From 371655b37d4403d3e6251a11888b67ad1f171c55 Mon Sep 17 00:00:00 2001 From: Alexander Sehr Date: Sun, 19 Nov 2023 20:00:56 +0100 Subject: [PATCH] [Fixes] Regenerated docs via WSL to resolve static tests issue (#4261) * Regenerated docs via wsl * Updated VNET * Fixed reference bug * ReadMe update --- modules/app/job/README.md | 1626 ++++++++--------- modules/app/job/tests/e2e/max/main.test.bicep | 2 +- .../job/tests/e2e/waf-aligned/main.test.bicep | 7 - modules/network/virtual-network/main.json | 16 +- .../network/virtual-network/subnet/README.md | 512 +++--- .../network/virtual-network/subnet/main.json | 4 +- .../virtual-network-peering/main.json | 4 +- 7 files changed, 1074 insertions(+), 1097 deletions(-) diff --git a/modules/app/job/README.md b/modules/app/job/README.md index 9b55693da6..c1201754ba 100644 --- a/modules/app/job/README.md +++ b/modules/app/job/README.md @@ -1,821 +1,805 @@ -# Container App Jobs `[Microsoft.App/jobs]` - -This module deploys a Container App Job. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Usage examples](#Usage-examples) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Cross-referenced modules](#Cross-referenced-modules) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.App/jobs` | [2023-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.App/2023-05-01/jobs) | -| `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | - -## Usage examples - -The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. - ->**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - ->**Note**: To reference the module, please use the following syntax `br:bicep/modules/app.job:1.0.0`. - -- [Using only defaults](#example-1-using-only-defaults) -- [Using large parameter set](#example-2-using-large-parameter-set) -- [WAF-aligned](#example-3-waf-aligned) - -### Example 1: _Using only defaults_ - -This instance deploys the module with the minimum set of required parameters. - - -
- -via Bicep module - -```bicep -module job 'br:bicep/modules/app.job:1.0.0' = { - name: '${uniqueString(deployment().name, location)}-test-ajmin' - params: { - // Required parameters - containers: [ - { - image: 'mcr.microsoft.com/azuredocs/containerapps-helloworld:latest' - name: 'simple-hello-world-container' - resources: { - cpu: '' - memory: '0.5Gi' - } - } - ] - environmentId: '' - name: 'ajmin001' - triggerType: 'Manual' - // Non-required parameters - enableDefaultTelemetry: '' - location: '' - manualTriggerConfig: { - parallelism: 1 - replicaCompletionCount: 1 - } - tags: { - Env: 'test' - 'hidden-title': 'This is visible in the resource name' - } - } -} -``` - -
-

- -

- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - // Required parameters - "containers": { - "value": [ - { - "image": "mcr.microsoft.com/azuredocs/containerapps-helloworld:latest", - "name": "simple-hello-world-container", - "resources": { - "cpu": "", - "memory": "0.5Gi" - } - } - ] - }, - "environmentId": { - "value": "" - }, - "name": { - "value": "ajmin001" - }, - "triggerType": { - "value": "Manual" - }, - // Non-required parameters - "enableDefaultTelemetry": { - "value": "" - }, - "location": { - "value": "" - }, - "manualTriggerConfig": { - "value": { - "parallelism": 1, - "replicaCompletionCount": 1 - } - }, - "tags": { - "value": { - "Env": "test", - "hidden-title": "This is visible in the resource name" - } - } - } -} -``` - -
-

- -### Example 2: _Using large parameter set_ - -This instance deploys the module with most of its features enabled. - - -

- -via Bicep module - -```bicep -module job 'br:bicep/modules/app.job:1.0.0' = { - name: '${uniqueString(deployment().name, location)}-test-ajmax' - params: { - // Required parameters - containers: [ - { - image: 'mcr.microsoft.com/azuredocs/containerapps-helloworld:latest' - name: 'simple-hello-world-container' - probes: [ - { - httpGet: { - httpHeaders: [ - { - name: 'Custom-Header' - value: 'Awesome' - } - ] - path: '/health' - port: 8080 - } - initialDelaySeconds: 3 - periodSeconds: 3 - type: 'Liveness' - } - ] - resources: { - cpu: '' - memory: '0.5Gi' - } - } - ] - environmentId: '' - name: 'ajmax001' - triggerType: 'Manual' - // Non-required parameters - enableDefaultTelemetry: '' - location: '' - lock: { - kind: 'CanNotDelete' - name: 'myCustomLockName' - } - managedIdentities: { - systemAssigned: true - userAssignedResourceIds: [ - '' - ] - } - manualTriggerConfig: { - parallelism: 1 - replicaCompletionCount: 1 - } - roleAssignments: [ - { - principalId: '' - principalType: 'ServicePrincipal' - roleDefinitionIdOrName: 'ContainerApp Reader' - } - ] - secrets: { - secureList: [ - { - name: 'customtest' - value: '' - } - ] - } - tags: { - Env: 'test' - 'hidden-title': 'This is visible in the resource name' - } - workloadProfileName: '' - } -} -``` - -
-

