Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #4 from segraef/avm/res/network/application-securi…
Browse files Browse the repository at this point in the history
…ty-group

feat: avm/res/network/application-security-group
segraef authored Dec 21, 2023

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
2 parents d1b2e4b + 911c7d4 commit 345e5b6
Showing 10 changed files with 1,107 additions and 1 deletion.
2 changes: 1 addition & 1 deletion .github/CODEOWNERS
This CODEOWNERS file contains errors

CODEOWNERS errors

  • Unknown owner on line 1: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    * @Azure/bicep-admins @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 1: make sure the team @Azure/bicep-admins exists, is publicly visible, and has write access to the repository
    * @Azure/bicep-admins @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 2: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    /.github/ @Azure/bicep-admins @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 2: make sure the team @Azure/bicep-admins exists, is publicly visible, and has write access to the repository
    /.github/ @Azure/bicep-admins @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 3: make sure the team @Azure/bicep-admins exists, is publicly visible, and has write access to the repository
    /scripts/ @Azure/bicep-admins @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 3: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    /scripts/ @Azure/bicep-admins @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 4: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    /avm/ @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 5: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    /avm/utilities/ @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 8: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    …t-service-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 8: make sure the team @Azure/avm-res-apimanagement-service-module-owners-bicep exists, is publicly visible, and has write access to the repository
    …m/res/api-management/service/ @Azure/avm-res-apimanagement-service-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 19: make sure the team @Azure/avm-res-automation-automationaccount-module-owners-bicep exists, is publicly visible, and has write access to the repository
    …utomation/automation-account/ @Azure/avm-res-automation-automationaccount-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 19: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    …onaccount-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 20: make sure the team @Azure/avm-res-batch-batchaccount-module-owners-bicep exists, is publicly visible, and has write access to the repository
    /avm/res/batch/batch-account/ @Azure/avm-res-batch-batchaccount-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 20: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    …chaccount-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 23: make sure the team @Azure/avm-res-cognitiveservices-account-module-owners-bicep exists, is publicly visible, and has write access to the repository
    …s/cognitive-services/account/ @Azure/avm-res-cognitiveservices-account-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 23: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    …s-account-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 30: make sure the team @Azure/avm-res-compute-sshpublickey-module-owners-bicep exists, is publicly visible, and has write access to the repository
    …m/res/compute/ssh-public-key/ @Azure/avm-res-compute-sshpublickey-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 30: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    …publickey-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 39: make sure the team @Azure/avm-res-datafactory-factory-module-owners-bicep exists, is publicly visible, and has write access to the repository
    …avm/res/data-factory/factory/ @Azure/avm-res-datafactory-factory-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 39: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    …y-factory-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 42: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    …bleserver-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 42: make sure the team @Azure/avm-res-dbforpostgresql-flexibleserver-module-owners-bicep exists, is publicly visible, and has write access to the repository
    …-postgre-sql/flexible-server/ @Azure/avm-res-dbforpostgresql-flexibleserver-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 50: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    …seaccount-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 50: make sure the team @Azure/avm-res-documentdb-databaseaccount-module-owners-bicep exists, is publicly visible, and has write access to the repository
    …document-db/database-account/ @Azure/avm-res-documentdb-databaseaccount-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 51: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    …id-domain-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 51: make sure the team @Azure/avm-res-eventgrid-domain-module-owners-bicep exists, is publicly visible, and has write access to the repository
    /avm/res/event-grid/domain/ @Azure/avm-res-eventgrid-domain-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 52: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    …stemtopic-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 52: make sure the team @Azure/avm-res-eventgrid-systemtopic-module-owners-bicep exists, is publicly visible, and has write access to the repository
    …/res/event-grid/system-topic/ @Azure/avm-res-eventgrid-systemtopic-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 53: make sure the team @Azure/avm-res-eventgrid-topic-module-owners-bicep exists, is publicly visible, and has write access to the repository
    /avm/res/event-grid/topic/ @Azure/avm-res-eventgrid-topic-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 53: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    …rid-topic-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 57: make sure the team @Azure/avm-res-insights-actiongroup-module-owners-bicep exists, is publicly visible, and has write access to the repository
