From 4589881f6af326bc6a7072c47c59aa60b535c494 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Mon, 8 Aug 2022 18:03:02 +0200 Subject: [PATCH 1/5] Updated ServiceFabric RBAC version --- .../.bicep/nested_roleAssignments.bicep | 17 ++++++++++++++++- .../clusters/deploy.bicep | 2 ++ .../Microsoft.ServiceFabric/clusters/readme.md | 2 +- 3 files changed, 19 insertions(+), 2 deletions(-) diff --git a/modules/Microsoft.ServiceFabric/clusters/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.ServiceFabric/clusters/.bicep/nested_roleAssignments.bicep index b7325ee782..df8b34c820 100644 --- a/modules/Microsoft.ServiceFabric/clusters/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.ServiceFabric/clusters/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -41,13 +53,16 @@ resource serviceFabricCluster 'Microsoft.ServiceFabric/clusters@2021-06-01' exis name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(serviceFabricCluster.id, principalId, roleDefinitionIdOrName) properties: { description: description roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: serviceFabricCluster }] diff --git a/modules/Microsoft.ServiceFabric/clusters/deploy.bicep b/modules/Microsoft.ServiceFabric/clusters/deploy.bicep index 0c8ac2ac72..48773b0cf6 100644 --- a/modules/Microsoft.ServiceFabric/clusters/deploy.bicep +++ b/modules/Microsoft.ServiceFabric/clusters/deploy.bicep @@ -298,6 +298,8 @@ module serviceFabricCluster_roleAssignments '.bicep/nested_roleAssignments.bicep principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName resourceId: serviceFabricCluster.id + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' } }] diff --git a/modules/Microsoft.ServiceFabric/clusters/readme.md b/modules/Microsoft.ServiceFabric/clusters/readme.md index f14c813cbc..7452c5abe5 100644 --- a/modules/Microsoft.ServiceFabric/clusters/readme.md +++ b/modules/Microsoft.ServiceFabric/clusters/readme.md @@ -14,7 +14,7 @@ This module deploys a Service Fabric Cluster. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-04-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-04-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.ServiceFabric/clusters` | [2021-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceFabric/2021-06-01/clusters) | | `Microsoft.ServiceFabric/clusters/applicationTypes` | [2021-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceFabric/2021-06-01/clusters/applicationTypes) | From bfdd997230c23452b4ed3d66df31f9bac15a6649 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Mon, 8 Aug 2022 19:28:43 +0200 Subject: [PATCH 2/5] Updated RBAC in other modules --- .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ modules/Microsoft.AAD/DomainServices/deploy.bicep | 2 ++ .../servers/.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../servers/deploy.bicep | 2 ++ .../service/.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../Microsoft.ApiManagement/service/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../configurationStores/deploy.bicep | 2 ++ .../keyValues/.bicep/nested_roleAssignments.bicep | 12 ++++++++++++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../automationAccounts/deploy.bicep | 2 ++ .../redis/.bicep/nested_rbac.bicep | 15 +++++++++++++++ modules/Microsoft.Cache/redis/deploy.bicep | 2 ++ .../accounts/.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../accounts/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../availabilitySets/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../diskEncryptionSets/deploy.bicep | 2 ++ .../disks/.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ modules/Microsoft.Compute/disks/deploy.bicep | 2 ++ .../galleries/.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ modules/Microsoft.Compute/galleries/deploy.bicep | 2 ++ .../images/.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../galleries/images/deploy.bicep | 2 ++ .../images/.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ modules/Microsoft.Compute/images/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../proximityPlacementGroups/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../virtualMachineScaleSets/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../virtualMachines/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../registries/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../managedClusters/deploy.bicep | 2 ++ .../factories/.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../Microsoft.DataFactory/factories/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../backupVaults/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../Microsoft.Databricks/workspaces/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../applicationgroups/deploy.bicep | 2 ++ .../hostpools/.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../hostpools/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../scalingplans/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../workspaces/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../databaseAccounts/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../Microsoft.EventGrid/systemTopics/deploy.bicep | 2 ++ .../topics/.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ modules/Microsoft.EventGrid/topics/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../Microsoft.EventHub/namespaces/deploy.bicep | 2 ++ .../eventhubs/.