- -

- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - // Required parameters - "containers": { - "value": [ - { - "image": "mcr.microsoft.com/azuredocs/containerapps-helloworld:latest", - "name": "simple-hello-world-container", - "probes": [ - { - "httpGet": { - "httpHeaders": [ - { - "name": "Custom-Header", - "value": "Awesome" - } - ], - "path": "/health", - "port": 8080 - }, - "initialDelaySeconds": 3, - "periodSeconds": 3, - "type": "Liveness" - } - ], - "resources": { - "cpu": "", - "memory": "0.5Gi" - } - } - ] - }, - "environmentId": { - "value": "" - }, - "name": { - "value": "ajmax001" - }, - "triggerType": { - "value": "Manual" - }, - // Non-required parameters - "enableDefaultTelemetry": { - "value": "" - }, - "location": { - "value": "" - }, - "lock": { - "value": { - "kind": "CanNotDelete", - "name": "myCustomLockName" - } - }, - "managedIdentities": { - "value": { - "systemAssigned": true, - "userAssignedResourceIds": [ - "" - ] - } - }, - "manualTriggerConfig": { - "value": { - "parallelism": 1, - "replicaCompletionCount": 1 - } - }, - "roleAssignments": { - "value": [ - { - "principalId": "", - "principalType": "ServicePrincipal", - "roleDefinitionIdOrName": "ContainerApp Reader" - } - ] - }, - "secrets": { - "value": { - "secureList": [ - { - "name": "customtest", - "value": "" - } - ] - } - }, - "tags": { - "value": { - "Env": "test", - "hidden-title": "This is visible in the resource name" - } - }, - "workloadProfileName": { - "value": "" - } - } -} -``` - -
-

- -### Example 3: _WAF-aligned_ - -This instance deploys the module in alignment with the best-practices of the Azure Well-Architected Framework. - - -

- -via Bicep module - -```bicep -module job 'br:bicep/modules/app.job:1.0.0' = { - name: '${uniqueString(deployment().name, location)}-test-ajwaf' - params: { - // Required parameters - containers: [ - { - image: 'mcr.microsoft.com/azuredocs/containerapps-helloworld:latest' - name: 'simple-hello-world-container' - probes: [ - { - httpGet: { - httpHeaders: [ - { - name: 'Custom-Header' - value: 'Awesome' - } - ] - path: '/health' - port: 8080 - } - initialDelaySeconds: 3 - periodSeconds: 3 - type: 'Liveness' - } - ] - resources: { - cpu: '' - memory: '0.5Gi' - } - } - ] - environmentId: '' - name: 'ajwaf001' - triggerType: 'Manual' - // Non-required parameters - enableDefaultTelemetry: '' - location: '' - lock: { - kind: 'CanNotDelete' - name: 'myCustomLockName' - } - managedIdentities: { - systemAssigned: true - userAssignedResourceIds: [ - '' - ] - } - manualTriggerConfig: { - parallelism: 1 - replicaCompletionCount: 1 - } - roleAssignments: [ - { - principalId: '' - principalType: 'ServicePrincipal' - roleDefinitionIdOrName: 'ContainerApp Reader' - } - ] - secrets: { - secureList: [ - { - name: 'customtest' - value: '' - } - ] - } - tags: { - Env: 'test' - 'hidden-title': 'This is visible in the resource name' - } - workloadProfileName: '' - } -} -``` - -
-

- -

- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - // Required parameters - "containers": { - "value": [ - { - "image": "mcr.microsoft.com/azuredocs/containerapps-helloworld:latest", - "name": "simple-hello-world-container", - "probes": [ - { - "httpGet": { - "httpHeaders": [ - { - "name": "Custom-Header", - "value": "Awesome" - } - ], - "path": "/health", - "port": 8080 - }, - "initialDelaySeconds": 3, - "periodSeconds": 3, - "type": "Liveness" - } - ], - "resources": { - "cpu": "", - "memory": "0.5Gi" - } - } - ] - }, - "environmentId": { - "value": "" - }, - "name": { - "value": "ajwaf001" - }, - "triggerType": { - "value": "Manual" - }, - // Non-required parameters - "enableDefaultTelemetry": { - "value": "" - }, - "location": { - "value": "" - }, - "lock": { - "value": { - "kind": "CanNotDelete", - "name": "myCustomLockName" - } - }, - "managedIdentities": { - "value": { - "systemAssigned": true, - "userAssignedResourceIds": [ - "" - ] - } - }, - "manualTriggerConfig": { - "value": { - "parallelism": 1, - "replicaCompletionCount": 1 - } - }, - "roleAssignments": { - "value": [ - { - "principalId": "", - "principalType": "ServicePrincipal", - "roleDefinitionIdOrName": "ContainerApp Reader" - } - ] - }, - "secrets": { - "value": { - "secureList": [ - { - "name": "customtest", - "value": "" - } - ] - } - }, - "tags": { - "value": { - "Env": "test", - "hidden-title": "This is visible in the resource name" - } - }, - "workloadProfileName": { - "value": "" - } - } -} -``` - -
-