    …vm/res/insights/action-group/ @Azure/avm-res-insights-actiongroup-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 57: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    …tiongroup-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 58: make sure the team @Azure/avm-res-insights-activitylogalert-module-owners-bicep exists, is publicly visible, and has write access to the repository
    …/insights/activity-log-alert/ @Azure/avm-res-insights-activitylogalert-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 58: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    …ylogalert-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 59: make sure the team @Azure/avm-res-insights-component-module-owners-bicep exists, is publicly visible, and has write access to the repository
    /avm/res/insights/component/ @Azure/avm-res-insights-component-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 59: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    …component-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 60: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    …nendpoint-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 60: make sure the team @Azure/avm-res-insights-datacollectionendpoint-module-owners-bicep exists, is publicly visible, and has write access to the repository
    …hts/data-collection-endpoint/ @Azure/avm-res-insights-datacollectionendpoint-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 61: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    …ctionrule-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 61: make sure the team @Azure/avm-res-insights-datacollectionrule-module-owners-bicep exists, is publicly visible, and has write access to the repository
    …nsights/data-collection-rule/ @Azure/avm-res-insights-datacollectionrule-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 62: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    …icsetting-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 62: make sure the team @Azure/avm-res-insights-diagnosticsetting-module-owners-bicep exists, is publicly visible, and has write access to the repository
    …/insights/diagnostic-setting/ @Azure/avm-res-insights-diagnosticsetting-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 63: make sure the team @Azure/avm-res-insights-metricalert-module-owners-bicep exists, is publicly visible, and has write access to the repository
    …vm/res/insights/metric-alert/ @Azure/avm-res-insights-metricalert-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 63: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    …tricalert-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 65: make sure the team @Azure/avm-res-insights-scheduledqueryrule-module-owners-bicep exists, is publicly visible, and has write access to the repository
    …nsights/scheduled-query-rule/ @Azure/avm-res-insights-scheduledqueryrule-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 65: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    …queryrule-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 66: make sure the team @Azure/avm-res-insights-webtest-module-owners-bicep exists, is publicly visible, and has write access to the repository
    /avm/res/insights/webtest/ @Azure/avm-res-insights-webtest-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 66: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    …s-webtest-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 67: make sure the team @Azure/avm-res-keyvault-vault-module-owners-bicep exists, is publicly visible, and has write access to the repository
    /avm/res/key-vault/vault/ @Azure/avm-res-keyvault-vault-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 67: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    …ult-vault-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 68: make sure the team @Azure/avm-res-kubernetesconfiguration-extension-module-owners-bicep exists, is publicly visible, and has write access to the repository
    …etes-configuration/extension/ @Azure/avm-res-kubernetesconfiguration-extension-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 68: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    …extension-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 69: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    …iguration-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 69: make sure the team @Azure/avm-res-kubernetesconfiguration-fluxconfiguration-module-owners-bicep exists, is publicly visible, and has write access to the repository
    …iguration/flux-configuration/ @Azure/avm-res-kubernetesconfiguration-fluxconfiguration-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 71: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    …-workflow-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 71: make sure the team @Azure/avm-res-logic-workflow-module-owners-bicep exists, is publicly visible, and has write access to the repository
    /avm/res/logic/workflow/ @Azure/avm-res-logic-workflow-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 73: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    …iguration-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 73: make sure the team @Azure/avm-res-maintenance-maintenanceconfiguration-module-owners-bicep exists, is publicly visible, and has write access to the repository
    …ce/maintenance-configuration/ @Azure/avm-res-maintenance-maintenanceconfiguration-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 74: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    …didentity-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 74: make sure the team @Azure/avm-res-managedidentity-userassignedidentity-module-owners-bicep exists, is publicly visible, and has write access to the repository
    …ntity/user-assigned-identity/ @Azure/avm-res-managedidentity-userassignedidentity-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 80: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    …ritygroup-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 80: make sure the team @Azure/avm-res-network-applicationsecuritygroup-module-owners-bicep exists, is publicly visible, and has write access to the repository
