGet(variables('roleAssignmentsResourceGroupSelf')[copyIndex()], 'roleAssignmentCondition'), 'delegationCode'))), createObject('value', __bicep.generateCodeExcludeRoles(tryGet(tryGet(variables('roleAssignmentsResourceGroupSelf')[copyIndex()], 'roleAssignmentCondition'), 'roleConditionType'))), if(not(empty(tryGet(tryGet(variables('roleAssignmentsResourceGroupSelf')[copyIndex()], 'roleAssignmentCondition'), 'delegationCode'))), createObject('value', tryGet(tryGet(variables('roleAssignmentsResourceGroupSelf')[copyIndex()], 'roleAssignmentCondition'), 'delegationCode')), createObject('value', null())))))))]" + } }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", @@ -5215,8 +4692,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "4097241605548087035" + "version": "0.26.170.59819", + "templateHash": "4635601566143603046" }, "name": "Role Assignments (All scopes)", "description": "This module deploys a Role Assignment at a Management Group, Subscription or Resource Group scope.", @@ -5321,8 +4798,8 @@ { "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.ptn.authorization-roleassignment.{0}.{1}', replace('0.1.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "apiVersion": "2023-07-01", + "name": "[format('46d3xbcp.ptn.authorization-roleassignment.{0}.{1}', replace('0.1.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -5375,8 +4852,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "8906093264527258150" + "version": "0.26.170.59819", + "templateHash": "13749459126745145624" }, "name": "Role Assignments (Management Group scope)", "description": "This module deploys a Role Assignment at a Management Group scope.", @@ -5539,8 +5016,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "707244099707019442" + "version": "0.26.170.59819", + "templateHash": "4516670639800961845" }, "name": "Role Assignments (Subscription scope)", "description": "This module deploys a Role Assignment at a Subscription scope.", @@ -5711,8 +5188,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "14591941439222880522" + "version": "0.26.170.59819", + "templateHash": "7241874480439813582" }, "name": "Role Assignments (Resource Group scope)", "description": "This module deploys a Role Assignment at a Resource Group scope.", @@ -5877,10 +5354,10 @@ } }, "dependsOn": [ - "createResourceGroupForLzNetworking" + "[subscriptionResourceId(parameters('subscriptionId'), 'Microsoft.Resources/deployments', variables('deploymentNames').createResourceGroupForLzNetworking)]" ] }, - "createLzRoleAssignmentsRsgsNotSelf": { + { "copy": { "name": "createLzRoleAssignmentsRsgsNotSelf", "count": "[length(variables('roleAssignmentsResourceGroupNotSelf'))]" @@ -5910,9 +5387,7 @@ }, "resourceGroupName": { "value": "[split(variables('roleAssignmentsResourceGroupNotSelf')[copyIndex()].relativeScope, '/')[2]]" - }, - "conditionVersion": "[if(not(empty(coalesce(tryGet(variables('roleAssignmentsResourceGroupNotSelf')[copyIndex()], 'roleAssignmentCondition'), createObject()))), createObject('value', coalesce(tryGet(tryGet(variables('roleAssignmentsResourceGroupNotSelf')[copyIndex()], 'roleAssignmentCondition'), 'conditionVersion'), '2.0')), createObject('value', null()))]", - "condition": "[if(empty(coalesce(tryGet(variables('roleAssignmentsResourceGroupNotSelf')[copyIndex()], 'roleAssignmentCondition'), createObject())), createObject('value', null()), if(and(equals(tryGet(tryGet(variables('roleAssignmentsResourceGroupNotSelf')[copyIndex()], 'roleAssignmentCondition'), 'roleConditionType', 'templateName'), 'constrainRoles'), empty(tryGet(tryGet(variables('roleAssignmentsResourceGroupNotSelf')[copyIndex()], 'roleAssignmentCondition'), 'delegationCode'))), createObject('value', __bicep.generateCodeRolesType(tryGet(tryGet(variables('roleAssignmentsResourceGroupNotSelf')[copyIndex()], 'roleAssignmentCondition'), 'roleConditionType'))), if(and(equals(tryGet(tryGet(variables('roleAssignmentsResourceGroupNotSelf')[copyIndex()], 