- - -## Parameters - -**Required parameters** - -| Parameter | Type | Description | -| :-- | :-- | :-- | -| [`containers`](#parameter-containers) | array | List of container definitions for the Container App. | -| [`environmentId`](#parameter-environmentid) | string | Resource ID of environment. | -| [`name`](#parameter-name) | string | Name of the Container App. | - -**Optional parameters** - -| Parameter | Type | Description | -| :-- | :-- | :-- | -| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | -| [`eventTriggerConfig`](#parameter-eventtriggerconfig) | object | Required if TriggerType is Event. Configuration of an event driven job. | -| [`initContainersTemplate`](#parameter-initcontainerstemplate) | array | List of specialized containers that run before app containers. | -| [`location`](#parameter-location) | string | Location for all Resources. | -| [`lock`](#parameter-lock) | object | The lock settings of the service. | -| [`managedIdentities`](#parameter-managedidentities) | object | The managed identity definition for this resource. | -| [`manualTriggerConfig`](#parameter-manualtriggerconfig) | object | Required if TriggerType is Manual. Configuration of a manual job. | -| [`registries`](#parameter-registries) | array | Collection of private container registry credentials for containers used by the Container app. | -| [`replicaRetryLimit`](#parameter-replicaretrylimit) | int | The maximum number of times a replica can be retried. | -| [`replicaTimeout`](#parameter-replicatimeout) | int | Maximum number of seconds a replica is allowed to run. | -| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute. | -| [`scheduleTriggerConfig`](#parameter-scheduletriggerconfig) | object | Required if TriggerType is Schedule. Configuration of a schedule based job. | -| [`secrets`](#parameter-secrets) | secureObject | The secrets of the Container App. | -| [`tags`](#parameter-tags) | object | Tags of the resource. | -| [`triggerType`](#parameter-triggertype) | string | Trigger type of the job. | -| [`volumes`](#parameter-volumes) | array | List of volume definitions for the Container App. | -| [`workloadProfileName`](#parameter-workloadprofilename) | string | The name of the workload profile to use. | - -### Parameter: `containers` - -List of container definitions for the Container App. -- Required: Yes -- Type: array - -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` - -### Parameter: `environmentId` - -Resource ID of environment. -- Required: Yes -- Type: string - -### Parameter: `eventTriggerConfig` - -Required if TriggerType is Event. Configuration of an event driven job. -- Required: No -- Type: object -- Default: `{}` - -### Parameter: `initContainersTemplate` - -List of specialized containers that run before app containers. -- Required: No -- Type: array -- Default: `[]` - -### Parameter: `location` - -Location for all Resources. -- Required: No -- Type: string -- Default: `[resourceGroup().location]` - -### Parameter: `lock` - -The lock settings of the service. -- Required: No -- Type: object - - -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | - -### Parameter: `lock.kind` - -Optional. Specify the type of lock. - -- Required: No -- Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` - -### Parameter: `lock.name` - -Optional. Specify the name of lock. - -- Required: No -- Type: string - -### Parameter: `managedIdentities` - -The managed identity definition for this resource. -- Required: No -- Type: object - - -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | No | bool | Optional. Enables system assigned managed identity on the resource. | -| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | No | array | Optional. The resource ID(s) to assign to the resource. Required if a user assigned identity is used for encryption. | - -### Parameter: `managedIdentities.systemAssigned` - -Optional. Enables system assigned managed identity on the resource. - -- Required: No -- Type: bool - -### Parameter: `managedIdentities.userAssignedResourceIds` - -Optional. The resource ID(s) to assign to the resource. Required if a user assigned identity is used for encryption. - -- Required: No -- Type: array - -### Parameter: `manualTriggerConfig` - -Required if TriggerType is Manual. Configuration of a manual job. -- Required: No -- Type: object -- Default: `{}` - -### Parameter: `name` - -Name of the Container App. -- Required: Yes -- Type: string - -### Parameter: `registries` - -Collection of private container registry credentials for containers used by the Container app. -- Required: No -- Type: array -- Default: `[]` - -### Parameter: `replicaRetryLimit` - -The maximum number of times a replica can be retried. -- Required: No -- Type: int -- Default: `0` - -### Parameter: `replicaTimeout` - -Maximum number of seconds a replica is allowed to run. -- Required: No -- Type: int -- Default: `1800` - -### Parameter: `roleAssignments` - -Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute. -- Required: No -- Type: array - - -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource ID of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | - -### Parameter: `roleAssignments.condition` - -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - -- Required: No -- Type: string - -### Parameter: `roleAssignments.conditionVersion` - -Optional. Version of the condition. - -- Required: No -- Type: string -- Allowed: `[2.0]` - -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` - -Optional. The Resource ID of the delegated managed identity resource. - -- Required: No -- Type: string - -### Parameter: `roleAssignments.description` - -Optional. The description of the role assignment. - -- Required: No -- Type: string - -### Parameter: `roleAssignments.principalId` - -Required. The principal ID of the principal (user/group/identity) to assign the role to. - -- Required: Yes -- Type: string - -### Parameter: `roleAssignments.principalType` - -Optional. The principal type of the assigned principal ID. - -- Required: No -- Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` - -### Parameter: `roleAssignments.roleDefinitionIdOrName` - -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. - -- Required: Yes -- Type: string - -### Parameter: `scheduleTriggerConfig` - -Required if TriggerType is Schedule. Configuration of a schedule based job. -- Required: No -- Type: object -- Default: `{}` - -### Parameter: `secrets` - -The secrets of the Container App. -- Required: No -- Type: secureObject -- Default: `{}` - -### Parameter: `tags` - -Tags of the resource. -- Required: No -- Type: object -- Default: `{}` - -### Parameter: `triggerType` - -Trigger type of the job. -- Required: Yes -- Type: string -- Allowed: - ```Bicep - [ - 'Event' - 'Manual' - 'Schedule' - ] - ``` - -### Parameter: `volumes` - -List of volume definitions for the Container App. -- Required: No -- Type: array -- Default: `[]` - -### Parameter: `workloadProfileName` - -The name of the workload profile to use. -- Required: No -- Type: string -- Default: `'Consumption'` - - -## Outputs - -| Output | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the Container App Job. | -| `resourceGroupName` | string | The name of the resource group the Container App Job was deployed into. | -| `resourceId` | string | The resource ID of the Container App Job. | -| `systemAssignedMIPrincipalId` | string | The principal ID of the system assigned identity. | - -## Cross-referenced modules - -_None_ +# Container App Jobs `[Microsoft.App/jobs]` + +This module deploys a Container App Job. + +## Navigation + +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) +- [Parameters](#Parameters) +- [Outputs](#Outputs) +- [Cross-referenced modules](#Cross-referenced-modules) + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.App/jobs` | [2023-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.App/2023-05-01/jobs) | +| `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | + +## Usage examples + +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. + +>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. + +>**Note**: To reference the module, please use the following syntax `br:bicep/modules/app.job:1.0.0`. + +- [Using only defaults](#example-1-using-only-defaults) +- [Using large parameter set](#example-2-using-large-parameter-set) +- [WAF-aligned](#example-3-waf-aligned) + +### Example 1: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. + + +