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../namespaces/eventhubs/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../Microsoft.HealthBot/healthBots/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../Microsoft.Insights/actionGroups/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../activityLogAlerts/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../Microsoft.Insights/components/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../Microsoft.Insights/metricAlerts/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../privateLinkScopes/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../scheduledQueryRules/deploy.bicep | 2 ++ .../vaults/.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ modules/Microsoft.KeyVault/vaults/deploy.bicep | 2 ++ .../keys/.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../Microsoft.KeyVault/vaults/keys/deploy.bicep | 2 ++ .../secrets/.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../vaults/secrets/deploy.bicep | 2 ++ .../workflows/.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ modules/Microsoft.Logic/workflows/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../workspaces/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../userAssignedIdentities/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../netAppAccounts/capacityPools/deploy.bicep | 2 ++ .../volumes/.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../capacityPools/volumes/deploy.bicep | 2 ++ .../Microsoft.NetApp/netAppAccounts/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../applicationGateways/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../applicationSecurityGroups/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../Microsoft.Network/azureFirewalls/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../Microsoft.Network/bastionHosts/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../ddosProtectionPlans/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../expressRouteCircuits/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ modules/Microsoft.Network/frontDoors/deploy.bicep | 2 ++ .../ipGroups/.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ modules/Microsoft.Network/ipGroups/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../Microsoft.Network/loadBalancers/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../localNetworkGateways/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../Microsoft.Network/natGateways/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 12 ++++++++++++ .../networkInterfaces/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../networkSecurityGroups/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../networkWatchers/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../A/.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../privateDnsZones/A/deploy.bicep | 2 ++ .../AAAA/.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../privateDnsZones/AAAA/deploy.bicep | 2 ++ .../CNAME/.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../privateDnsZones/CNAME/deploy.bicep | 2 ++ .../MX/.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../privateDnsZones/MX/deploy.bicep | 2 ++ .../PTR/.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../privateDnsZones/PTR/deploy.bicep | 2 ++ .../SOA/.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../privateDnsZones/SOA/deploy.bicep | 2 ++ .../SRV/.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../privateDnsZones/SRV/deploy.bicep | 2 ++ .../TXT/.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../privateDnsZones/TXT/deploy.bicep | 2 ++ .../privateDnsZones/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../privateEndpoints/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../publicIPAddresses/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../publicIPPrefixes/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../Microsoft.Network/routeTables/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../trafficmanagerprofiles/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../virtualNetworkGateways/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../virtualNetworks/deploy.bicep | 2 ++ .../subnets/.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../virtualNetworks/subnets/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../Microsoft.Network/virtualWans/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../workspaces/deploy.bicep | 2 ++ .../vaults/.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../vaults/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../resourceGroups/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../Microsoft.ServiceBus/namespaces/deploy.bicep | 2 ++ .../queues/.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../namespaces/queues/deploy.bicep | 2 ++ .../topics/.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../namespaces/topics/deploy.bicep | 2 ++ .../webPubSub/.bicep/nested_rbac.bicep | 15 +++++++++++++++ .../webPubSub/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../Microsoft.Sql/managedInstances/deploy.bicep | 2 ++ .../servers/.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ modules/Microsoft.Sql/servers/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../blobServices/containers/deploy.bicep | 2 ++ .../storageAccounts/deploy.bicep | 2 ++ .../shares/.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../fileServices/shares/deploy.bicep | 2 ++ .../queues/.