feat: add additional input parameters and child module for App Insigh…

…ts AVM module (Azure#896) ## Description closes Azure#895 ## Pipeline [![avm.res.insights.component](https://github.com/tyconsulting/bicep-registry-modules/actions/workflows/avm.res.insights.component.yml/badge.svg?branch=users%2Ftao%2F895_appInsights)](https://github.com/tyconsulting/bicep-registry-modules/actions/workflows/avm.res.insights.component.yml) ## Adding a new module  - [ ] A proposal has been submitted and approved. - [ ] I have included "Closes #{module_proposal_issue_number}" in the PR description. - [ ] I have run `brm validate` locally to verify the module files. - [ ] I have run deployment tests locally to ensure the module is deployable. ## Updating an existing module  - [ ] This is a bug fix: - [ ] Someone has opened a bug report issue, and I have included "Closes #{bug_report_issue_number}" in the PR description. - [ ] The bug was found by the module author, and no one has opened an issue to report it yet. - [ ] I have run `brm validate` locally to verify the module files. - [x] I have run deployment tests locally to ensure the module is deployable. - [x] I have read the [Updating an existing module](https://github.com/Azure/bicep-registry-modules/blob/main/CONTRIBUTING.md#updating-an-existing-module) section in the contributing guide and updated the `version.json` file properly: - [ ] The PR contains backwards compatible bug fixes, and I have NOT bumped the MAJOR or MINOR version in `version.json`. - [x] The PR contains backwards compatible feature updates, and I have bumped the MINOR version in `version.json`. - [ ] The PR contains breaking changes, and I have bumped the MAJOR version in `version.json`. - [x] I have updated the examples in README with the latest module version number. --------- Co-authored-by: Kris Baranek <[email protected]>
segraef · Feb 5, 2024 · 2194eb1 · 2194eb1
1 parent 33eddb5
commit 2194eb1
Show file tree

Hide file tree

Showing 10 changed files with 386 additions and 8 deletions.
diff --git a/avm/res/insights/component/README.md b/avm/res/insights/component/README.md
@@ -17,6 +17,7 @@ This component deploys an Application Insights instance.
 | :-- | :-- |
 | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) |
 | `Microsoft.Insights/components` | [2020-02-02](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2020-02-02/components) |
+| `microsoft.insights/components/linkedStorageAccounts` | [2020-03-01-preview](https://learn.microsoft.com/en-us/azure/templates/microsoft.insights/2020-03-01-preview/components/linkedStorageAccounts) |
 | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) |
 
 ## Usage examples
@@ -114,6 +115,10 @@ module component 'br/public:avm/res/insights/component:<version>' = {
         workspaceResourceId: '<workspaceResourceId>'
       }
     ]
+    disableIpMasking: false
+    disableLocalAuth: true
+    forceCustomerStorageForProfiler: true
+    linkedStorageAccountResourceId: '<linkedStorageAccountResourceId>'
     location: '<location>'
     roleAssignments: [
       {
@@ -177,6 +182,18 @@ module component 'br/public:avm/res/insights/component:<version>' = {
         }
       ]
     },
+    "disableIpMasking": {
+      "value": false
+    },
+    "disableLocalAuth": {
+      "value": true
+    },
+    "forceCustomerStorageForProfiler": {
+      "value": true
+    },
+    "linkedStorageAccountResourceId": {
+      "value": "<linkedStorageAccountResourceId>"
+    },
     "location": {
       "value": "<location>"
     },
@@ -323,8 +340,12 @@ module component 'br/public:avm/res/insights/component:<version>' = {
 | :-- | :-- | :-- |
 | [`applicationType`](#parameter-applicationtype) | string | Application type. |
 | [`diagnosticSettings`](#parameter-diagnosticsettings) | array | The diagnostic settings of the service. |
+| [`disableIpMasking`](#parameter-disableipmasking) | bool | Disable IP masking. Default value is set to true. |
+| [`disableLocalAuth`](#parameter-disablelocalauth) | bool | Disable Non-AAD based Auth. Default value is set to false. |
 | [`enableTelemetry`](#parameter-enabletelemetry) | bool | Enable/Disable usage telemetry for module. |
+| [`forceCustomerStorageForProfiler`](#parameter-forcecustomerstorageforprofiler) | bool | Force users to create their own storage account for profiler and debugger. |
 | [`kind`](#parameter-kind) | string | The kind of application that this component refers to, used to customize UI. This value is a freeform string, values should typically be one of the following: web, ios, other, store, java, phone. |
+| [`linkedStorageAccountResourceId`](#parameter-linkedstorageaccountresourceid) | string | Linked storage account resource ID. |
 | [`location`](#parameter-location) | string | Location for all Resources. |
 | [`publicNetworkAccessForIngestion`](#parameter-publicnetworkaccessforingestion) | string | The network access type for accessing Application Insights ingestion. - Enabled or Disabled. |
 | [`publicNetworkAccessForQuery`](#parameter-publicnetworkaccessforquery) | string | The network access type for accessing Application Insights query. - Enabled or Disabled. |
@@ -453,6 +474,22 @@ Resource ID of the diagnostic log analytics workspace. For security reasons, it
 - Required: No
 - Type: string
 