'roleAssignmentCondition'), 'roleConditionType', 'templateName'), 'constrainRolesAndPrincipalTypes'), empty(tryGet(tryGet(variables('roleAssignmentsResourceGroupNotSelf')[copyIndex()], 'roleAssignmentCondition'), 'delegationCode'))), createObject('value', __bicep.generateCodeRolesAndPrincipalsTypes(tryGet(tryGet(variables('roleAssignmentsResourceGroupNotSelf')[copyIndex()], 'roleAssignmentCondition'), 'roleConditionType'))), if(and(equals(tryGet(tryGet(variables('roleAssignmentsResourceGroupNotSelf')[copyIndex()], 'roleAssignmentCondition'), 'roleConditionType', 'templateName'), 'constrainRolesAndPrincipals'), empty(tryGet(tryGet(variables('roleAssignmentsResourceGroupNotSelf')[copyIndex()], 'roleAssignmentCondition'), 'delegationCode'))), createObject('value', __bicep.generateCodeRolesAndPrincipals(tryGet(tryGet(variables('roleAssignmentsResourceGroupNotSelf')[copyIndex()], 'roleAssignmentCondition'), 'roleConditionType'))), if(and(equals(tryGet(tryGet(variables('roleAssignmentsResourceGroupNotSelf')[copyIndex()], 'roleAssignmentCondition'), 'roleConditionType', 'templateName'), 'excludeRoles'), empty(tryGet(tryGet(variables('roleAssignmentsResourceGroupNotSelf')[copyIndex()], 'roleAssignmentCondition'), 'delegationCode'))), createObject('value', __bicep.generateCodeExcludeRoles(tryGet(tryGet(variables('roleAssignmentsResourceGroupNotSelf')[copyIndex()], 'roleAssignmentCondition'), 'roleConditionType'))), if(not(empty(tryGet(tryGet(variables('roleAssignmentsResourceGroupNotSelf')[copyIndex()], 'roleAssignmentCondition'), 'delegationCode'))), createObject('value', tryGet(tryGet(variables('roleAssignmentsResourceGroupNotSelf')[copyIndex()], 'roleAssignmentCondition'), 'delegationCode')), createObject('value', null())))))))]" + } }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#", @@ -5920,8 +5395,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "4097241605548087035" + "version": "0.26.170.59819", + "templateHash": "4635601566143603046" }, "name": "Role Assignments (All scopes)", "description": "This module deploys a Role Assignment at a Management Group, Subscription or Resource Group scope.", @@ -6026,8 +5501,8 @@ { "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.ptn.authorization-roleassignment.{0}.{1}', replace('0.1.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "apiVersion": "2023-07-01", + "name": "[format('46d3xbcp.ptn.authorization-roleassignment.{0}.{1}', replace('0.1.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -6080,8 +5555,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "8906093264527258150" + "version": "0.26.170.59819", + "templateHash": "13749459126745145624" }, "name": "Role Assignments (Management Group scope)", "description": "This module deploys a Role Assignment at a Management Group scope.", @@ -6244,8 +5719,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "707244099707019442" + "version": "0.26.170.59819", + "templateHash": "4516670639800961845" }, "name": "Role Assignments (Subscription scope)", "description": "This module deploys a Role Assignment at a Subscription scope.", @@ -6416,8 +5891,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "14591941439222880522" + "version": "0.26.170.59819", + "templateHash": "7241874480439813582" }, "name": "Role Assignments (Resource Group scope)", "description": "This module deploys a Role Assignment at a Resource Group scope.", @@ -6582,7 +6057,7 @@ } } }, - "createResourceGroupForDeploymentScript": { + { "condition": "[not(empty(parameters('resourceProviders')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -7042,7 +6517,7 @@ } } }, - "createManagedIdentityForDeploymentScript": { + { "condition": "[not(empty(parameters('resourceProviders')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -7496,10 +6971,10 @@ } }, "dependsOn": [ - "createResourceGroupForDeploymentScript" + "[subscriptionResourceId(parameters('subscriptionId'), 