+ +via Bicep module + +```bicep +module job 'br:bicep/modules/app.job:1.0.0' = { + name: '${uniqueString(deployment().name, location)}-test-ajmin' + params: { + // Required parameters + containers: [ + { + image: 'mcr.microsoft.com/azuredocs/containerapps-helloworld:latest' + name: 'simple-hello-world-container' + resources: { + cpu: '' + memory: '0.5Gi' + } + } + ] + environmentId: '' + name: 'ajmin001' + triggerType: 'Manual' + // Non-required parameters + enableDefaultTelemetry: '' + location: '' + manualTriggerConfig: { + parallelism: 1 + replicaCompletionCount: 1 + } + tags: { + Env: 'test' + 'hidden-title': 'This is visible in the resource name' + } + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "containers": { + "value": [ + { + "image": "mcr.microsoft.com/azuredocs/containerapps-helloworld:latest", + "name": "simple-hello-world-container", + "resources": { + "cpu": "", + "memory": "0.5Gi" + } + } + ] + }, + "environmentId": { + "value": "" + }, + "name": { + "value": "ajmin001" + }, + "triggerType": { + "value": "Manual" + }, + // Non-required parameters + "enableDefaultTelemetry": { + "value": "" + }, + "location": { + "value": "" + }, + "manualTriggerConfig": { + "value": { + "parallelism": 1, + "replicaCompletionCount": 1 + } + }, + "tags": { + "value": { + "Env": "test", + "hidden-title": "This is visible in the resource name" + } + } + } +} +``` + +
+

+ +### Example 2: _Using large parameter set_ + +This instance deploys the module with most of its features enabled. + + +

+ +via Bicep module + +```bicep +module job 'br:bicep/modules/app.job:1.0.0' = { + name: '${uniqueString(deployment().name, location)}-test-ajmax' + params: { + // Required parameters + containers: [ + { + image: 'mcr.microsoft.com/azuredocs/containerapps-helloworld:latest' + name: 'simple-hello-world-container' + probes: [ + { + httpGet: { + httpHeaders: [ + { + name: 'Custom-Header' + value: 'Awesome' + } + ] + path: '/health' + port: 8080 + } + initialDelaySeconds: 3 + periodSeconds: 3 + type: 'Liveness' + } + ] + resources: { + cpu: '' + memory: '0.5Gi' + } + } + ] + environmentId: '' + name: 'ajmax001' + triggerType: 'Manual' + // Non-required parameters + enableDefaultTelemetry: '' + location: '' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } + managedIdentities: { + systemAssigned: true + userAssignedResourceIds: [ + '' + ] + } + manualTriggerConfig: { + parallelism: 1 + replicaCompletionCount: 1 + } + roleAssignments: [ + { + principalId: '' + principalType: 'ServicePrincipal' + roleDefinitionIdOrName: 'ContainerApp Reader' + } + ] + secrets: { + secureList: [ + { + name: 'customtest' + value: '' + } + ] + } + tags: { + Env: 'test' + 'hidden-title': 'This is visible in the resource name' + } + workloadProfileName: '' + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "containers": { + "value": [ + { + "image": "mcr.microsoft.com/azuredocs/containerapps-helloworld:latest", + "name": "simple-hello-world-container", + "probes": [ + { + "httpGet": { + "httpHeaders": [ + { + "name": "Custom-Header", + "value": "Awesome" + } + ], + "path": "/health", + "port": 8080 + }, + "initialDelaySeconds": 3, + "periodSeconds": 3, + "type": "Liveness" + } + ], + "resources": { + "cpu": "", + "memory": "0.5Gi" + } + } + ] + }, + "environmentId": { + "value": "" + }, + "name": { + "value": "ajmax001" + }, + "triggerType": { + "value": "Manual" + }, + // Non-required parameters + "enableDefaultTelemetry": { + "value": "" + }, + "location": { + "value": "" + }, + "lock": { + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } + }, + "managedIdentities": { + "value": { + "systemAssigned": true, + "userAssignedResourceIds": [ + "" + ] + } + }, + "manualTriggerConfig": { + "value": { + "parallelism": 1, + "replicaCompletionCount": 1 + } + }, + "roleAssignments": { + "value": [ + { + "principalId": "", + "principalType": "ServicePrincipal", + "roleDefinitionIdOrName": "ContainerApp Reader" + } + ] + }, + "secrets": { + "value": { + "secureList": [ + { + "name": "customtest", + "value": "" + } + ] + } + }, + "tags": { + "value": { + "Env": "test", + "hidden-title": "This is visible in the resource name" + } + }, + "workloadProfileName": { + "value": "" + } + } +} +``` + +
+

+ +### Example 3: _WAF-aligned_ + +This instance deploys the module in alignment with the best-practices of the Azure Well-Architected Framework. + + +