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../queueServices/queues/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../privateLinkHubs/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../imageTemplates/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ modules/Microsoft.Web/connections/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ .../hostingEnvironments/deploy.bicep | 2 ++ .../.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ modules/Microsoft.Web/serverfarms/deploy.bicep | 2 ++ .../sites/.bicep/nested_roleAssignments.bicep | 15 +++++++++++++++ modules/Microsoft.Web/sites/deploy.bicep | 2 ++ 195 files changed, 1658 insertions(+) diff --git a/modules/Microsoft.AAD/DomainServices/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.AAD/DomainServices/.bicep/nested_roleAssignments.bicep index 4e34d1e5d3..ae4435779e 100644 --- a/modules/Microsoft.AAD/DomainServices/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.AAD/DomainServices/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -65,6 +77,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: AzureADDS }] diff --git a/modules/Microsoft.AAD/DomainServices/deploy.bicep b/modules/Microsoft.AAD/DomainServices/deploy.bicep index 6dd0d3441b..da13f142c2 100644 --- a/modules/Microsoft.AAD/DomainServices/deploy.bicep +++ b/modules/Microsoft.AAD/DomainServices/deploy.bicep @@ -247,6 +247,8 @@ module domainService_roleAssignments '.bicep/nested_roleAssignments.bicep' = [fo principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: domainService.id } }] diff --git a/modules/Microsoft.AnalysisServices/servers/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.AnalysisServices/servers/.bicep/nested_roleAssignments.bicep index 5325be4d3d..c04012fc46 100644 --- a/modules/Microsoft.AnalysisServices/servers/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.AnalysisServices/servers/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -48,6 +60,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: server }] diff --git a/modules/Microsoft.AnalysisServices/servers/deploy.bicep b/modules/Microsoft.AnalysisServices/servers/deploy.bicep index 701fc1f96e..e5ba3a6d80 100644 --- a/modules/Microsoft.AnalysisServices/servers/deploy.bicep +++ b/modules/Microsoft.AnalysisServices/servers/deploy.bicep @@ -150,6 +150,8 @@ module server_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (role principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: server.id } }] diff --git a/modules/Microsoft.ApiManagement/service/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.ApiManagement/service/.bicep/nested_roleAssignments.bicep index 1679432ec9..5210f6832f 100644 --- a/modules/Microsoft.ApiManagement/service/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.ApiManagement/service/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -51,6 +63,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: service }] diff --git a/modules/Microsoft.ApiManagement/service/deploy.bicep b/modules/Microsoft.ApiManagement/service/deploy.bicep index 499532f1cf..ff8b436e0d 100644 --- a/modules/Microsoft.ApiManagement/service/deploy.bicep +++ b/modules/Microsoft.ApiManagement/service/deploy.bicep @@ -448,6 +448,8 @@ module apiManagementService_roleAssignments '.bicep/nested_roleAssignments.bicep principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: apiManagementService.id } }] diff --git a/modules/Microsoft.AppConfiguration/configurationStores/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.AppConfiguration/configurationStores/.bicep/nested_roleAssignments.bicep index 18eec47fac..521bc93ee3 100644 --- a/modules/Microsoft.AppConfiguration/configurationStores/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.AppConfiguration/configurationStores/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -50,6 +62,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: appConfiguration }] diff --git a/modules/Microsoft.AppConfiguration/configurationStores/deploy.bicep b/modules/Microsoft.AppConfiguration/configurationStores/deploy.bicep index 95f7e8fddd..ff7f6c18a4 100644 --- a/modules/Microsoft.AppConfiguration/configurationStores/deploy.bicep +++ b/modules/Microsoft.AppConfiguration/configurationStores/deploy.bicep @@ -202,6 +202,8 @@ module configurationStore_roleAssignments '.bicep/nested_roleAssignments.bicep' principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: configurationStore.id } }] diff --git a/modules/Microsoft.AppConfiguration/configurationStores/keyValues/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.AppConfiguration/configurationStores/keyValues/.bicep/nested_roleAssignments.bicep index 1a65e573d0..095aca3c11 100644 --- a/modules/Microsoft.AppConfiguration/configurationStores/keyValues/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.AppConfiguration/configurationStores/keyValues/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') diff --git a/modules/Microsoft.Automation/automationAccounts/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Automation/automationAccounts/.bicep/nested_roleAssignments.bicep index 0207272a1e..374d5fafd8 100644 --- a/modules/Microsoft.Automation/automationAccounts/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Automation/automationAccounts/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -52,6 +64,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: automationAccount }] diff --git a/modules/Microsoft.Automation/automationAccounts/deploy.bicep b/modules/Microsoft.Automation/automationAccounts/deploy.bicep index edd39ef0c0..269c006d6c 100644 --- a/modules/Microsoft.Automation/automationAccounts/deploy.bicep +++ b/modules/Microsoft.Automation/automationAccounts/deploy.bicep @@ -395,6 +395,8 @@ module automationAccount_roleAssignments '.bicep/nested_roleAssignments.bicep' = principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: automationAccount.id } }] diff --git a/modules/Microsoft.Cache/redis/.bicep/nested_rbac.bicep b/modules/Microsoft.Cache/redis/.bicep/nested_rbac.bicep index 097cde9265..27d601b09a 100644 --- a/modules/Microsoft.Cache/redis/.bicep/nested_rbac.bicep +++ b/modules/Microsoft.Cache/redis/.bicep/nested_rbac.