From c61ee6c5cc16ebe10f03020a9e0c04a44ffeab1c Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Sun, 17 Jul 2022 17:00:49 +0200 Subject: [PATCH 01/14] enable p dns group --- .../configurationStores/.test/parameters.json | 10 ++++++---- .../configurationStores/readme.md | 14 ++++++++++---- 2 files changed, 16 insertions(+), 8 deletions(-) diff --git a/modules/Microsoft.AppConfiguration/configurationStores/.test/parameters.json b/modules/Microsoft.AppConfiguration/configurationStores/.test/parameters.json index 81fee88944..5b57fd91c3 100644 --- a/modules/Microsoft.AppConfiguration/configurationStores/.test/parameters.json +++ b/modules/Microsoft.AppConfiguration/configurationStores/.test/parameters.json @@ -62,9 +62,6 @@ "enablePurgeProtection": { "value": false }, - "publicNetworkAccess": { - "value": "Enabled" - }, "softDeleteRetentionInDays": { "value": 1 }, @@ -72,7 +69,12 @@ "value": [ { "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", - "service": "configurationStores" + "service": "configurationStores", + "privateDnsZoneGroup": { + "privateDNSResourceIds": [ + "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.azconfig.io" + ] + } } ] } diff --git a/modules/Microsoft.AppConfiguration/configurationStores/readme.md b/modules/Microsoft.AppConfiguration/configurationStores/readme.md index 5c9fb7d0dc..c343c763a0 100644 --- a/modules/Microsoft.AppConfiguration/configurationStores/readme.md +++ b/modules/Microsoft.AppConfiguration/configurationStores/readme.md @@ -358,11 +358,15 @@ module configurationStores './Microsoft.AppConfiguration/configurationStores/dep lock: 'CanNotDelete' privateEndpoints: [ { + privateDnsZoneGroup: { + privateDNSResourceIds: [ + '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.azconfig.io' + ] + } service: 'configurationStores' subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints' } ] - publicNetworkAccess: 'Enabled' roleAssignments: [ { principalIds: [ @@ -441,14 +445,16 @@ module configurationStores './Microsoft.AppConfiguration/configurationStores/dep "privateEndpoints": { "value": [ { + "privateDnsZoneGroup": { + "privateDNSResourceIds": [ + "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.azconfig.io" + ] + }, "service": "configurationStores", "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints" } ] }, - "publicNetworkAccess": { - "value": "Enabled" - }, "roleAssignments": { "value": [ { From 3b2ba3a8476b6d931ee930b9e4460597bbe37f2c Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Sun, 17 Jul 2022 17:19:23 +0200 Subject: [PATCH 02/14] change resource name --- .../configurationStores/.test/min.parameters.json | 2 +- .../configurationStores/.test/parameters.json | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/Microsoft.AppConfiguration/configurationStores/.test/min.parameters.json b/modules/Microsoft.AppConfiguration/configurationStores/.test/min.parameters.json index d93330feb1..ccc759e927 100644 --- a/modules/Microsoft.AppConfiguration/configurationStores/.test/min.parameters.json +++ b/modules/Microsoft.AppConfiguration/configurationStores/.test/min.parameters.json @@ -3,7 +3,7 @@ "contentVersion": "1.0.0.0", "parameters": { "name": { - "value": "<>-az-appcs-min-001" + "value": "<>-az-appc-min-001" } } } diff --git a/modules/Microsoft.AppConfiguration/configurationStores/.test/parameters.json b/modules/Microsoft.AppConfiguration/configurationStores/.test/parameters.json index 5b57fd91c3..19ab290b65 100644 --- a/modules/Microsoft.AppConfiguration/configurationStores/.test/parameters.json +++ b/modules/Microsoft.AppConfiguration/configurationStores/.test/parameters.json @@ -3,11 +3,11 @@ "contentVersion": "1.0.0.0", "parameters": { "name": { - "value": "<>-az-appcs-x-001" - }, - "lock": { - "value": "CanNotDelete" + "value": "<>-az-appc-x-001" }, + // "lock": { + // "value": "CanNotDelete" + // }, "diagnosticLogsRetentionInDays": { "value": 7 }, From 66928635d799f6b5397ef548a1acbba36f9ee446 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Sun, 17 Jul 2022 17:25:45 +0200 Subject: [PATCH 03/14] readme --- .../configurationStores/readme.md | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/modules/Microsoft.AppConfiguration/configurationStores/readme.md b/modules/Microsoft.AppConfiguration/configurationStores/readme.md index c343c763a0..a663ac7561 100644 --- a/modules/Microsoft.AppConfiguration/configurationStores/readme.md +++ b/modules/Microsoft.AppConfiguration/configurationStores/readme.md @@ -292,7 +292,7 @@ The following module usage examples are retrieved from the content of the files module configurationStores './Microsoft.AppConfiguration/configurationStores/deploy.bicep' = { name: '${uniqueString(deployment().name)}-configurationStores' params: { - name: '<>-az-appcs-min-001' + name: '<>-az-appc-min-001' } } ``` @@ -310,7 +310,7 @@ module configurationStores './Microsoft.AppConfiguration/configurationStores/dep "contentVersion": "1.0.0.0", "parameters": { "name": { - "value": "<>-az-appcs-min-001" + "value": "<>-az-appc-min-001" } } } @@ -330,7 +330,7 @@ module configurationStores './Microsoft.AppConfiguration/configurationStores/dep name: '${uniqueString(deployment().name)}-configurationStores' params: { // Required parameters - name: '<>-az-appcs-x-001' + name: '<>-az-appc-x-001' // Non-required parameters createMode: 'Default' diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey' @@ -355,7 +355,6 @@ module configurationStores './Microsoft.AppConfiguration/configurationStores/dep value: 'valueName' } ] - lock: 'CanNotDelete' privateEndpoints: [ { privateDnsZoneGroup: { @@ -395,7 +394,7 @@ module configurationStores './Microsoft.AppConfiguration/configurationStores/dep "parameters": { // Required parameters "name": { - "value": "<>-az-appcs-x-001" + "value": "<>-az-appc-x-001" }, // Non-required parameters "createMode": { @@ -439,9 +438,6 @@ module configurationStores './Microsoft.AppConfiguration/configurationStores/dep } ] }, - "lock": { - "value": "CanNotDelete" - }, "privateEndpoints": { "value": [ { From a731a490b9550d8ddbdc4d46988f235773422353 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Sun, 17 Jul 2022 17:38:03 +0200 Subject: [PATCH 04/14] remove private dns group --- .../configurationStores/.test/parameters.json | 13 +++++++------ .../configurationStores/readme.md | 10 ---------- 2 files changed, 7 insertions(+), 16 deletions(-) diff --git a/modules/Microsoft.AppConfiguration/configurationStores/.test/parameters.json b/modules/Microsoft.AppConfiguration/configurationStores/.test/parameters.json index 19ab290b65..ab80b055be 100644 --- a/modules/Microsoft.AppConfiguration/configurationStores/.test/parameters.json +++ b/modules/Microsoft.AppConfiguration/configurationStores/.test/parameters.json @@ -69,12 +69,13 @@ "value": [ { "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", - "service": "configurationStores", - "privateDnsZoneGroup": { - "privateDNSResourceIds": [ - "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.azconfig.io" - ] - } + "service": "configurationStores" + // , + // "privateDnsZoneGroup": { + // "privateDNSResourceIds": [ + // "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.azconfig.io" + // ] + // } } ] } diff --git a/modules/Microsoft.AppConfiguration/configurationStores/readme.md b/modules/Microsoft.AppConfiguration/configurationStores/readme.md index a663ac7561..48d2f997b2 100644 --- a/modules/Microsoft.AppConfiguration/configurationStores/readme.md +++ b/modules/Microsoft.AppConfiguration/configurationStores/readme.md @@ -357,11 +357,6 @@ module configurationStores './Microsoft.AppConfiguration/configurationStores/dep ] privateEndpoints: [ { - privateDnsZoneGroup: { - privateDNSResourceIds: [ - '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.azconfig.io' - ] - } service: 'configurationStores' subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints' } @@ -441,11 +436,6 @@ module configurationStores './Microsoft.AppConfiguration/configurationStores/dep "privateEndpoints": { "value": [ { - "privateDnsZoneGroup": { - "privateDNSResourceIds": [ - "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.azconfig.io" - ] - }, "service": "configurationStores", "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints" } From e8bc614c70c6e3bdc28eea1c28dd891886369aa0 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Sun, 17 Jul 2022 18:01:37 +0200 Subject: [PATCH 05/14] remove pe --- .../configurationStores/.test/parameters.json | 29 ++++++++++--------- .../configurationStores/readme.md | 14 --------- 2 files changed, 15 insertions(+), 28 deletions(-) diff --git a/modules/Microsoft.AppConfiguration/configurationStores/.test/parameters.json b/modules/Microsoft.AppConfiguration/configurationStores/.test/parameters.json index ab80b055be..fbc360539e 100644 --- a/modules/Microsoft.AppConfiguration/configurationStores/.test/parameters.json +++ b/modules/Microsoft.AppConfiguration/configurationStores/.test/parameters.json @@ -64,20 +64,21 @@ }, "softDeleteRetentionInDays": { "value": 1 - }, - "privateEndpoints": { - "value": [ - { - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", - "service": "configurationStores" - // , - // "privateDnsZoneGroup": { - // "privateDNSResourceIds": [ - // "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.azconfig.io" - // ] - // } - } - ] } + // , + // "privateEndpoints": { + // "value": [ + // { + // "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", + // "service": "configurationStores" + // // , + // // "privateDnsZoneGroup": { + // // "privateDNSResourceIds": [ + // // "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.azconfig.io" + // // ] + // // } + // } + // ] + // } } } diff --git a/modules/Microsoft.AppConfiguration/configurationStores/readme.md b/modules/Microsoft.AppConfiguration/configurationStores/readme.md index 48d2f997b2..c4f2f44310 100644 --- a/modules/Microsoft.AppConfiguration/configurationStores/readme.md +++ b/modules/Microsoft.AppConfiguration/configurationStores/readme.md @@ -355,12 +355,6 @@ module configurationStores './Microsoft.AppConfiguration/configurationStores/dep value: 'valueName' } ] - privateEndpoints: [ - { - service: 'configurationStores' - subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints' - } - ] roleAssignments: [ { principalIds: [ @@ -433,14 +427,6 @@ module configurationStores './Microsoft.AppConfiguration/configurationStores/dep } ] }, - "privateEndpoints": { - "value": [ - { - "service": "configurationStores", - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints" - } - ] - }, "roleAssignments": { "value": [ { From d1b9901033c7b6202f619d866f2c0b3aedbaf0fe Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Sun, 17 Jul 2022 18:15:37 +0200 Subject: [PATCH 06/14] change public network access condition --- .../configurationStores/.test/parameters.json | 28 +++++++++---------- .../configurationStores/deploy.bicep | 3 +- .../configurationStores/readme.md | 24 ++++++++++++++++ 3 files changed, 39 insertions(+), 16 deletions(-) diff --git a/modules/Microsoft.AppConfiguration/configurationStores/.test/parameters.json b/modules/Microsoft.AppConfiguration/configurationStores/.test/parameters.json index fbc360539e..19ab290b65 100644 --- a/modules/Microsoft.AppConfiguration/configurationStores/.test/parameters.json +++ b/modules/Microsoft.AppConfiguration/configurationStores/.test/parameters.json @@ -64,21 +64,19 @@ }, "softDeleteRetentionInDays": { "value": 1 + }, + "privateEndpoints": { + "value": [ + { + "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", + "service": "configurationStores", + "privateDnsZoneGroup": { + "privateDNSResourceIds": [ + "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.azconfig.io" + ] + } + } + ] } - // , - // "privateEndpoints": { - // "value": [ - // { - // "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", - // "service": "configurationStores" - // // , - // // "privateDnsZoneGroup": { - // // "privateDNSResourceIds": [ - // // "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.azconfig.io" - // // ] - // // } - // } - // ] - // } } } diff --git a/modules/Microsoft.AppConfiguration/configurationStores/deploy.bicep b/modules/Microsoft.AppConfiguration/configurationStores/deploy.bicep index 7fc4c31a05..d48eb914b7 100644 --- a/modules/Microsoft.AppConfiguration/configurationStores/deploy.bicep +++ b/modules/Microsoft.AppConfiguration/configurationStores/deploy.bicep @@ -156,7 +156,8 @@ resource configurationStore 'Microsoft.AppConfiguration/configurationStores@2021 createMode: createMode disableLocalAuth: disableLocalAuth enablePurgeProtection: sku == 'Free' ? false : enablePurgeProtection - publicNetworkAccess: !empty(publicNetworkAccess) ? any(publicNetworkAccess) : (!empty(privateEndpoints) ? 'Disabled' : null) + // publicNetworkAccess: !empty(publicNetworkAccess) ? any(publicNetworkAccess) : (!empty(privateEndpoints) ? 'Disabled' : null) + publicNetworkAccess: !empty(publicNetworkAccess) ? any(publicNetworkAccess) : null softDeleteRetentionInDays: sku == 'Free' ? 0 : softDeleteRetentionInDays } } diff --git a/modules/Microsoft.AppConfiguration/configurationStores/readme.md b/modules/Microsoft.AppConfiguration/configurationStores/readme.md index c4f2f44310..a663ac7561 100644 --- a/modules/Microsoft.AppConfiguration/configurationStores/readme.md +++ b/modules/Microsoft.AppConfiguration/configurationStores/readme.md @@ -355,6 +355,17 @@ module configurationStores './Microsoft.AppConfiguration/configurationStores/dep value: 'valueName' } ] + privateEndpoints: [ + { + privateDnsZoneGroup: { + privateDNSResourceIds: [ + '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.azconfig.io' + ] + } + service: 'configurationStores' + subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints' + } + ] roleAssignments: [ { principalIds: [ @@ -427,6 +438,19 @@ module configurationStores './Microsoft.AppConfiguration/configurationStores/dep } ] }, + "privateEndpoints": { + "value": [ + { + "privateDnsZoneGroup": { + "privateDNSResourceIds": [ + "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.azconfig.io" + ] + }, + "service": "configurationStores", + "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints" + } + ] + }, "roleAssignments": { "value": [ { From 10e2b3d3e2bd9b90289c11d7c93de0103c958827 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Sun, 17 Jul 2022 18:57:09 +0200 Subject: [PATCH 07/14] public network access enabled --- .../configurationStores/deploy.bicep | 4 ++-- .../configurationStores/version.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/Microsoft.AppConfiguration/configurationStores/deploy.bicep b/modules/Microsoft.AppConfiguration/configurationStores/deploy.bicep index d48eb914b7..9c60adcfb1 100644 --- a/modules/Microsoft.AppConfiguration/configurationStores/deploy.bicep +++ b/modules/Microsoft.AppConfiguration/configurationStores/deploy.bicep @@ -156,8 +156,8 @@ resource configurationStore 'Microsoft.AppConfiguration/configurationStores@2021 createMode: createMode disableLocalAuth: disableLocalAuth enablePurgeProtection: sku == 'Free' ? false : enablePurgeProtection - // publicNetworkAccess: !empty(publicNetworkAccess) ? any(publicNetworkAccess) : (!empty(privateEndpoints) ? 