    …k/application-security-group/ @Azure/avm-res-network-applicationsecuritygroup-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 82: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    …stionhost-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 82: make sure the team @Azure/avm-res-network-bastionhost-module-owners-bicep exists, is publicly visible, and has write access to the repository
    …avm/res/network/bastion-host/ @Azure/avm-res-network-bastionhost-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 84: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    …ctionplan-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 84: make sure the team @Azure/avm-res-network-ddosprotectionplan-module-owners-bicep exists, is publicly visible, and has write access to the repository
    …network/ddos-protection-plan/ @Azure/avm-res-network-ddosprotectionplan-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 85: make sure the team @Azure/avm-res-network-dnsforwardingruleset-module-owners-bicep exists, is publicly visible, and has write access to the repository
    …twork/dns-forwarding-ruleset/ @Azure/avm-res-network-dnsforwardingruleset-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 85: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    …ngruleset-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 86: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    …sresolver-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 86: make sure the team @Azure/avm-res-network-dnsresolver-module-owners-bicep exists, is publicly visible, and has write access to the repository
    …avm/res/network/dns-resolver/ @Azure/avm-res-network-dnsresolver-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 87: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    …k-dnszone-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 87: make sure the team @Azure/avm-res-network-dnszone-module-owners-bicep exists, is publicly visible, and has write access to the repository
    /avm/res/network/dns-zone/ @Azure/avm-res-network-dnszone-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 88: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    …tecircuit-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 88: make sure the team @Azure/avm-res-network-expressroutecircuit-module-owners-bicep exists, is publicly visible, and has write access to the repository
    …etwork/express-route-circuit/ @Azure/avm-res-network-expressroutecircuit-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 89: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    …tegateway-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 89: make sure the team @Azure/avm-res-network-expressroutegateway-module-owners-bicep exists, is publicly visible, and has write access to the repository
    …etwork/express-route-gateway/ @Azure/avm-res-network-expressroutegateway-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 94: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    …dbalancer-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 94: make sure the team @Azure/avm-res-network-loadbalancer-module-owners-bicep exists, is publicly visible, and has write access to the repository
    …vm/res/network/load-balancer/ @Azure/avm-res-network-loadbalancer-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 97: make sure the team @Azure/avm-res-network-networkinterface-module-owners-bicep exists, is publicly visible, and has write access to the repository
    …es/network/network-interface/ @Azure/avm-res-network-networkinterface-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 97: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    …interface-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 99: make sure the team @Azure/avm-res-network-networksecuritygroup-module-owners-bicep exists, is publicly visible, and has write access to the repository
    …twork/network-security-group/ @Azure/avm-res-network-networksecuritygroup-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 99: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    …ritygroup-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 101: make sure the team @Azure/avm-res-network-privatednszone-module-owners-bicep exists, is publicly visible, and has write access to the repository
    …res/network/private-dns-zone/ @Azure/avm-res-network-privatednszone-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 101: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    …tednszone-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 102: make sure the team @Azure/avm-res-network-privateendpoint-module-owners-bicep exists, is publicly visible, and has write access to the repository
    …res/network/private-endpoint/ @Azure/avm-res-network-privateendpoint-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 102: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    …eendpoint-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 104: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    …ipaddress-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 104: make sure the team @Azure/avm-res-network-publicipaddress-module-owners-bicep exists, is publicly visible, and has write access to the repository
    …es/network/public-ip-address/ @Azure/avm-res-network-publicipaddress-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 105: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    …cipprefix-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 105: make sure the team @Azure/avm-res-network-publicipprefix-module-owners-bicep exists, is publicly visible, and has write access to the repository
    …res/network/public-ip-prefix/ @Azure/avm-res-network-publicipprefix-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 106: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    …outetable-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 106: make sure the team @Azure/avm-res-network-routetable-module-owners-bicep exists, is publicly visible, and has write access to the repository