+### Parameter: `disableIpMasking`
+
+Disable IP masking. Default value is set to true.
+
+- Required: No
+- Type: bool
+- Default: `True`
+
+### Parameter: `disableLocalAuth`
+
+Disable Non-AAD based Auth. Default value is set to false.
+
+- Required: No
+- Type: bool
+- Default: `False`
+
 ### Parameter: `enableTelemetry`
 
 Enable/Disable usage telemetry for module.
@@ -461,6 +498,14 @@ Enable/Disable usage telemetry for module.
 - Type: bool
 - Default: `True`
 
+### Parameter: `forceCustomerStorageForProfiler`
+
+Force users to create their own storage account for profiler and debugger.
+
+- Required: No
+- Type: bool
+- Default: `False`
+
 ### Parameter: `kind`
 
 The kind of application that this component refers to, used to customize UI. This value is a freeform string, values should typically be one of the following: web, ios, other, store, java, phone.
@@ -469,6 +514,14 @@ The kind of application that this component refers to, used to customize UI. Thi
 - Type: string
 - Default: `''`
 
+### Parameter: `linkedStorageAccountResourceId`
+
+Linked storage account resource ID.
+
+- Required: No
+- Type: string
+- Default: `''`
+
 ### Parameter: `location`
 
 Location for all Resources.

diff --git a/avm/res/insights/component/linkedStorageAccounts/README.md b/avm/res/insights/component/linkedStorageAccounts/README.md
@@ -0,0 +1,62 @@
+# Application Insights Linked Storage Account `[microsoft.insights/components/linkedStorageAccounts]`
+
+This component deploys an Application Insights Linked Storage Account.
+
+## Navigation
+
+- [Resource Types](#Resource-Types)
+- [Parameters](#Parameters)
+- [Outputs](#Outputs)
+- [Cross-referenced modules](#Cross-referenced-modules)
+- [Data Collection](#Data-Collection)
+
+## Resource Types
+
+| Resource Type | API Version |
+| :-- | :-- |
+| `microsoft.insights/components/linkedStorageAccounts` | [2020-03-01-preview](https://learn.microsoft.com/en-us/azure/templates/microsoft.insights/2020-03-01-preview/components/linkedStorageAccounts) |
+
+## Parameters
+
+**Required parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`storageAccountResourceId`](#parameter-storageaccountresourceid) | string | Linked storage account resource ID. |
+
+**Conditional parameters**
+
+| Parameter | Type | Description |
+| :-- | :-- | :-- |
+| [`appInsightsName`](#parameter-appinsightsname) | string | The name of the parent Application Insights instance. Required if the template is used in a standalone deployment. |
+
+### Parameter: `storageAccountResourceId`
+
+Linked storage account resource ID.
+
+- Required: Yes
+- Type: string
+
+### Parameter: `appInsightsName`
+
+The name of the parent Application Insights instance. Required if the template is used in a standalone deployment.
+
+- Required: Yes
+- Type: string
+
+
+## Outputs
+
+| Output | Type | Description |
+| :-- | :-- | :-- |
+| `name` | string | The name of the Linked Storage Account. |
+| `resourceGroupName` | string | The resource group the agent pool was deployed into. |
+| `resourceId` | string | The resource ID of the Linked Storage Account. |
+
+## Cross-referenced modules
+
+_None_
+
+## Data Collection
+
+The software may collect information about you and your use of the software and send it to Microsoft. Microsoft may use this information to provide services and improve our products and services. You may turn off the telemetry as described in the [repository](https://aka.ms/avm/telemetry). There are also some features in the software that may enable you and Microsoft to collect data from users of your applications. If you use these features, you must comply with applicable law, including providing appropriate notices to users of your applications together with a copy of Microsoft’s privacy statement. Our privacy statement is located at <https://go.microsoft.com/fwlink/?LinkID=824704>. You can learn more about data collection and use in the help documentation and our privacy statement. Your use of the software operates as your consent to these practices.
diff --git a/avm/res/insights/component/linkedStorageAccounts/main.bicep b/avm/res/insights/component/linkedStorageAccounts/main.bicep
@@ -0,0 +1,30 @@
+metadata name = 'Application Insights Linked Storage Account'
+metadata description = 'This component deploys an Application Insights Linked Storage Account.'
+metadata owner = 'Azure/module-maintainers'
+
+@description('Conditional. The name of the parent Application Insights instance. Required if the template is used in a standalone deployment.')
+param appInsightsName string
+
+@description('Required. Linked storage account resource ID.')
+param storageAccountResourceId string
+
+resource appInsights 'Microsoft.Insights/components@2020-02-02' existing = {
+  name: appInsightsName
+}
+
+resource linkedStorageAccount 'Microsoft.Insights/components/linkedStorageAccounts@2020-03-01-preview' = {
+  name: 'ServiceProfiler'
+  parent: appInsights
+  properties: {
+    linkedStorageAccount: storageAccountResourceId
+  }
+}
+
+@description('The name of the Linked Storage Account.')
+output name string = linkedStorageAccount.name
+
+@description('The resource ID of the Linked Storage Account.')
+output resourceId string = linkedStorageAccount.id
+
+@description('The resource group the agent pool was deployed into.')
+output resourceGroupName string = resourceGroup().name
diff --git a/avm/res/insights/component/linkedStorageAccounts/main.json b/avm/res/insights/component/linkedStorageAccounts/main.json
@@ -0,0 +1,61 @@
+{
+  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
+  "contentVersion": "1.0.0.0",
+  "metadata": {
+    "_generator": {
+      "name": "bicep",
+      "version": "0.24.24.22086",
+      "templateHash": "15481388144279509267"
+    },
+    "name": "Application Insights Linked Storage Account",
+    "description": "This component deploys an Application Insights Linked Storage Account.",
+    "owner": "Azure/module-maintainers"
+  },
+  "parameters": {
+    "appInsightsName": {
+      "type": "string",
+      "metadata": {
+        "description": "Conditional. The name of the parent Application Insights instance. Required if the template is used in a standalone deployment."
+      }
+    },
+    "storageAccountResourceId": {
+      "type": "string",
+      "metadata": {
+        "description": "Required. Linked storage account resource ID."
+      }
+    }
+  },
+  "resources": [
+    {
+      "type": "microsoft.insights/components/linkedStorageAccounts",
+      "apiVersion": "2020-03-01-preview",
+      "name": "[format('{0}/{1}', parameters('appInsightsName'), 'ServiceProfiler')]",
+      "properties": {
+        "linkedStorageAccount": "[parameters('storageAccountResourceId')]"
+      }
+    }
+  ],
+  "outputs": {
+    "name": {
+      "type": "string",
+      "metadata": {
+        "description": "The name of the Linked Storage Account."
+      },
+      "value": "ServiceProfiler"
+    },
+    "resourceId": {
+      "type": "string",
+      "metadata": {
+        "description": "The resource ID of the Linked Storage Account."
+      },
+      "value": "[resourceId('microsoft.insights/components/linkedStorageAccounts', parameters('appInsightsName'), 'ServiceProfiler')]"
+    },
+    "resourceGroupName": {
+      "type": "string",
+      "metadata": {
+        "description": "The resource group the agent pool was deployed into."
+      },
+      "value": "[resourceGroup().name]"
+    }
+  }
+}
diff --git a/avm/res/insights/component/linkedStorageAccounts/version.json b/avm/res/insights/component/linkedStorageAccounts/version.json
@@ -0,0 +1,7 @@
+{
+  "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#",
+  "version": "0.2",
+  "pathFilters": [
+    "./main.json"
+  ]
+}
diff --git a/avm/res/insights/component/main.bicep b/avm/res/insights/component/main.bicep
@@ -15,6 +15,18 @@ param applicationType string = 'web'
 @description('Required. Resource ID of the log analytics workspace which the data will be ingested to. This property is required to create an application with this API version. Applications from older versions will not have this property.')
 param workspaceResourceId string
 