'Disabled' : null) - publicNetworkAccess: !empty(publicNetworkAccess) ? any(publicNetworkAccess) : null + publicNetworkAccess: !empty(publicNetworkAccess) ? any(publicNetworkAccess) : (!empty(privateEndpoints) ? 'Enabled' : null) + // publicNetworkAccess: !empty(publicNetworkAccess) ? any(publicNetworkAccess) : null softDeleteRetentionInDays: sku == 'Free' ? 0 : softDeleteRetentionInDays } } diff --git a/modules/Microsoft.AppConfiguration/configurationStores/version.json b/modules/Microsoft.AppConfiguration/configurationStores/version.json index 09da9cf49c..08ec8d7491 100644 --- a/modules/Microsoft.AppConfiguration/configurationStores/version.json +++ b/modules/Microsoft.AppConfiguration/configurationStores/version.json @@ -1,4 +1,4 @@ { "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.2" + "version": "0.3" } From f5dd52e3add7bc36a431169603c131171c5bcd09 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Sun, 17 Jul 2022 19:16:11 +0200 Subject: [PATCH 08/14] public network access removed --- .../configurationStores/deploy.bicep | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/Microsoft.AppConfiguration/configurationStores/deploy.bicep b/modules/Microsoft.AppConfiguration/configurationStores/deploy.bicep index 9c60adcfb1..49ce349c56 100644 --- a/modules/Microsoft.AppConfiguration/configurationStores/deploy.bicep +++ b/modules/Microsoft.AppConfiguration/configurationStores/deploy.bicep @@ -156,8 +156,9 @@ resource configurationStore 'Microsoft.AppConfiguration/configurationStores@2021 createMode: createMode disableLocalAuth: disableLocalAuth enablePurgeProtection: sku == 'Free' ? false : enablePurgeProtection - publicNetworkAccess: !empty(publicNetworkAccess) ? any(publicNetworkAccess) : (!empty(privateEndpoints) ? 'Enabled' : null) + // publicNetworkAccess: !empty(publicNetworkAccess) ? any(publicNetworkAccess) : (!empty(privateEndpoints) ? 'Enabled' : null) // publicNetworkAccess: !empty(publicNetworkAccess) ? any(publicNetworkAccess) : null + // publicNetworkAccess: empty(privateEndpoints) ? null : any(publicNetworkAccess) softDeleteRetentionInDays: sku == 'Free' ? 0 : softDeleteRetentionInDays } } From 528ae2bfd79ca8de5eceb6e49c321a7111441275 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Sun, 17 Jul 2022 19:36:39 +0200 Subject: [PATCH 09/14] public network access enabled --- .../configurationStores/.test/parameters.json | 3 +++ .../configurationStores/deploy.bicep | 2 +- .../Microsoft.AppConfiguration/configurationStores/readme.md | 4 ++++ 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/modules/Microsoft.AppConfiguration/configurationStores/.test/parameters.json b/modules/Microsoft.AppConfiguration/configurationStores/.test/parameters.json index 19ab290b65..99e30be85d 100644 --- a/modules/Microsoft.AppConfiguration/configurationStores/.test/parameters.json +++ b/modules/Microsoft.AppConfiguration/configurationStores/.test/parameters.json @@ -65,6 +65,9 @@ "softDeleteRetentionInDays": { "value": 1 }, + "publicNetworkAccess": { + "value": "Enabled" + }, "privateEndpoints": { "value": [ { diff --git a/modules/Microsoft.AppConfiguration/configurationStores/deploy.bicep b/modules/Microsoft.AppConfiguration/configurationStores/deploy.bicep index 49ce349c56..c8bdb6630a 100644 --- a/modules/Microsoft.AppConfiguration/configurationStores/deploy.bicep +++ b/modules/Microsoft.AppConfiguration/configurationStores/deploy.bicep @@ -156,7 +156,7 @@ resource configurationStore 'Microsoft.AppConfiguration/configurationStores@2021 createMode: createMode disableLocalAuth: disableLocalAuth enablePurgeProtection: sku == 'Free' ? false : enablePurgeProtection - // publicNetworkAccess: !empty(publicNetworkAccess) ? any(publicNetworkAccess) : (!empty(privateEndpoints) ? 'Enabled' : null) + publicNetworkAccess: !empty(publicNetworkAccess) ? any(publicNetworkAccess) : (!empty(privateEndpoints) ? 'Disabled' : null) // publicNetworkAccess: !empty(publicNetworkAccess) ? any(publicNetworkAccess) : null // publicNetworkAccess: empty(privateEndpoints) ? null : any(publicNetworkAccess) softDeleteRetentionInDays: sku == 'Free' ? 