'Microsoft.Resources/deployments', variables('deploymentNames').createResourceGroupForDeploymentScript)]" ] }, - "createRoleAssignmentsDeploymentScript": { + { "condition": "[not(empty(parameters('resourceProviders')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -7514,7 +6989,7 @@ "location": { "value": "[parameters('deploymentScriptLocation')]" }, - "principalId": "[if(not(empty(parameters('resourceProviders'))), createObject('value', reference('createManagedIdentityForDeploymentScript').outputs.principalId.value), createObject('value', ''))]", + "principalId": "[if(not(empty(parameters('resourceProviders'))), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('deploymentScriptResourceGroupName')), 'Microsoft.Resources/deployments', variables('deploymentNames').createDeploymentScriptManagedIdentity), '2022-09-01').outputs.principalId.value), createObject('value', ''))]", "roleDefinitionIdOrName": { "value": "Contributor" }, @@ -7528,8 +7003,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "4097241605548087035" + "version": "0.26.170.59819", + "templateHash": "4635601566143603046" }, "name": "Role Assignments (All scopes)", "description": "This module deploys a Role Assignment at a Management Group, Subscription or Resource Group scope.", @@ -7634,8 +7109,8 @@ { "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.ptn.authorization-roleassignment.{0}.{1}', replace('0.1.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "apiVersion": "2023-07-01", + "name": "[format('46d3xbcp.ptn.authorization-roleassignment.{0}.{1}', replace('0.1.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -7688,8 +7163,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "8906093264527258150" + "version": "0.26.170.59819", + "templateHash": "13749459126745145624" }, "name": "Role Assignments (Management Group scope)", "description": "This module deploys a Role Assignment at a Management Group scope.", @@ -7852,8 +7327,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "707244099707019442" + "version": "0.26.170.59819", + "templateHash": "4516670639800961845" }, "name": "Role Assignments (Subscription scope)", "description": "This module deploys a Role Assignment at a Subscription scope.", @@ -8024,8 +7499,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "14591941439222880522" + "version": "0.26.170.59819", + "templateHash": "7241874480439813582" }, "name": "Role Assignments (Resource Group scope)", "description": "This module deploys a Role Assignment at a Resource Group scope.", @@ -8190,10 +7665,10 @@ } }, "dependsOn": [ - "createManagedIdentityForDeploymentScript" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('deploymentScriptResourceGroupName')), 'Microsoft.Resources/deployments', variables('deploymentNames').createDeploymentScriptManagedIdentity)]" ] }, - "createRoleAssignmentsDeploymentScriptStorageAccount": { + { "condition": "[not(empty(parameters('resourceProviders')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -8208,7 +7683,7 @@ "location": { "value": "[parameters('deploymentScriptLocation')]" }, - "principalId": "[if(not(empty(parameters('resourceProviders'))), createObject('value', reference('createManagedIdentityForDeploymentScript').outputs.principalId.value), createObject('value', ''))]", + "principalId": "[if(not(empty(parameters('resourceProviders'))), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('deploymentScriptResourceGroupName')), 'Microsoft.Resources/deployments', variables('deploymentNames').createDeploymentScriptManagedIdentity), '2022-09-01').outputs.principalId.value), createObject('value', ''))]", "roleDefinitionIdOrName": { "value": "/providers/Microsoft.Authorization/roleDefinitions/69566ab7-960f-475b-8e7c-b3118f30c6bd" }, @@ -8225,8 +7700,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "4097241605548087035" + "version": "0.26.170.59819", + "templateHash": "4635601566143603046" }, "name": "Role Assignments (All scopes)", "description": "This module deploys a Role Assignment at a Management Group, Subscription or Resource Group scope.", @@ -8331,8 +7806,8 @@ { "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", - "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.ptn.authorization-roleassignment.