+ +via Bicep module + +```bicep +module job 'br:bicep/modules/app.job:1.0.0' = { + name: '${uniqueString(deployment().name, location)}-test-ajwaf' + params: { + // Required parameters + containers: [ + { + image: 'mcr.microsoft.com/azuredocs/containerapps-helloworld:latest' + name: 'simple-hello-world-container' + probes: [ + { + httpGet: { + httpHeaders: [ + { + name: 'Custom-Header' + value: 'Awesome' + } + ] + path: '/health' + port: 8080 + } + initialDelaySeconds: 3 + periodSeconds: 3 + type: 'Liveness' + } + ] + resources: { + cpu: '' + memory: '0.5Gi' + } + } + ] + environmentId: '' + name: 'ajwaf001' + triggerType: 'Manual' + // Non-required parameters + enableDefaultTelemetry: '' + location: '' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } + managedIdentities: { + systemAssigned: true + userAssignedResourceIds: [ + '' + ] + } + manualTriggerConfig: { + parallelism: 1 + replicaCompletionCount: 1 + } + secrets: { + secureList: [ + { + name: 'customtest' + value: '' + } + ] + } + tags: { + Env: 'test' + 'hidden-title': 'This is visible in the resource name' + } + workloadProfileName: '' + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "containers": { + "value": [ + { + "image": "mcr.microsoft.com/azuredocs/containerapps-helloworld:latest", + "name": "simple-hello-world-container", + "probes": [ + { + "httpGet": { + "httpHeaders": [ + { + "name": "Custom-Header", + "value": "Awesome" + } + ], + "path": "/health", + "port": 8080 + }, + "initialDelaySeconds": 3, + "periodSeconds": 3, + "type": "Liveness" + } + ], + "resources": { + "cpu": "", + "memory": "0.5Gi" + } + } + ] + }, + "environmentId": { + "value": "" + }, + "name": { + "value": "ajwaf001" + }, + "triggerType": { + "value": "Manual" + }, + // Non-required parameters + "enableDefaultTelemetry": { + "value": "" + }, + "location": { + "value": "" + }, + "lock": { + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } + }, + "managedIdentities": { + "value": { + "systemAssigned": true, + "userAssignedResourceIds": [ + "" + ] + } + }, + "manualTriggerConfig": { + "value": { + "parallelism": 1, + "replicaCompletionCount": 1 + } + }, + "secrets": { + "value": { + "secureList": [ + { + "name": "customtest", + "value": "" + } + ] + } + }, + "tags": { + "value": { + "Env": "test", + "hidden-title": "This is visible in the resource name" + } + }, + "workloadProfileName": { + "value": "" + } + } +} +``` + +
+