0 : softDeleteRetentionInDays diff --git a/modules/Microsoft.AppConfiguration/configurationStores/readme.md b/modules/Microsoft.AppConfiguration/configurationStores/readme.md index a663ac7561..a229e4dc0a 100644 --- a/modules/Microsoft.AppConfiguration/configurationStores/readme.md +++ b/modules/Microsoft.AppConfiguration/configurationStores/readme.md @@ -366,6 +366,7 @@ module configurationStores './Microsoft.AppConfiguration/configurationStores/dep subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints' } ] + publicNetworkAccess: 'Enabled' roleAssignments: [ { principalIds: [ @@ -451,6 +452,9 @@ module configurationStores './Microsoft.AppConfiguration/configurationStores/dep } ] }, + "publicNetworkAccess": { + "value": "Enabled" + }, "roleAssignments": { "value": [ { From c2ed28737a097d8353b1054fe3d2aa18919dce95 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Sun, 17 Jul 2022 19:44:54 +0200 Subject: [PATCH 10/14] depends on commented --- .../Microsoft.AppConfiguration/configurationStores/deploy.bicep | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/Microsoft.AppConfiguration/configurationStores/deploy.bicep b/modules/Microsoft.AppConfiguration/configurationStores/deploy.bicep index c8bdb6630a..fc0a6909b6 100644 --- a/modules/Microsoft.AppConfiguration/configurationStores/deploy.bicep +++ b/modules/Microsoft.AppConfiguration/configurationStores/deploy.bicep @@ -226,6 +226,7 @@ module configurationStore_privateEndpoints '../../Microsoft.Network/privateEndpo manualPrivateLinkServiceConnections: contains(privateEndpoint, 'manualPrivateLinkServiceConnections') ? privateEndpoint.manualPrivateLinkServiceConnections : [] customDnsConfigs: contains(privateEndpoint, 'customDnsConfigs') ? privateEndpoint.customDnsConfigs : [] } + // dependsOn: configurationStore_keyValues }] @description('The name of the app configuration.') From 0d92151e6afac78c7e21beb2799e9d44fd4b1ef4 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Mon, 18 Jul 2022 09:49:22 +0200 Subject: [PATCH 11/14] test separated pe --- .../configurationStores/.test/parameters.json | 32 +++++++++---------- .../configurationStores/deploy.bicep | 4 +-- .../configurationStores/readme.md | 28 ---------------- .../.test/min.parameters.json | 27 ++++++++++++++-- .../privateEndpoints/readme.md | 26 +++++++++++---- 5 files changed, 62 insertions(+), 55 deletions(-) diff --git a/modules/Microsoft.AppConfiguration/configurationStores/.test/parameters.json b/modules/Microsoft.AppConfiguration/configurationStores/.test/parameters.json index 99e30be85d..67f82cd235 100644 --- a/modules/Microsoft.AppConfiguration/configurationStores/.test/parameters.json +++ b/modules/Microsoft.AppConfiguration/configurationStores/.test/parameters.json @@ -65,21 +65,21 @@ "softDeleteRetentionInDays": { "value": 1 }, - "publicNetworkAccess": { - "value": "Enabled" - }, - "privateEndpoints": { - "value": [ - { - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", - "service": "configurationStores", - "privateDnsZoneGroup": { - "privateDNSResourceIds": [ - "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.azconfig.io" - ] - } - } - ] - } + // "publicNetworkAccess": { + // "value": "Enabled" + // }, + // "privateEndpoints": { + // "value": [ + // { + // "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", + // "service": "configurationStores", + // "privateDnsZoneGroup": { + // "privateDNSResourceIds": [ + // "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.azconfig.io" + // ] + // } + // } + // ] + // } } } diff --git a/modules/Microsoft.AppConfiguration/configurationStores/deploy.bicep b/modules/Microsoft.AppConfiguration/configurationStores/deploy.bicep index fc0a6909b6..6796e07e4d 100644 --- a/modules/Microsoft.AppConfiguration/configurationStores/deploy.bicep +++ b/modules/Microsoft.AppConfiguration/configurationStores/deploy.bicep @@ -164,7 +164,7 @@ resource configurationStore 'Microsoft.AppConfiguration/configurationStores@2021 } module configurationStore_keyValues 'keyValues/deploy.bicep' = [for (keyValue, index) in keyValues: { - name: '${uniqueString(deployment().name, location)}-appConfig-KeyValues-${index}' + name: '${uniqueString(deployment().name, location)}-AppConfig-KeyValues-${index}' params: { appConfigurationName: configurationStore.name name: keyValue.name @@ -209,7 +209,7 @@ module configurationStore_roleAssignments '.bicep/nested_roleAssignments.bicep' }] module configurationStore_privateEndpoints '../../Microsoft.Network/privateEndpoints/deploy.bicep' = [for (privateEndpoint, index) in privateEndpoints: { - name: '${uniqueString(deployment().name, location)}-configurationStore-PrivateEndpoint-${index}' + name: '${uniqueString(deployment().name, location)}-AppConfig-PrivateEndpoint-${index}' params: { groupIds: [ privateEndpoint.service diff --git a/modules/Microsoft.AppConfiguration/configurationStores/readme.md b/modules/Microsoft.AppConfiguration/configurationStores/readme.md index a229e4dc0a..c4f2f44310 100644 --- a/modules/Microsoft.AppConfiguration/configurationStores/readme.md +++ b/modules/Microsoft.AppConfiguration/configurationStores/readme.md @@ -355,18 +355,6 @@ module configurationStores './Microsoft.AppConfiguration/configurationStores/dep value: 'valueName' } ] - privateEndpoints: [ - { - privateDnsZoneGroup: { - privateDNSResourceIds: [ - '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.azconfig.io' - ] - } - service: 'configurationStores' - subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints' - } - ] - publicNetworkAccess: 'Enabled' roleAssignments: [ { principalIds: [ @@ -439,22 +427,6 @@ module configurationStores './Microsoft.AppConfiguration/configurationStores/dep } ] }, - "privateEndpoints": { - "value": [ - { - "privateDnsZoneGroup": { - "privateDNSResourceIds": [ - "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.azconfig.io" - ] - }, - "service": "configurationStores", - "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints" - } - ] - }, - "publicNetworkAccess": { - "value": "Enabled" - }, "roleAssignments": { "value": [ { diff --git a/modules/Microsoft.Network/privateEndpoints/.test/min.parameters.json b/modules/Microsoft.Network/privateEndpoints/.test/min.parameters.json index aa3ea8eba2..b3efe76946 100644 --- a/modules/Microsoft.Network/privateEndpoints/.test/min.parameters.json +++ b/modules/Microsoft.Network/privateEndpoints/.test/min.parameters.json @@ -2,19 +2,40 @@ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", "contentVersion": "1.0.0.0", "parameters": { + // "name": { + // "value": "<>-az-pe-kvlt-min-001" + // }, + // "subnetResourceId": { + // "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints" + // }, + // "serviceResourceId": { + // "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-pe" + // }, + // "groupIds": { + // "value": [ + // "vault" + // ] + // } "name": { - "value": "<>-az-pe-kvlt-min-001" + "value": "<>-az-appc-x-001-pe" }, "subnetResourceId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints" }, "serviceResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-pe" + "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.AppConfiguration/configurationStores/<>-az-appc-x-001" }, "groupIds": { "value": [ - "vault" + "configurationStores" ] + }, + "privateDnsZoneGroup": { + "value": { + "privateDNSResourceIds": [ + "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.azconfig.io" + ] + } } } } diff --git a/modules/Microsoft.Network/privateEndpoints/readme.md b/modules/Microsoft.Network/privateEndpoints/readme.md index 5779e524b0..62b4ad6eed 100644 --- a/modules/Microsoft.Network/privateEndpoints/readme.md +++ b/modules/Microsoft.Network/privateEndpoints/readme.md @@ -178,11 +178,17 @@ module privateEndpoints './Microsoft.Network/privateEndpoints/deploy.bicep' = { params: { // Required parameters groupIds: [ - 'vault' + 'configurationStores' ] - name: '<>-az-pe-kvlt-min-001' - serviceResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-pe' + name: '<>-az-appc-x-001-pe' + serviceResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.AppConfiguration/configurationStores/<>-az-appc-x-001' subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints' + // Non-required parameters + privateDnsZoneGroup: { + privateDNSResourceIds: [ + '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.azconfig.io' + ] + } } } ``` @@ -202,17 +208,25 @@ module privateEndpoints './Microsoft.Network/privateEndpoints/deploy.bicep' = { // Required parameters "groupIds": { "value": [ - "vault" + "configurationStores" ] }, "name": { - "value": "<>-az-pe-kvlt-min-001" + "value": "<>-az-appc-x-001-pe" }, "serviceResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-pe" + "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.AppConfiguration/configurationStores/<>-az-appc-x-001" }, "subnetResourceId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints" + }, + // Non-required parameters + "privateDnsZoneGroup": { + "value": { + "privateDNSResourceIds": [ + "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.azconfig.io" + ] + } } } } From 6738b59f89d7ba49480ca412b17afdd4489559c1 Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Mon, 18 Jul 2022 10:50:33 +0200 Subject: [PATCH 12/14] remove child --- .../configurationStores/.test/parameters.json | 34 +++++++++---------- .../configurationStores/readme.md | 32 ----------------- 2 files changed, 17 insertions(+), 49 deletions(-) diff --git a/modules/Microsoft.AppConfiguration/configurationStores/.test/parameters.json b/modules/Microsoft.AppConfiguration/configurationStores/.test/parameters.json index 67f82cd235..b17d894023 100644 --- a/modules/Microsoft.AppConfiguration/configurationStores/.test/parameters.json +++ b/modules/Microsoft.AppConfiguration/configurationStores/.test/parameters.json @@ -26,23 +26,23 @@ "systemAssignedIdentity": { "value": true }, - "keyValues": { - "value": [ - { - "name": "keyName", - "value": "valueName", - "contentType": "contentType", - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - } - ] - }, + // "keyValues": { + // "value": [ + // { + // "name": "keyName", + // "value": "valueName", + // "contentType": "contentType", + // "roleAssignments": [ + // { + // "roleDefinitionIdOrName": "Reader", + // "principalIds": [ + // "<>" + // ] + // } + // ] + // } + // ] + // }, "roleAssignments": { "value": [ { diff --git a/modules/Microsoft.AppConfiguration/configurationStores/readme.md b/modules/Microsoft.AppConfiguration/configurationStores/readme.md index c4f2f44310..ddb9b3b74c 100644 --- a/modules/Microsoft.AppConfiguration/configurationStores/readme.md +++ b/modules/Microsoft.AppConfiguration/configurationStores/readme.md @@ -340,21 +340,6 @@ module configurationStores './Microsoft.AppConfiguration/configurationStores/dep diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001' disableLocalAuth: false enablePurgeProtection: false - keyValues: [ - { - contentType: 'contentType' - name: 'keyName' - roleAssignments: [ - { - principalIds: [ - '<>' - ] - roleDefinitionIdOrName: 'Reader' - } - ] - value: 'valueName' - } - ] roleAssignments: [ { principalIds: [ @@ -410,23 +395,6 @@ module configurationStores './Microsoft.AppConfiguration/configurationStores/dep "enablePurgeProtection": { "value": false }, - "keyValues": { - "value": [ - { - "contentType": "contentType", - "name": "keyName", - "roleAssignments": [ - { - "principalIds": [ - "<>" - ], - "roleDefinitionIdOrName": "Reader" - } - ], - "value": "valueName" - } - ] - }, "roleAssignments": { "value": [ { From ff672df879483c110f71f6655d2e72a7b2ce89ec Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Mon, 18 Jul 2022 11:33:55 +0200 Subject: [PATCH 13/14] back to test dns zone --- .../configurationStores/.test/parameters.json | 72 +++++++++---------- .../configurationStores/readme.md | 64 +++++++++++++++++ .../.test/min.parameters.json | 27 +------ .../privateEndpoints/readme.md | 26 ++----- 4 files changed, 109 insertions(+), 80 deletions(-) diff --git a/modules/Microsoft.AppConfiguration/configurationStores/.test/parameters.json b/modules/Microsoft.AppConfiguration/configurationStores/.test/parameters.json index b17d894023..5391a6db50 100644 --- a/modules/Microsoft.AppConfiguration/configurationStores/.test/parameters.json +++ b/modules/Microsoft.AppConfiguration/configurationStores/.test/parameters.json @@ -5,9 +5,9 @@ "name": { "value": "<>-az-appc-x-001" }, - // "lock": { - // "value": "CanNotDelete" - // }, + "lock": { + "value": "CanNotDelete" + }, "diagnosticLogsRetentionInDays": { "value": 7 }, @@ -26,23 +26,23 @@ "systemAssignedIdentity": { "value": true }, - // "keyValues": { - // "value": [ - // { - // "name": "keyName", - // "value": "valueName", - // "contentType": "contentType", - // "roleAssignments": [ - // { - // "roleDefinitionIdOrName": "Reader", - // "principalIds": [ - // "<>" - // ] - // } - // ] - // } - // ] - // }, + "keyValues": { + "value": [ + { + "name": "keyName", + "value": "valueName", + "contentType": "contentType", + "roleAssignments": [ + { + "roleDefinitionIdOrName": "Reader", + "principalIds": [ + "<>" + ] + } + ] + } + ] + }, "roleAssignments": { "value": [ { @@ -62,24 +62,24 @@ "enablePurgeProtection": { "value": false }, + "publicNetworkAccess": { + "value": "Enabled" + }, "softDeleteRetentionInDays": { "value": 1 }, - // "publicNetworkAccess": { - // "value": "Enabled" - // }, - // "privateEndpoints": { - // "value": [ - // { - // "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", - // "service": "configurationStores", - // "privateDnsZoneGroup": { - // "privateDNSResourceIds": [ - // "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.azconfig.io" - // ] - // } - // } - // ] - // } + "privateEndpoints": { + "value": [ + { + "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints", + "service": "configurationStores", + "privateDnsZoneGroup": { + "privateDNSResourceIds": [ + "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.azconfig.io" + ] + } + } + ] + } } } diff --git a/modules/Microsoft.AppConfiguration/configurationStores/readme.md b/modules/Microsoft.AppConfiguration/configurationStores/readme.md index ddb9b3b74c..e2550b4f83 100644 --- a/modules/Microsoft.AppConfiguration/configurationStores/readme.md +++ b/modules/Microsoft.AppConfiguration/configurationStores/readme.md @@ -340,6 +340,34 @@ module configurationStores './Microsoft.AppConfiguration/configurationStores/dep diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001' disableLocalAuth: false enablePurgeProtection: false + keyValues: [ + { + contentType: 'contentType' + name: 'keyName' + roleAssignments: [ + { + principalIds: [ + '<>' + ] + roleDefinitionIdOrName: 'Reader' + } + ] + value: 'valueName' + } + ] + lock: 'CanNotDelete' + privateEndpoints: [ + { + privateDnsZoneGroup: { + privateDNSResourceIds: [ + '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.azconfig.io' + ] + } + service: 'configurationStores' + subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints' + } + ] + publicNetworkAccess: 'Enabled' roleAssignments: [ { principalIds: [ @@ -395,6 +423,42 @@ module configurationStores './Microsoft.AppConfiguration/configurationStores/dep "enablePurgeProtection": { "value": false }, + "keyValues": { + "value": [ + { + "contentType": "contentType", + "name": "keyName", + "roleAssignments": [ + { + "principalIds": [ + "<>" + ], + "roleDefinitionIdOrName": "Reader" + } + ], + "value": "valueName" + } + ] + }, + "lock": { + "value": "CanNotDelete" + }, + "privateEndpoints": { + "value": [ + { + "privateDnsZoneGroup": { + "privateDNSResourceIds": [ + "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.azconfig.io" + ] + }, + "service": "configurationStores", + "subnetResourceId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints" + } + ] + }, + "publicNetworkAccess": { + "value": "Enabled" + }, "roleAssignments": { "value": [ { diff --git a/modules/Microsoft.Network/privateEndpoints/.test/min.parameters.json b/modules/Microsoft.Network/privateEndpoints/.test/min.parameters.json index b3efe76946..aa3ea8eba2 100644 --- a/modules/Microsoft.Network/privateEndpoints/.test/min.parameters.json +++ b/modules/Microsoft.Network/privateEndpoints/.test/min.parameters.json @@ -2,40 +2,19 @@ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", "contentVersion": "1.0.0.0", "parameters": { - // "name": { - // "value": "<>-az-pe-kvlt-min-001" - // }, - // "subnetResourceId": { - // "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints" - // }, - // "serviceResourceId": { - // "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-pe" - // }, - // "groupIds": { - // "value": [ - // "vault" - // ] - // } "name": { - "value": "<>-az-appc-x-001-pe" + "value": "<>-az-pe-kvlt-min-001" }, "subnetResourceId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints" }, "serviceResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.AppConfiguration/configurationStores/<>-az-appc-x-001" + "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-pe" }, "groupIds": { "value": [ - "configurationStores" + "vault" ] - }, - "privateDnsZoneGroup": { - "value": { - "privateDNSResourceIds": [ - "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.azconfig.io" - ] - } } } } diff --git a/modules/Microsoft.Network/privateEndpoints/readme.md b/modules/Microsoft.Network/privateEndpoints/readme.md index 62b4ad6eed..5779e524b0 100644 --- a/modules/Microsoft.Network/privateEndpoints/readme.md +++ b/modules/Microsoft.Network/privateEndpoints/readme.md @@ -178,17 +178,11 @@ module privateEndpoints './Microsoft.Network/privateEndpoints/deploy.bicep' = { params: { // Required parameters groupIds: [ - 'configurationStores' + 'vault' ] - name: '<>-az-appc-x-001-pe' - serviceResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.AppConfiguration/configurationStores/<>-az-appc-x-001' + name: '<>-az-pe-kvlt-min-001' + serviceResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-pe' subnetResourceId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints' - // Non-required parameters - privateDnsZoneGroup: { - privateDNSResourceIds: [ - '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.azconfig.io' - ] - } } } ``` @@ -208,25 +202,17 @@ module privateEndpoints './Microsoft.Network/privateEndpoints/deploy.bicep' = { // Required parameters "groupIds": { "value": [ - "configurationStores" + "vault" ] }, "name": { - "value": "<>-az-appc-x-001-pe" + "value": "<>-az-pe-kvlt-min-001" }, "serviceResourceId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.AppConfiguration/configurationStores/<>-az-appc-x-001" + "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.KeyVault/vaults/adp-<>-az-kv-x-pe" }, "subnetResourceId": { "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-001/subnets/<>-az-subnet-x-005-privateEndpoints" - }, - // Non-required parameters - "privateDnsZoneGroup": { - "value": { - "privateDNSResourceIds": [ - "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/privateDnsZones/privatelink.azconfig.io" - ] - } } } } From e423763490666fa666ebb45b561fe3ca492a843e Mon Sep 17 00:00:00 2001 From: Erika Gressi Date: Mon, 18 Jul 2022 11:35:40 +0200 Subject: [PATCH 14/14] cleanup --- .../configurationStores/deploy.bicep | 3 --- 1 file changed, 3 deletions(-) diff --git a/modules/Microsoft.AppConfiguration/configurationStores/deploy.bicep b/modules/Microsoft.AppConfiguration/configurationStores/deploy.bicep index 6796e07e4d..0f48862958 100644 --- a/modules/Microsoft.AppConfiguration/configurationStores/deploy.bicep +++ b/modules/Microsoft.AppConfiguration/configurationStores/deploy.bicep @@ -157,8 +157,6 @@ resource configurationStore 'Microsoft.AppConfiguration/configurationStores@2021 disableLocalAuth: disableLocalAuth enablePurgeProtection: sku == 'Free' ? false : enablePurgeProtection publicNetworkAccess: !empty(publicNetworkAccess) ? any(publicNetworkAccess) : (!empty(privateEndpoints) ? 'Disabled' : null) - // publicNetworkAccess: !empty(publicNetworkAccess) ? any(publicNetworkAccess) : null - // publicNetworkAccess: empty(privateEndpoints) ? null : any(publicNetworkAccess) softDeleteRetentionInDays: sku == 'Free' ? 0 : softDeleteRetentionInDays } } @@ -226,7 +224,6 @@ module configurationStore_privateEndpoints '../../Microsoft.Network/privateEndpo manualPrivateLinkServiceConnections: contains(privateEndpoint, 'manualPrivateLinkServiceConnections') ? privateEndpoint.manualPrivateLinkServiceConnections : [] customDnsConfigs: contains(privateEndpoint, 'customDnsConfigs') ? privateEndpoint.customDnsConfigs : [] } - // dependsOn: configurationStore_keyValues }] @description('The name of the app configuration.')