+@description('Optional. Disable IP masking. Default value is set to true.')
+param disableIpMasking bool = true
+
+@description('Optional. Disable Non-AAD based Auth. Default value is set to false.')
+param disableLocalAuth bool = false
+
+@description('Optional. Force users to create their own storage account for profiler and debugger.')
+param forceCustomerStorageForProfiler bool = false
+
+@description('Optional. Linked storage account resource ID.')
+param linkedStorageAccountResourceId string = ''
+
 @description('Optional. The network access type for accessing Application Insights ingestion. - Enabled or Disabled.')
 @allowed([
   'Enabled'
@@ -99,6 +111,9 @@ resource appInsights 'Microsoft.Insights/components@2020-02-02' = {
   kind: kind
   properties: {
     Application_Type: applicationType
+    DisableIpMasking: disableIpMasking
+    DisableLocalAuth: disableLocalAuth
+    ForceCustomerStorageForProfiler: forceCustomerStorageForProfiler
     WorkspaceResourceId: workspaceResourceId
     publicNetworkAccessForIngestion: publicNetworkAccessForIngestion
     publicNetworkAccessForQuery: publicNetworkAccessForQuery
@@ -107,6 +122,14 @@ resource appInsights 'Microsoft.Insights/components@2020-02-02' = {
   }
 }
 
+module linkedStorageAccount 'linkedStorageAccounts/main.bicep' = if (!empty(linkedStorageAccountResourceId)) {
+  name: '${uniqueString(deployment().name, location)}-appInsights-linkedStorageAccount'
+  params: {
+    appInsightsName: appInsights.name
+    storageAccountResourceId: linkedStorageAccountResourceId
+  }
+}
+
 resource appInsights_roleAssignments 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for (roleAssignment, index) in (roleAssignments ?? []): {
   name: guid(appInsights.id, roleAssignment.principalId, roleAssignment.roleDefinitionIdOrName)
   properties: {