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`containers`](#parameter-containers) | array | List of container definitions for the Container App. | +| [`environmentId`](#parameter-environmentid) | string | Resource ID of environment. | +| [`name`](#parameter-name) | string | Name of the Container App. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`eventTriggerConfig`](#parameter-eventtriggerconfig) | object | Required if TriggerType is Event. Configuration of an event driven job. | +| [`initContainersTemplate`](#parameter-initcontainerstemplate) | array | List of specialized containers that run before app containers. | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | object | The lock settings of the service. | +| [`managedIdentities`](#parameter-managedidentities) | object | The managed identity definition for this resource. | +| [`manualTriggerConfig`](#parameter-manualtriggerconfig) | object | Required if TriggerType is Manual. Configuration of a manual job. | +| [`registries`](#parameter-registries) | array | Collection of private container registry credentials for containers used by the Container app. | +| [`replicaRetryLimit`](#parameter-replicaretrylimit) | int | The maximum number of times a replica can be retried. | +| [`replicaTimeout`](#parameter-replicatimeout) | int | Maximum number of seconds a replica is allowed to run. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute. | +| [`scheduleTriggerConfig`](#parameter-scheduletriggerconfig) | object | Required if TriggerType is Schedule. Configuration of a schedule based job. | +| [`secrets`](#parameter-secrets) | secureObject | The secrets of the Container App. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`triggerType`](#parameter-triggertype) | string | Trigger type of the job. | +| [`volumes`](#parameter-volumes) | array | List of volume definitions for the Container App. | +| [`workloadProfileName`](#parameter-workloadprofilename) | string | The name of the workload profile to use. | + +### Parameter: `containers` + +List of container definitions for the Container App. +- Required: Yes +- Type: array + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `environmentId` + +Resource ID of environment. +- Required: Yes +- Type: string + +### Parameter: `eventTriggerConfig` + +Required if TriggerType is Event. Configuration of an event driven job. +- Required: No +- Type: object +- Default: `{}` + +### Parameter: `initContainersTemplate` + +List of specialized containers that run before app containers. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +The lock settings of the service. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | +| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | + +### Parameter: `lock.kind` + +Optional. Specify the type of lock. + +- Required: No +- Type: string +- Allowed: `[CanNotDelete, None, ReadOnly]` + +### Parameter: `lock.name` + +Optional. Specify the name of lock. + +- Required: No +- Type: string + +### Parameter: `managedIdentities` + +The managed identity definition for this resource. +- Required: No +- Type: object + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | No | bool | Optional. Enables system assigned managed identity on the resource. | +| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | No | array | Optional. The resource ID(s) to assign to the resource. Required if a user assigned identity is used for encryption. | + +### Parameter: `managedIdentities.systemAssigned` + +Optional. Enables system assigned managed identity on the resource. + +- Required: No +- Type: bool + +### Parameter: `managedIdentities.userAssignedResourceIds` + +Optional. The resource ID(s) to assign to the resource. Required if a user assigned identity is used for encryption. + +- Required: No +- Type: array + +### Parameter: `manualTriggerConfig` + +Required if TriggerType is Manual. Configuration of a manual job. +- Required: No +- Type: object +- Default: `{}` + +### Parameter: `name` + +Name of the Container App. +- Required: Yes +- Type: string + +### Parameter: `registries` + +Collection of private container registry credentials for containers used by the Container app. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `replicaRetryLimit` + +The maximum number of times a replica can be retried. +- Required: No +- Type: int +- Default: `0` + +### Parameter: `replicaTimeout` + +Maximum number of seconds a replica is allowed to run. +- Required: No +- Type: int +- Default: `1800` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute. +- Required: No +- Type: array + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource ID of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | +| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | + +### Parameter: `roleAssignments.condition` + +Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" + +- Required: No +- Type: string + +### Parameter: `roleAssignments.conditionVersion` + +Optional. Version of the condition. + +- Required: No +- Type: string +- Allowed: `[2.0]` + +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` + +Optional. The Resource ID of the delegated managed identity resource. + +- Required: No +- Type: string + +### Parameter: `roleAssignments.description` + +Optional. The description of the role assignment. + +- Required: No +- Type: string + +### Parameter: `roleAssignments.principalId` + +Required. The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes +- Type: string + +### Parameter: `roleAssignments.principalType` + +Optional. The principal type of the assigned principal ID. + +- Required: No +- Type: string +- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` + +### Parameter: `roleAssignments.roleDefinitionIdOrName` + +Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. + +- Required: Yes +- Type: string + +### Parameter: `scheduleTriggerConfig` + +Required if TriggerType is Schedule. Configuration of a schedule based job. +- Required: No +- Type: object +- Default: `{}` + +### Parameter: `secrets` + +The secrets of the Container App. +- Required: No +- Type: secureObject +- Default: `{}` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{}` + +### Parameter: `triggerType` + +Trigger type of the job. +- Required: Yes +- Type: string +- Allowed: + ```Bicep + [ + 'Event' + 'Manual' + 'Schedule' + ] + ``` + +### Parameter: `volumes` + +List of volume definitions for the Container App. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `workloadProfileName` + +The name of the workload profile to use. +- Required: No +- Type: string +- Default: `'Consumption'` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the Container App Job. | +| `resourceGroupName` | string | The name of the resource group the Container App Job was deployed into. | +| `resourceId` | string | The resource ID of the Container App Job. | +| `systemAssignedMIPrincipalId` | string | The principal ID of the system assigned identity. | + +## Cross-referenced modules + +_None_ diff --git a/modules/app/job/tests/e2e/max/main.test.bicep b/modules/app/job/tests/e2e/max/main.test.bicep index b31091a7c4..10751e7801 100644 --- a/modules/app/job/tests/e2e/max/main.test.bicep +++ b/modules/app/job/tests/e2e/max/main.test.bicep @@ -115,7 +115,7 @@ module testDeployment '../../../main.bicep' = { ] roleAssignments: [ { - principalId: nestedDependencies.outputs.managedIdentityResourceId + principalId: nestedDependencies.outputs.managedIdentityPrincipalId roleDefinitionIdOrName: 'ContainerApp Reader' principalType: 'ServicePrincipal' } diff --git a/modules/app/job/tests/e2e/waf-aligned/main.test.bicep b/modules/app/job/tests/e2e/waf-aligned/main.test.bicep index ffe896743e..5de0b2f354 100644 --- a/modules/app/job/tests/e2e/waf-aligned/main.test.bicep +++ b/modules/app/job/tests/e2e/waf-aligned/main.test.bicep @@ -113,12 +113,5 @@ module testDeployment '../../../main.bicep' = { ] } ] - roleAssignments: [ - { - principalId: nestedDependencies.outputs.managedIdentityResourceId - roleDefinitionIdOrName: 'ContainerApp Reader' - principalType: 'ServicePrincipal' - } - ] } } diff --git a/modules/network/virtual-network/main.json b/modules/network/virtual-network/main.json index 767bf3b948..0de7bba004 100644 --- a/modules/network/virtual-network/main.json +++ b/modules/network/virtual-network/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "17994966106128873660" + "version": "0.23.1.45101", + "templateHash": "17480456503748802804" }, "name": "Virtual Networks", "description": "This module deploys a Virtual Network (vNet).", @@ -495,8 +495,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "17180599685720534663" + "version": "0.23.1.45101", + "templateHash": "10049142602469906602" }, "name": "Virtual Network Subnets", "description": "This module deploys a Virtual Network Subnet.", @@ -845,8 +845,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "18346996432273628410" + "version": "0.23.1.45101", + "templateHash": "17147360311358108540" }, "name": "Virtual Network Peerings", "description": "This module deploys a Virtual Network Peering.", @@ -1014,8 +1014,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "18346996432273628410" + "version": "0.23.1.45101", + "templateHash": "17147360311358108540" }, "name": "Virtual Network Peerings", "description": "This module deploys a Virtual Network Peering.", diff --git a/modules/network/virtual-network/subnet/README.md b/modules/network/virtual-network/subnet/README.md index 21a6956f67..d981e06cfc 100644 --- a/modules/network/virtual-network/subnet/README.md +++ b/modules/network/virtual-network/subnet/README.md @@ -1,256 +1,256 @@ -# Virtual Network Subnets `[Microsoft.Network/virtualNetworks/subnets]` - -This module deploys a Virtual Network Subnet. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) -- [Cross-referenced modules](#Cross-referenced-modules) -- [Notes](#Notes) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | -| `Microsoft.Network/virtualNetworks/subnets` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/virtualNetworks/subnets) | - -## Parameters - -**Required parameters** - -| Parameter | Type | Description | -| :-- | :-- | :-- | -| [`addressPrefix`](#parameter-addressprefix) | string | The address prefix for the subnet. | - -**Conditional parameters** - -| Parameter | Type | Description | -| :-- | :-- | :-- | -| [`virtualNetworkName`](#parameter-virtualnetworkname) | string | The name of the parent virtual network. Required if the template is used in a standalone deployment. | - -**Optional parameters** - -| Parameter | Type | Description | -| :-- | :-- | :-- | -| [`addressPrefixes`](#parameter-addressprefixes) | array | List of address prefixes for the subnet. | -| [`applicationGatewayIPConfigurations`](#parameter-applicationgatewayipconfigurations) | array | Application gateway IP configurations of virtual network resource. | -| [`delegations`](#parameter-delegations) | array | The delegations to enable on the subnet. | -| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | -| [`ipAllocations`](#parameter-ipallocations) | array | Array of IpAllocation which reference this subnet. | -| [`name`](#parameter-name) | string | The Name of the subnet resource. | -| [`natGatewayId`](#parameter-natgatewayid) | string | The resource ID of the NAT Gateway to use for the subnet. | -| [`networkSecurityGroupId`](#parameter-networksecuritygroupid) | string | The resource ID of the network security group to assign to the subnet. | -| [`privateEndpointNetworkPolicies`](#parameter-privateendpointnetworkpolicies) | string | enable or disable apply network policies on private endpoint in the subnet. | -| [`privateLinkServiceNetworkPolicies`](#parameter-privatelinkservicenetworkpolicies) | string | enable or disable apply network policies on private link service in the subnet. | -| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| [`routeTableId`](#parameter-routetableid) | string | The resource ID of the route table to assign to the subnet. | -| [`serviceEndpointPolicies`](#parameter-serviceendpointpolicies) | array | An array of service endpoint policies. | -| [`serviceEndpoints`](#parameter-serviceendpoints) | array | The service endpoints to enable on the subnet. | - -### Parameter: `addressPrefix` - -The address prefix for the subnet. -- Required: Yes -- Type: string - -### Parameter: `addressPrefixes` - -List of address prefixes for the subnet. -- Required: No -- Type: array -- Default: `[]` - -### Parameter: `applicationGatewayIPConfigurations` - -Application gateway IP configurations of virtual network resource. -- Required: No -- Type: array -- Default: `[]` - -### Parameter: `delegations` - -The delegations to enable on the subnet. -- Required: No -- Type: array -- Default: `[]` - -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` - -### Parameter: `ipAllocations` - -Array of IpAllocation which reference this subnet. -- Required: No -- Type: array -- Default: `[]` - -### Parameter: `name` - -The Name of the subnet resource. -- Required: Yes -- Type: string - -### Parameter: `natGatewayId` - -The resource ID of the NAT Gateway to use for the subnet. -- Required: No -- Type: string -- Default: `''` - -### Parameter: `networkSecurityGroupId` - -The resource ID of the network security group to assign to the subnet. -- Required: No -- Type: string -- Default: `''` - -### Parameter: `privateEndpointNetworkPolicies` - -enable or disable apply network policies on private endpoint in the subnet. -- Required: No -- Type: string -- Default: `''` -- Allowed: - ```Bicep - [ - '' - 'Disabled' - 'Enabled' - ] - ``` - -### Parameter: `privateLinkServiceNetworkPolicies` - -enable or disable apply network policies on private link service in the subnet. -- Required: No -- Type: string -- Default: `''` -- Allowed: - ```Bicep - [ - '' - 'Disabled' - 'Enabled' - ] - ``` - -### Parameter: `roleAssignments` - -Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No -- Type: array - - -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | - -### Parameter: `roleAssignments.condition` - -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - -- Required: No -- Type: string - -### Parameter: `roleAssignments.conditionVersion` - -Optional. Version of the condition. - -- Required: No -- Type: string -- Allowed: `[2.0]` - -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` - -Optional. The Resource Id of the delegated managed identity resource. - -- Required: No -- Type: string - -### Parameter: `roleAssignments.description` - -Optional. The description of the role assignment. - -- Required: No -- Type: string - -### Parameter: `roleAssignments.principalId` - -Required. The principal ID of the principal (user/group/identity) to assign the role to. - -- Required: Yes -- Type: string - -### Parameter: `roleAssignments.principalType` - -Optional. The principal type of the assigned principal ID. - -- Required: No -- Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` - -### Parameter: `roleAssignments.roleDefinitionIdOrName` - -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. - -- Required: Yes -- Type: string - -### Parameter: `routeTableId` - -The resource ID of the route table to assign to the subnet. -- Required: No -- Type: string -- Default: `''` - -### Parameter: `serviceEndpointPolicies` - -An array of service endpoint policies. -- Required: No -- Type: array -- Default: `[]` - -### Parameter: `serviceEndpoints` - -The service endpoints to enable on the subnet. -- Required: No -- Type: array -- Default: `[]` - -### Parameter: `virtualNetworkName` - -The name of the parent virtual network. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - - -## Outputs - -| Output | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the virtual network peering. | -| `resourceGroupName` | string | The resource group the virtual network peering was deployed into. | -| `resourceId` | string | The resource ID of the virtual network peering. | -| `subnetAddressPrefix` | string | The address prefix for the subnet. | -| `subnetAddressPrefixes` | array | List of address prefixes for the subnet. | - -## Cross-referenced modules - -_None_ - -## Notes - -The `privateEndpointNetworkPolicies` property must be set to disabled for subnets that contain private endpoints. It confirms that NSGs rules will not apply to private endpoints (currently not supported, [reference](https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-overview#limitations)). Default Value when not specified is "Enabled". +# Virtual Network Subnets `[Microsoft.Network/virtualNetworks/subnets]` + +This module deploys a Virtual Network Subnet. + +## Navigation + +- [Resource Types](#Resource-Types) +- [Parameters](#Parameters) +- [Outputs](#Outputs) +- [Cross-referenced modules](#Cross-referenced-modules) +- [Notes](#Notes) + +## Resource Types + +| Resource Type | API Version | +| :-- | :-- | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | +| `Microsoft.Network/virtualNetworks/subnets` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/virtualNetworks/subnets) | + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`addressPrefix`](#parameter-addressprefix) | string | The address prefix for the subnet. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`virtualNetworkName`](#parameter-virtualnetworkname) | string | The name of the parent virtual network. Required if the template is used in a standalone deployment. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`addressPrefixes`](#parameter-addressprefixes) | array | List of address prefixes for the subnet. | +| [`applicationGatewayIPConfigurations`](#parameter-applicationgatewayipconfigurations) | array | Application gateway IP configurations of virtual network resource. | +| [`delegations`](#parameter-delegations) | array | The delegations to enable on the subnet. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`ipAllocations`](#parameter-ipallocations) | array | Array of IpAllocation which reference this subnet. | +| [`name`](#parameter-name) | string | The Name of the subnet resource. | +| [`natGatewayId`](#parameter-natgatewayid) | string | The resource ID of the NAT Gateway to use for the subnet. | +| [`networkSecurityGroupId`](#parameter-networksecuritygroupid) | string | The resource ID of the network security group to assign to the subnet. | +| [`privateEndpointNetworkPolicies`](#parameter-privateendpointnetworkpolicies) | string | enable or disable apply network policies on private endpoint in the subnet. | +| [`privateLinkServiceNetworkPolicies`](#parameter-privatelinkservicenetworkpolicies) | string | enable or disable apply network policies on private link service in the subnet. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`routeTableId`](#parameter-routetableid) | string | The resource ID of the route table to assign to the subnet. | +| [`serviceEndpointPolicies`](#parameter-serviceendpointpolicies) | array | An array of service endpoint policies. | +| [`serviceEndpoints`](#parameter-serviceendpoints) | array | The service endpoints to enable on the subnet. | + +### Parameter: `addressPrefix` + +The address prefix for the subnet. +- Required: Yes +- Type: string + +### Parameter: `addressPrefixes` + +List of address prefixes for the subnet. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `applicationGatewayIPConfigurations` + +Application gateway IP configurations of virtual network resource. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `delegations` + +The delegations to enable on the subnet. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `ipAllocations` + +Array of IpAllocation which reference this subnet. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `name` + +The Name of the subnet resource. +- Required: Yes +- Type: string + +### Parameter: `natGatewayId` + +The resource ID of the NAT Gateway to use for the subnet. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `networkSecurityGroupId` + +The resource ID of the network security group to assign to the subnet. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `privateEndpointNetworkPolicies` + +enable or disable apply network policies on private endpoint in the subnet. +- Required: No +- Type: string +- Default: `''` +- Allowed: + ```Bicep + [ + '' + 'Disabled' + 'Enabled' + ] + ``` + +### Parameter: `privateLinkServiceNetworkPolicies` + +enable or disable apply network policies on private link service in the subnet. +- Required: No +- Type: string +- Default: `''` +- Allowed: + ```Bicep + [ + '' + 'Disabled' + 'Enabled' + ] + ``` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array + + +| Name | Required | Type | Description | +| :-- | :-- | :--| :-- | +| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | +| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | + +### Parameter: `roleAssignments.condition` + +Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" + +- Required: No +- Type: string + +### Parameter: `roleAssignments.conditionVersion` + +Optional. Version of the condition. + +- Required: No +- Type: string +- Allowed: `[2.0]` + +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` + +Optional. The Resource Id of the delegated managed identity resource. + +- Required: No +- Type: string + +### Parameter: `roleAssignments.description` + +Optional. The description of the role assignment. + +- Required: No +- Type: string + +### Parameter: `roleAssignments.principalId` + +Required. The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes +- Type: string + +### Parameter: `roleAssignments.principalType` + +Optional. The principal type of the assigned principal ID. + +- Required: No +- Type: string +- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` + +### Parameter: `roleAssignments.roleDefinitionIdOrName` + +Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. + +- Required: Yes +- Type: string + +### Parameter: `routeTableId` + +The resource ID of the route table to assign to the subnet. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `serviceEndpointPolicies` + +An array of service endpoint policies. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `serviceEndpoints` + +The service endpoints to enable on the subnet. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `virtualNetworkName` + +The name of the parent virtual network. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the virtual network peering. | +| `resourceGroupName` | string | The resource group the virtual network peering was deployed into. | +| `resourceId` | string | The resource ID of the virtual network peering. | +| `subnetAddressPrefix` | string | The address prefix for the subnet. | +| `subnetAddressPrefixes` | array | List of address prefixes for the subnet. | + +## Cross-referenced modules + +_None_ + +## Notes + +The `privateEndpointNetworkPolicies` property must be set to disabled for subnets that contain private endpoints. It confirms that NSGs rules will not apply to private endpoints (currently not supported, [reference](https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-overview#limitations)). Default Value when not specified is "Enabled". diff --git a/modules/network/virtual-network/subnet/main.json b/modules/network/virtual-network/subnet/main.json index 35790fa29b..c7f51d4570 100644 --- a/modules/network/virtual-network/subnet/main.json +++ b/modules/network/virtual-network/subnet/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "17180599685720534663" + "version": "0.23.1.45101", + "templateHash": "10049142602469906602" }, "name": "Virtual Network Subnets", "description": "This module deploys a Virtual Network Subnet.", diff --git a/modules/network/virtual-network/virtual-network-peering/main.json b/modules/network/virtual-network/virtual-network-peering/main.json index a7efe2dec6..3308100208 100644 --- a/modules/network/virtual-network/virtual-network-peering/main.json +++ b/modules/network/virtual-network/virtual-network-peering/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.22.6.54827", - "templateHash": "18346996432273628410" + "version": "0.23.1.45101", + "templateHash": "17147360311358108540" }, "name": "Virtual Network Peerings", "description": "This module deploys a Virtual Network Peering.",