    /avm/res/network/route-table/ @Azure/avm-res-network-routetable-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 108: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    …erprofile-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 108: make sure the team @Azure/avm-res-network-trafficmanagerprofile-module-owners-bicep exists, is publicly visible, and has write access to the repository
    …etwork/trafficmanagerprofile/ @Azure/avm-res-network-trafficmanagerprofile-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 110: make sure the team @Azure/avm-res-network-virtualnetwork-module-owners-bicep exists, is publicly visible, and has write access to the repository
    …/res/network/virtual-network/ @Azure/avm-res-network-virtualnetwork-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 110: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    …alnetwork-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 115: make sure the team @Azure/avm-res-operationalinsights-workspace-module-owners-bicep exists, is publicly visible, and has write access to the repository
    …erational-insights/workspace/ @Azure/avm-res-operationalinsights-workspace-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 115: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    …workspace-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 116: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    …-solution-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 116: make sure the team @Azure/avm-res-operationsmanagement-solution-module-owners-bicep exists, is publicly visible, and has write access to the repository
    …erations-management/solution/ @Azure/avm-res-operationsmanagement-solution-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 118: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    …-capacity-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 118: make sure the team @Azure/avm-res-powerbidedicated-capacity-module-owners-bicep exists, is publicly visible, and has write access to the repository
    …/power-bi-dedicated/capacity/ @Azure/avm-res-powerbidedicated-capacity-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 122: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    …aph-query-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 122: make sure the team @Azure/avm-res-resourcegraph-query-module-owners-bicep exists, is publicly visible, and has write access to the repository
    …avm/res/resource-graph/query/ @Azure/avm-res-resourcegraph-query-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 123: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    …entscript-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 123: make sure the team @Azure/avm-res-resources-deploymentscript-module-owners-bicep exists, is publicly visible, and has write access to the repository
    …/resources/deployment-script/ @Azure/avm-res-resources-deploymentscript-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 124: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    …urcegroup-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 124: make sure the team @Azure/avm-res-resources-resourcegroup-module-owners-bicep exists, is publicly visible, and has write access to the repository
    …res/resources/resource-group/ @Azure/avm-res-resources-resourcegroup-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 126: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    …chservice-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 126: make sure the team @Azure/avm-res-search-searchservice-module-owners-bicep exists, is publicly visible, and has write access to the repository
    …vm/res/search/search-service/ @Azure/avm-res-search-searchservice-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 127: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    …namespace-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 127: make sure the team @Azure/avm-res-servicebus-namespace-module-owners-bicep exists, is publicly visible, and has write access to the repository
    …vm/res/service-bus/namespace/ @Azure/avm-res-servicebus-namespace-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 132: make sure the team @Azure/avm-res-sql-server-module-owners-bicep exists, is publicly visible, and has write access to the repository
    /avm/res/sql/server/ @Azure/avm-res-sql-server-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 132: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    …ql-server-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 139: make sure the team @Azure/avm-core-team-technical-bicep exists, is publicly visible, and has write access to the repository
    …erverfarm-module-owners-bicep @Azure/avm-core-team-technical-bicep
  • Unknown owner on line 139: make sure the team @Azure/avm-res-web-serverfarm-module-owners-bicep exists, is publicly visible, and has write access to the repository
    /avm/res/web/serverfarm/ @Azure/avm-res-web-serverfarm-module-owners-bicep @Azure/avm-core-team-technical-bicep
Original file line number Diff line number Diff line change
@@ -77,7 +77,7 @@
#/avm/res/net-app/net-app-account/ @Azure/avm-res-netapp-netappaccount-module-owners-bicep @Azure/avm-core-team-technical-bicep
#/avm/res/network/application-gateway/ @Azure/avm-res-network-applicationgateway-module-owners-bicep @Azure/avm-core-team-technical-bicep
#/avm/res/network/application-gateway-web-application-firewall-policy/ @Azure/avm-res-network-applicationgatewaywebapplicationfirewallpolicy-module-owners-bicep @Azure/avm-core-team-technical-bicep
#/avm/res/network/application-security-group/ @Azure/avm-res-network-applicationsecuritygroup-module-owners-bicep @Azure/avm-core-team-technical-bicep
/avm/res/network/application-security-group/ @Azure/avm-res-network-applicationsecuritygroup-module-owners-bicep @Azure/avm-core-team-technical-bicep
#/avm/res/network/azure-firewall/ @Azure/avm-res-network-azurefirewall-module-owners-bicep @Azure/avm-core-team-technical-bicep
/avm/res/network/bastion-host/ @Azure/avm-res-network-bastionhost-module-owners-bicep @Azure/avm-core-team-technical-bicep
#/avm/res/network/connection/ @Azure/avm-res-network-connection-module-owners-bicep @Azure/avm-core-team-technical-bicep
83 changes: 83 additions & 0 deletions .github/workflows/avm.res.network.application-security-group.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,83 @@
name: "avm.res.network.application-security-group"