{0}.{1}', replace('0.1.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "apiVersion": "2023-07-01", + "name": "[format('46d3xbcp.ptn.authorization-roleassignment.{0}.{1}', replace('0.1.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -8385,8 +7860,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "8906093264527258150" + "version": "0.26.170.59819", + "templateHash": "13749459126745145624" }, "name": "Role Assignments (Management Group scope)", "description": "This module deploys a Role Assignment at a Management Group scope.", @@ -8549,8 +8024,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "707244099707019442" + "version": "0.26.170.59819", + "templateHash": "4516670639800961845" }, "name": "Role Assignments (Subscription scope)", "description": "This module deploys a Role Assignment at a Subscription scope.", @@ -8721,8 +8196,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "14591941439222880522" + "version": "0.26.170.59819", + "templateHash": "7241874480439813582" }, "name": "Role Assignments (Resource Group scope)", "description": "This module deploys a Role Assignment at a Resource Group scope.", @@ -8887,10 +8362,10 @@ } }, "dependsOn": [ - "createManagedIdentityForDeploymentScript" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('deploymentScriptResourceGroupName')), 'Microsoft.Resources/deployments', variables('deploymentNames').createDeploymentScriptManagedIdentity)]" ] }, - "createDsNsg": { + { "condition": "[not(empty(parameters('resourceProviders')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -9504,10 +8979,10 @@ } }, "dependsOn": [ - "createResourceGroupForDeploymentScript" + "[subscriptionResourceId(parameters('subscriptionId'), 'Microsoft.Resources/deployments', variables('deploymentNames').createResourceGroupForDeploymentScript)]" ] }, - "createDsStorageAccount": { + { "condition": "[not(empty(parameters('resourceProviders')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -9539,7 +9014,7 @@ "virtualNetworkRules": [ { "action": "Allow", - "id": "[if(not(empty(parameters('resourceProviders'))), reference('createDsVnet').outputs.subnetResourceIds.value[0], null())]" + "id": "[if(not(empty(parameters('resourceProviders'))), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('deploymentScriptResourceGroupName')), 'Microsoft.Resources/deployments', variables('deploymentNames').createdsVnet), '2022-09-01').outputs.subnetResourceIds.value[0], null())]" } ] } @@ -14184,11 +13659,11 @@ } }, "dependsOn": [ - "createDsVnet", - "createRoleAssignmentsDeploymentScriptStorageAccount" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('deploymentScriptResourceGroupName')), 'Microsoft.Resources/deployments', variables('deploymentNames').createdsVnet)]", + "[extensionResourceId(managementGroup().id, 'Microsoft.Resources/deployments', take(format('{0}', variables('deploymentNames').createRoleAssignmentsDeploymentScriptStorageAccount), 64))]" ] }, - "createDsVnet": { + { "condition": "[not(empty(parameters('resourceProviders')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -14212,7 +13687,7 @@ "[parameters('virtualNetworkDeploymentScriptAddressPrefix')]" ] }, - "subnets": "[if(not(empty(parameters('resourceProviders'))), createObject('value', createArray(createObject('addressPrefix', if(not(empty(parameters('resourceProviders'))), cidrSubnet(parameters('virtualNetworkDeploymentScriptAddressPrefix'), 24, 0), null()), 'name', 'ds-subnet-001', 'networkSecurityGroupResourceId', if(not(empty(parameters('resourceProviders'))), reference('createDsNsg').outputs.resourceId.value, null()), 'serviceEndpoints', createArray('Microsoft.Storage'), 'delegation', 