on:
schedule:
- cron: "0 12 1/15 * *" # Bi-Weekly Test (on 1st & 15th of month)
workflow_dispatch:
inputs:
staticValidation:
type: boolean
description: "Execute static validation"
required: false
default: true
deploymentValidation:
type: boolean
description: "Execute deployment validation"
required: false
default: true
removeDeployment:
type: boolean
description: "Remove deployed module"
required: false
default: true

push:
branches:
- main
paths:
- ".github/actions/templates/avm-**"
- ".github/workflows/avm.template.module.yml"
- ".github/workflows/avm.res.network.application-security-group.yml"
- "avm/res/network/application-security-group/**"
- "avm/utilities/pipelines/**"
- "!*/**/README.md"

env:
modulePath: "avm/res/network/application-security-group"
workflowPath: ".github/workflows/avm.res.network.application-security-group.yml"

concurrency:
group: ${{ github.workflow }}

jobs:
###########################
# Initialize pipeline #
###########################
job_initialize_pipeline:
runs-on: ubuntu-20.04
name: "Initialize pipeline"
steps:
- name: "Checkout"
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: "Set input parameters to output variables"
id: get-workflow-param
uses: ./.github/actions/templates/avm-getWorkflowInput
with:
workflowPath: "${{ env.workflowPath}}"
- name: "Get module test file paths"
id: get-module-test-file-paths
uses: ./.github/actions/templates/avm-getModuleTestFiles
with:
modulePath: "${{ env.modulePath }}"
outputs:
workflowInput: ${{ steps.get-workflow-param.outputs.workflowInput }}
moduleTestFilePaths: ${{ steps.get-module-test-file-paths.outputs.moduleTestFilePaths }}
psRuleModuleTestFilePaths: ${{ steps.get-module-test-file-paths.outputs.psRuleModuleTestFilePaths }}
modulePath: "${{ env.modulePath }}"

##############################
# Call reusable workflow #
##############################
call-workflow-passing-data:
name: "Run"
needs:
- job_initialize_pipeline
uses: ./.github/workflows/avm.template.module.yml
with:
workflowInput: "${{ needs.job_initialize_pipeline.outputs.workflowInput }}"
moduleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.moduleTestFilePaths }}"
psRuleModuleTestFilePaths: "${{ needs.job_initialize_pipeline.outputs.psRuleModuleTestFilePaths }}"
modulePath: "${{ needs.job_initialize_pipeline.outputs.modulePath}}"
secrets: inherit
443 changes: 443 additions & 0 deletions avm/res/network/application-security-group/README.md

Large diffs are not rendered by default.

124 changes: 124 additions & 0 deletions avm/res/network/application-security-group/main.bicep
Original file line number Diff line number Diff line change
@@ -0,0 +1,124 @@
metadata name = 'Application Security Groups (ASG)'
metadata description = 'This module deploys an Application Security Group (ASG).'
metadata owner = 'Azure/module-maintainers'

@description('Required. Name of the Application Security Group.')
param name string

@description('Optional. Location for all resources.')
param location string = resourceGroup().location

@description('Optional. The lock settings of the service.')
param lock lockType

@description('Optional. Array of role assignments to create.')
param roleAssignments roleAssignmentType

@description('Optional. Tags of the resource.')
param tags object?

@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
param enableTelemetry bool = true

var builtInRoleNames = {
Contributor: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')
Owner: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')
Reader: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')
'Role Based Access Control Administrator (Preview)': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')
'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')
}

resource avmTelemetry 'Microsoft.Resources/deployments@2023-07-01' = if (enableTelemetry) {
name: '46d3xbcp.res.network-applicationsecuritygroup.${replace('-..--..-', '.', '-')}.${substring(uniqueString(deployment().name, location), 0, 4)}'
properties: {
mode: 'Incremental'
template: {
'$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#'
contentVersion: '1.0.0.0'
resources: []
outputs: {
telemetry: {
type: 'String'
value: 'For more information, see https://aka.ms/avm/TelemetryInfo'
}
}
}
}
}

resource applicationSecurityGroup 'Microsoft.Network/applicationSecurityGroups@2023-04-01' = {
name: name
location: location
tags: tags
properties: {}
}

resource applicationSecurityGroup_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!empty(lock ?? {}) && lock.?kind != 'None') {
name: lock.?name ?? 'lock-${name}'
properties: {
level: lock.?kind ?? ''
notes: lock.?kind == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot delete or modify the resource or child resources.'
}
scope: applicationSecurityGroup
}

resource applicationSecurityGroup_roleAssignments 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for (roleAssignment, index) in (roleAssignments ?? []): {
name: guid(applicationSecurityGroup.id, roleAssignment.principalId, roleAssignment.roleDefinitionIdOrName)
properties: {
roleDefinitionId: contains(builtInRoleNames, roleAssignment.roleDefinitionIdOrName) ? builtInRoleNames[roleAssignment.roleDefinitionIdOrName] : contains(roleAssignment.roleDefinitionIdOrName, '/providers/Microsoft.Authorization/roleDefinitions/') ? roleAssignment.roleDefinitionIdOrName : subscriptionResourceId('Microsoft.Authorization/roleDefinitions', roleAssignment.roleDefinitionIdOrName)
principalId: roleAssignment.principalId
description: roleAssignment.?description
principalType: roleAssignment.?principalType
condition: roleAssignment.?condition
conditionVersion: !empty(roleAssignment.?condition) ? (roleAssignment.?conditionVersion ?? '2.0') : null // Must only be set if condtion is set
delegatedManagedIdentityResourceId: roleAssignment.?delegatedManagedIdentityResourceId
}
scope: applicationSecurityGroup
}]

@description('The resource group the application security group was deployed into.')
output resourceGroupName string = resourceGroup().name

@description('The resource ID of the application security group.')
output resourceId string = applicationSecurityGroup.id

@description('The name of the application security group.')
output name string = applicationSecurityGroup.name

@description('The location the resource was deployed into.')
output location string = applicationSecurityGroup.location

// =============== //
// Definitions //
// =============== //

type lockType = {
@description('Optional. Specify the name of lock.')
name: string?

@description('Optional. Specify the type of lock.')
kind: ('CanNotDelete' | 'ReadOnly' | 'None')?
}?

type roleAssignmentType = {
@description('Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.')
roleDefinitionIdOrName: string

@description('Required. The principal ID of the principal (user/group/identity) to assign the role to.')
principalId: string

@description('Optional. The principal type of the assigned principal ID.')
principalType: ('ServicePrincipal' | 'Group' | 'User' | 'ForeignGroup' | 'Device')?

@description('Optional. The description of the role assignment.')
description: string?

@description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container".')
condition: string?

@description('Optional. Version of the condition.')
conditionVersion: '2.0'?

@description('Optional. The Resource Id of the delegated managed identity resource.')
delegatedManagedIdentityResourceId: string?
}[]?
254 changes: 254 additions & 0 deletions avm/res/network/application-security-group/main.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,254 @@
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"languageVersion": "2.0",
"contentVersion": "1.0.0.0",
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.23.1.45101",
"templateHash": "7585363260345918497"
},
"name": "Application Security Groups (ASG)",
"description": "This module deploys an Application Security Group (ASG).",
"owner": "Azure/module-maintainers"
},
"definitions": {
"lockType": {
"type": "object",
"properties": {
"name": {
"type": "string",
"nullable": true,
"metadata": {
"description": "Optional. Specify the name of lock."
}
},
"kind": {
"type": "string",
"allowedValues": [
"CanNotDelete",
"None",
"ReadOnly"
],
"nullable": true,
"metadata": {
"description": "Optional. Specify the type of lock."
}
}
},
"nullable": true
},
"roleAssignmentType": {
"type": "array",
"items": {
"type": "object",
"properties": {
"roleDefinitionIdOrName": {
"type": "string",
"metadata": {
"description": "Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'."
}
},
"principalId": {
"type": "string",
"metadata": {
"description": "Required. The principal ID of the principal (user/group/identity) to assign the role to."
}
},
"principalType": {
"type": "string",
"allowedValues": [
"Device",
"ForeignGroup",
"Group",
"ServicePrincipal",
"User"
],
"nullable": true,
"metadata": {
"description": "Optional. The principal type of the assigned principal ID."
}
},
"description": {
"type": "string",
"nullable": true,
"metadata": {
"description": "Optional. The description of the role assignment."
}
},
"condition": {
"type": "string",
"nullable": true,
"metadata": {
"description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"."
}
},
"conditionVersion": {
"type": "string",
"allowedValues": [
"2.0"
],
"nullable": true,
"metadata": {
"description": "Optional. Version of the condition."
}
},
"delegatedManagedIdentityResourceId": {
"type": "string",
"nullable": true,
"metadata": {
"description": "Optional. The Resource Id of the delegated managed identity resource."
}
}
}
},
"nullable": true
}
},
"parameters": {
"name": {
"type": "string",
"metadata": {
"description": "Required. Name of the Application Security Group."
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Optional. Location for all resources."
}
},
"lock": {
"$ref": "#/definitions/lockType",
"metadata": {
"description": "Optional. The lock settings of the service."
}
},
"roleAssignments": {
"$ref": "#/definitions/roleAssignmentType",
"metadata": {
"description": "Optional. Array of role assignments to create."
}
},
"tags": {
"type": "object",
"nullable": true,
"metadata": {
"description": "Optional. Tags of the resource."
}
},
"enableTelemetry": {
"type": "bool",
"defaultValue": true,
"metadata": {