'Microsoft.ContainerInstance/containerGroups'))), createObject('value', null()))]", + "subnets": "[if(not(empty(parameters('resourceProviders'))), createObject('value', createArray(createObject('addressPrefix', if(not(empty(parameters('resourceProviders'))), cidrSubnet(parameters('virtualNetworkDeploymentScriptAddressPrefix'), 24, 0), null()), 'name', 'ds-subnet-001', 'networkSecurityGroupResourceId', if(not(empty(parameters('resourceProviders'))), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('deploymentScriptResourceGroupName')), 'Microsoft.Resources/deployments', variables('deploymentNames').createDsNsg), '2022-09-01').outputs.resourceId.value, null()), 'serviceEndpoints', createArray('Microsoft.Storage'), 'delegation', 'Microsoft.ContainerInstance/containerGroups'))), createObject('value', null()))]", "enableTelemetry": { "value": "[parameters('enableTelemetry')]" } @@ -14224,8 +13699,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.29.47.4906", - "templateHash": "15949466154563447171" + "version": "0.30.23.60470", + "templateHash": "5074972058800471543" }, "name": "Virtual Networks", "description": "This module deploys a Virtual Network (vNet).", @@ -14839,7 +14314,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.network-virtualnetwork.{0}.{1}', replace('0.4.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-virtualnetwork.{0}.{1}', replace('0.4.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -15023,8 +14498,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.29.47.4906", - "templateHash": "5699372618313647761" + "version": "0.30.23.60470", + "templateHash": "6677157161292207910" }, "name": "Virtual Network Subnets", "description": "This module deploys a Virtual Network Subnet.", @@ -15402,8 +14877,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.29.47.4906", - "templateHash": "5206620163504251868" + "version": "0.30.23.60470", + "templateHash": "345394220621166229" }, "name": "Virtual Network Peerings", "description": "This module deploys a Virtual Network Peering.", @@ -15508,7 +14983,8 @@ } }, "dependsOn": [ - "virtualNetwork" + "virtualNetwork", + "virtualNetwork_subnets" ] }, "virtualNetwork_peering_remote": { @@ -15559,8 +15035,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.29.47.4906", - "templateHash": "5206620163504251868" + "version": "0.30.23.60470", + "templateHash": "345394220621166229" }, "name": "Virtual Network Peerings", "description": "This module deploys a Virtual Network Peering.", @@ -15665,7 +15141,8 @@ } }, "dependsOn": [ - "virtualNetwork" + "virtualNetwork", + "virtualNetwork_subnets" ] } }, @@ -15722,10 +15199,10 @@ } }, "dependsOn": [ - "createDsNsg" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('deploymentScriptResourceGroupName')), 'Microsoft.Resources/deployments', variables('deploymentNames').createDsNsg)]" ] }, - "registerResourceProviders": { + { "condition": "[not(empty(parameters('resourceProviders')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -15765,9 +15242,9 @@ "runOnce": { "value": true }, - "managedIdentities": "[if(not(empty(parameters('resourceProviders'))), createObject('value', createObject('userAssignedResourcesIds', createArray(reference('createManagedIdentityForDeploymentScript').outputs.resourceId.value))), createObject('value', null()))]", - "storageAccountResourceId": "[if(not(empty(parameters('resourceProviders'))), createObject('value', reference('createDsStorageAccount').outputs.resourceId.value), createObject('value', null()))]", - "subnetResourceIds": "[if(not(empty(parameters('resourceProviders'))), createObject('value', reference('createDsVnet').outputs.subnetResourceIds.value), createObject('value', null()))]", + "managedIdentities": "[if(not(empty(parameters('resourceProviders'))), createObject('value', createObject('userAssignedResourcesIds', createArray(reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('deploymentScriptResourceGroupName')), 