"description": "Optional. Enable telemetry via a Globally Unique Identifier (GUID)."
}
}
},
"variables": {
"builtInRoleNames": {
"Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')]",
"Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]",
"Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]",
"Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]",
"User Access Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9')]"
}
},
"resources": {
"avmTelemetry": {
"condition": "[parameters('enableTelemetry')]",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2023-07-01",
"name": "[format('46d3xbcp.res.network-applicationsecuritygroup.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]",
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [],
"outputs": {
"telemetry": {
"type": "String",
"value": "For more information, see https://aka.ms/avm/TelemetryInfo"
}
}
}
}
},
"applicationSecurityGroup": {
"type": "Microsoft.Network/applicationSecurityGroups",
"apiVersion": "2023-04-01",
"name": "[parameters('name')]",
"location": "[parameters('location')]",
"tags": "[parameters('tags')]",
"properties": {}
},
"applicationSecurityGroup_lock": {
"condition": "[and(not(empty(coalesce(parameters('lock'), createObject()))), not(equals(tryGet(parameters('lock'), 'kind'), 'None')))]",
"type": "Microsoft.Authorization/locks",
"apiVersion": "2020-05-01",
"scope": "[format('Microsoft.Network/applicationSecurityGroups/{0}', parameters('name'))]",
"name": "[coalesce(tryGet(parameters('lock'), 'name'), format('lock-{0}', parameters('name')))]",
"properties": {
"level": "[coalesce(tryGet(parameters('lock'), 'kind'), '')]",
"notes": "[if(equals(tryGet(parameters('lock'), 'kind'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot delete or modify the resource or child resources.')]"
},
"dependsOn": [
"applicationSecurityGroup"
]
},
"applicationSecurityGroup_roleAssignments": {
"copy": {
"name": "applicationSecurityGroup_roleAssignments",
"count": "[length(coalesce(parameters('roleAssignments'), createArray()))]"
},
"type": "Microsoft.Authorization/roleAssignments",
"apiVersion": "2022-04-01",
"scope": "[format('Microsoft.Network/applicationSecurityGroups/{0}', parameters('name'))]",
"name": "[guid(resourceId('Microsoft.Network/applicationSecurityGroups', parameters('name')), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId, coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]",
"properties": {
"roleDefinitionId": "[if(contains(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName), variables('builtInRoleNames')[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName], if(contains(coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName, '/providers/Microsoft.Authorization/roleDefinitions/'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)))]",
"principalId": "[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId]",
"description": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'description')]",
"principalType": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'principalType')]",
"condition": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition')]",
"conditionVersion": "[if(not(empty(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition'))), coalesce(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'conditionVersion'), '2.0'), null())]",
"delegatedManagedIdentityResourceId": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'delegatedManagedIdentityResourceId')]"
},
"dependsOn": [
"applicationSecurityGroup"
]
}
},
"outputs": {
"resourceGroupName": {
"type": "string",
"metadata": {
"description": "The resource group the application security group was deployed into."
},
"value": "[resourceGroup().name]"
},
"resourceId": {
"type": "string",
"metadata": {
"description": "The resource ID of the application security group."
},
"value": "[resourceId('Microsoft.Network/applicationSecurityGroups', parameters('name'))]"
},
"name": {
"type": "string",
"metadata": {
"description": "The name of the application security group."
},
"value": "[parameters('name')]"
},
"location": {
"type": "string",
"metadata": {
"description": "The location the resource was deployed into."
},
"value": "[reference('applicationSecurityGroup', '2023-04-01', 'full').location]"
}
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
targetScope = 'subscription'

metadata name = 'Using only defaults'
metadata description = 'This instance deploys the module with the minimum set of required parameters.'