'Microsoft.Resources/deployments', variables('deploymentNames').createDeploymentScriptManagedIdentity), '2022-09-01').outputs.resourceId.value))), createObject('value', null()))]", + "storageAccountResourceId": "[if(not(empty(parameters('resourceProviders'))), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('deploymentScriptResourceGroupName')), 'Microsoft.Resources/deployments', variables('deploymentNames').createDsStorageAccount), '2022-09-01').outputs.resourceId.value), createObject('value', null()))]", + "subnetResourceIds": "[if(not(empty(parameters('resourceProviders'))), createObject('value', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('deploymentScriptResourceGroupName')), 'Microsoft.Resources/deployments', variables('deploymentNames').createdsVnet), '2022-09-01').outputs.subnetResourceIds.value), createObject('value', null()))]", "arguments": { "value": "[format('-resourceProviders ''{0}'' -resourceProvidersFeatures -subscriptionId {1}', variables('resourceProvidersFormatted'), parameters('subscriptionId'))]" }, @@ -16272,71 +15749,71 @@ } }, "dependsOn": [ - "createDsStorageAccount", - "createDsVnet", - "createManagedIdentityForDeploymentScript" + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('deploymentScriptResourceGroupName')), 'Microsoft.Resources/deployments', variables('deploymentNames').createDsStorageAccount)]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('deploymentScriptResourceGroupName')), 'Microsoft.Resources/deployments', variables('deploymentNames').createdsVnet)]", + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('deploymentScriptResourceGroupName')), 'Microsoft.Resources/deployments', variables('deploymentNames').createDeploymentScriptManagedIdentity)]" ] } - }, + ], "outputs": { "failedProviders": { "type": "string", - "value": "[if(not(empty(parameters('resourceProviders'))), reference('registerResourceProviders').outputs.outputs.value.failedProvidersRegistrations, '')]" + "value": "[if(not(empty(parameters('resourceProviders'))), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('deploymentScriptResourceGroupName')), 'Microsoft.Resources/deployments', variables('deploymentNames').registerResourceProviders), '2022-09-01').outputs.outputs.value.failedProvidersRegistrations, '')]" }, "failedFeatures": { "type": "string", - "value": "[if(not(empty(parameters('resourceProviders'))), reference('registerResourceProviders').outputs.outputs.value.failedFeaturesRegistrations, '')]" + "value": "[if(not(empty(parameters('resourceProviders'))), reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('subscriptionId'), parameters('deploymentScriptResourceGroupName')), 'Microsoft.Resources/deployments', variables('deploymentNames').registerResourceProviders), '2022-09-01').outputs.outputs.value.failedFeaturesRegistrations, '')]" } } } }, "dependsOn": [ - "createSubscription" + "[extensionResourceId(managementGroup().id, 'Microsoft.Resources/deployments', variables('deploymentNames').createSubscription)]" ] } - }, + ], "outputs": { "subscriptionId": { "type": "string", "metadata": { "description": "The Subscription ID that has been created or provided." }, - "value": "[if(and(parameters('subscriptionAliasEnabled'), empty(parameters('existingSubscriptionId'))), reference('createSubscription').outputs.subscriptionId.value, if(contains(variables('existingSubscriptionIDEmptyCheck'), 'No Subscription ID Provided'), variables('existingSubscriptionIDEmptyCheck'), format('{0}', parameters('existingSubscriptionId'))))]" + "value": "[if(and(parameters('subscriptionAliasEnabled'), empty(parameters('existingSubscriptionId'))), reference(extensionResourceId(managementGroup().id, 'Microsoft.Resources/deployments', variables('deploymentNames').createSubscription), '2022-09-01').outputs.subscriptionId.value, if(contains(variables('existingSubscriptionIDEmptyCheck'), 'No Subscription ID Provided'), variables('existingSubscriptionIDEmptyCheck'), format('{0}', parameters('existingSubscriptionId'))))]" }, "subscriptionResourceId": { "type": "string", "metadata": { "description": "The Subscription Resource ID that has been created or provided." }, - "value": "[if(and(parameters('subscriptionAliasEnabled'), empty(parameters('existingSubscriptionId'))), reference('createSubscription').outputs.subscriptionResourceId.value, if(contains(variables('existingSubscriptionIDEmptyCheck'), 'No Subscription ID Provided'), variables('existingSubscriptionIDEmptyCheck'), format('/subscriptions/{0}', parameters('existingSubscriptionId'))))]" + "value": "[if(and(parameters('subscriptionAliasEnabled'), empty(parameters('existingSubscriptionId'))), reference(extensionResourceId(managementGroup().id, 'Microsoft.Resources/deployments', variables('deploymentNames').createSubscription), '2022-09-01').outputs.subscriptionResourceId.value, if(contains(variables('existingSubscriptionIDEmptyCheck'), 'No Subscription ID Provided'), variables('existingSubscriptionIDEmptyCheck'), format('/subscriptions/{0}', parameters('existingSubscriptionId'))))]" }, "subscriptionAcceptOwnershipState": { "type": "string", "metadata": { "description": "The Subscription Owner State. Only used when creating MCA Subscriptions across tenants." }, - "value": "[if(and(and(and(parameters('subscriptionAliasEnabled'), empty(parameters('existingSubscriptionId'))), not(empty(parameters('subscriptionTenantId')))), not(empty(parameters('subscriptionOwnerId')))), reference('createSubscription').outputs.subscriptionAcceptOwnershipState.value, 'N/A')]" + "value": "[if(and(and(and(parameters('subscriptionAliasEnabled'), empty(parameters('existingSubscriptionId'))), not(empty(parameters('subscriptionTenantId')))), not(empty(parameters('subscriptionOwnerId')))), reference(extensionResourceId(managementGroup().id, 'Microsoft.Resources/deployments', variables('deploymentNames').createSubscription), '2022-09-01').outputs.subscriptionAcceptOwnershipState.value, 'N/A')]" }, "subscriptionAcceptOwnershipUrl": { "type": "string", "metadata": { "description": "The Subscription Ownership URL. Only used when creating MCA Subscriptions across tenants." }, - "value": "[if(and(and(and(parameters('subscriptionAliasEnabled'), empty(parameters('existingSubscriptionId'))), not(empty(parameters('subscriptionTenantId')))), not(empty(parameters('subscriptionOwnerId')))), reference('createSubscription').outputs.subscriptionAcceptOwnershipUrl.value, 'N/A')]" + "value": "[if(and(and(and(parameters('subscriptionAliasEnabled'), empty(parameters('existingSubscriptionId'))), not(empty(parameters('subscriptionTenantId')))), not(empty(parameters('subscriptionOwnerId')))), reference(extensionResourceId(managementGroup().id, 'Microsoft.Resources/deployments', variables('deploymentNames').createSubscription), '2022-09-01').outputs.subscriptionAcceptOwnershipUrl.value, 'N/A')]" }, "failedResourceProviders": { "type": "string", "metadata": { "description": "The resource providers that failed to register." }, - "value": "[if(not(empty(parameters('resourceProviders'))), reference('createSubscriptionResources').outputs.failedProviders.value, '')]" + "value": "[if(not(empty(parameters('resourceProviders'))), reference(extensionResourceId(managementGroup().id, 'Microsoft.Resources/deployments', variables('deploymentNames').createSubscriptionResources), '2022-09-01').outputs.failedProviders.value, '')]" }, "failedResourceProvidersFeatures": { "type": "string", "metadata": { "description": "The resource providers features that failed to register." }, - "value": "[if(not(empty(parameters('resourceProviders'))), reference('createSubscriptionResources').outputs.failedFeatures.value, '')]" + "value": "[if(not(empty(parameters('resourceProviders'))), reference(extensionResourceId(managementGroup().id, 'Microsoft.Resources/deployments', variables('deploymentNames').createSubscriptionResources), '2022-09-01').outputs.failedFeatures.value, '')]" } } } \ No newline at end of file