// ========== //
// Parameters //
// ========== //

@description('Optional. The name of the resource group to deploy for testing purposes.')
@maxLength(90)
param resourceGroupName string = 'dep-${namePrefix}-network.applicationsecuritygroups-${serviceShort}-rg'

@description('Optional. The location to deploy resources to.')
param location string = deployment().location

@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
param serviceShort string = 'nasgmin'

@description('Optional. A token to inject into the name of each resource.')
param namePrefix string = '#_namePrefix_#'

// ============ //
// Dependencies //
// ============ //

// General resources
// =================
resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
name: resourceGroupName
location: location
}

// ============== //
// Test Execution //
// ============== //

@batchSize(1)
module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' ]: {
scope: resourceGroup
name: '${uniqueString(deployment().name, location)}-test-${serviceShort}-${iteration}'
params: {
name: '${namePrefix}${serviceShort}001'
location: location
}
}]
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
@description('Optional. The location to deploy to.')
param location string = resourceGroup().location

@description('Required. The name of the Managed Identity to create.')
param managedIdentityName string

resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
name: managedIdentityName
location: location
}

@description('The principal ID of the created Managed Identity.')
output managedIdentityPrincipalId string = managedIdentity.properties.principalId
Original file line number Diff line number Diff line change
@@ -0,0 +1,81 @@
targetScope = 'subscription'

metadata name = 'Using large parameter set'
metadata description = 'This instance deploys the module with most of its features enabled.'

// ========== //
// Parameters //
// ========== //

@description('Optional. The name of the resource group to deploy for testing purposes.')
@maxLength(90)
param resourceGroupName string = 'dep-${namePrefix}-network.applicationsecuritygroups-${serviceShort}-rg'

@description('Optional. The location to deploy resources to.')
param location string = deployment().location

@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
param serviceShort string = 'nasgmax'

@description('Optional. A token to inject into the name of each resource.')
param namePrefix string = '#_namePrefix_#'

// ============ //
// Dependencies //
// ============ //

// General resources
// =================
resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
name: resourceGroupName
location: location
}

module nestedDependencies 'dependencies.bicep' = {
scope: resourceGroup
name: '${uniqueString(deployment().name, location)}-nestedDependencies'
params: {
managedIdentityName: 'dep-${namePrefix}-msi-${serviceShort}'
location: location
}
}

// ============== //
// Test Execution //
// ============== //

@batchSize(1)
module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' ]: {
scope: resourceGroup
name: '${uniqueString(deployment().name, location)}-test-${serviceShort}-${iteration}'
params: {
name: '${namePrefix}${serviceShort}001'
location: location
lock: {
kind: 'CanNotDelete'
name: 'myCustomLockName'
}
roleAssignments: [
{
roleDefinitionIdOrName: 'Owner'
principalId: nestedDependencies.outputs.managedIdentityPrincipalId
principalType: 'ServicePrincipal'
}
{
roleDefinitionIdOrName: 'b24988ac-6180-42a0-ab88-20f7382dd24c'
principalId: nestedDependencies.outputs.managedIdentityPrincipalId
principalType: 'ServicePrincipal'
}
{
roleDefinitionIdOrName: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')
principalId: nestedDependencies.outputs.managedIdentityPrincipalId
principalType: 'ServicePrincipal'
}
]
tags: {
'hidden-title': 'This is visible in the resource name'
Environment: 'Non-Prod'
Role: 'DeploymentValidation'
}
}
}]
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
targetScope = 'subscription'

metadata name = 'WAF-aligned'
metadata description = 'This instance deploys the module in alignment with the best-practices of the Azure Well-Architected Framework.'

// ========== //
// Parameters //
// ========== //

@description('Optional. The name of the resource group to deploy for testing purposes.')
@maxLength(90)
param resourceGroupName string = 'dep-${namePrefix}-network.applicationsecuritygroups-${serviceShort}-rg'

@description('Optional. The location to deploy resources to.')
param location string = deployment().location

@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
param serviceShort string = 'nasgwaf'

@description('Optional. A token to inject into the name of each resource.')
param namePrefix string = '#_namePrefix_#'

// ============ //
// Dependencies //
// ============ //

// General resources
// =================
resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
name: resourceGroupName
location: location
}

// ============== //
// Test Execution //
// ============== //

@batchSize(1)
module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' ]: {
scope: resourceGroup
name: '${uniqueString(deployment().name, location)}-test-${serviceShort}-${iteration}'
params: {
name: '${namePrefix}${serviceShort}001'
location: location
lock: {
kind: 'CanNotDelete'
name: 'myCustomLockName'
}
tags: {
'hidden-title': 'This is visible in the resource name'
Environment: 'Non-Prod'
Role: 'DeploymentValidation'
}
}
}]
7 changes: 7 additions & 0 deletions avm/res/network/application-security-group/version.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
{
"$schema": "https://aka.ms/bicep-registry-module-version-file-schema#",
"version": "0.1",
"pathFilters": [
"./main.json"
]
}

0 comments on commit 345e5b6

Please sign in to comment.