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -49,6 +61,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: redisCache }] diff --git a/modules/Microsoft.Cache/redis/deploy.bicep b/modules/Microsoft.Cache/redis/deploy.bicep index bc0739b97c..2278ab6f12 100644 --- a/modules/Microsoft.Cache/redis/deploy.bicep +++ b/modules/Microsoft.Cache/redis/deploy.bicep @@ -235,6 +235,8 @@ module redisCache_rbac '.bicep/nested_rbac.bicep' = [for (roleAssignment, index) principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: redisCache.id } }] diff --git a/modules/Microsoft.CognitiveServices/accounts/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.CognitiveServices/accounts/.bicep/nested_roleAssignments.bicep index f7c047dd19..5e8e6c85f7 100644 --- a/modules/Microsoft.CognitiveServices/accounts/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.CognitiveServices/accounts/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -65,6 +77,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: account }] diff --git a/modules/Microsoft.CognitiveServices/accounts/deploy.bicep b/modules/Microsoft.CognitiveServices/accounts/deploy.bicep index e64ed65964..f614f5ad18 100644 --- a/modules/Microsoft.CognitiveServices/accounts/deploy.bicep +++ b/modules/Microsoft.CognitiveServices/accounts/deploy.bicep @@ -268,6 +268,8 @@ module cognitiveServices_roleAssignments '.bicep/nested_roleAssignments.bicep' = principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: cognitiveServices.id } }] diff --git a/modules/Microsoft.Compute/availabilitySets/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Compute/availabilitySets/.bicep/nested_roleAssignments.bicep index 943e72d9a7..684faeefc3 100644 --- a/modules/Microsoft.Compute/availabilitySets/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Compute/availabilitySets/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -56,6 +68,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: availabilitySet }] diff --git a/modules/Microsoft.Compute/availabilitySets/deploy.bicep b/modules/Microsoft.Compute/availabilitySets/deploy.bicep index a822e0aa2e..18dd31207f 100644 --- a/modules/Microsoft.Compute/availabilitySets/deploy.bicep +++ b/modules/Microsoft.Compute/availabilitySets/deploy.bicep @@ -80,6 +80,8 @@ module availabilitySet_roleAssignments '.bicep/nested_roleAssignments.bicep' = [ principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: availabilitySet.id } }] diff --git a/modules/Microsoft.Compute/diskEncryptionSets/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Compute/diskEncryptionSets/.bicep/nested_roleAssignments.bicep index 0a30936aa6..b4455a41b5 100644 --- a/modules/Microsoft.Compute/diskEncryptionSets/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Compute/diskEncryptionSets/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -54,6 +66,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: diskEncryptionSet }] diff --git a/modules/Microsoft.Compute/diskEncryptionSets/deploy.bicep b/modules/Microsoft.Compute/diskEncryptionSets/deploy.bicep index 69ec97c6d6..8aface6752 100644 --- a/modules/Microsoft.Compute/diskEncryptionSets/deploy.bicep +++ b/modules/Microsoft.Compute/diskEncryptionSets/deploy.bicep @@ -99,6 +99,8 @@ module diskEncryptionSet_roleAssignments '.bicep/nested_roleAssignments.bicep' = principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: diskEncryptionSet.id } }] diff --git a/modules/Microsoft.Compute/disks/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Compute/disks/.bicep/nested_roleAssignments.bicep index 0e70664573..5e0f991a9b 100644 --- a/modules/Microsoft.Compute/disks/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Compute/disks/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -55,6 +67,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: disk }] diff --git a/modules/Microsoft.Compute/disks/deploy.bicep b/modules/Microsoft.Compute/disks/deploy.bicep index d5bec675a7..b6d2a4216b 100644 --- a/modules/Microsoft.Compute/disks/deploy.bicep +++ b/modules/Microsoft.Compute/disks/deploy.bicep @@ -183,6 +183,8 @@ module disk_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAs principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: disk.id } }] diff --git a/modules/Microsoft.Compute/galleries/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Compute/galleries/.bicep/nested_roleAssignments.bicep index 0186f68665..9224a82908 100644 --- a/modules/Microsoft.Compute/galleries/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Compute/galleries/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -50,6 +62,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: gallery }] diff --git a/modules/Microsoft.Compute/galleries/deploy.bicep b/modules/Microsoft.Compute/galleries/deploy.bicep index 55acc31b59..85eafb602c 100644 --- a/modules/Microsoft.Compute/galleries/deploy.bicep +++ b/modules/Microsoft.Compute/galleries/deploy.bicep @@ -68,6 +68,8 @@ module gallery_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (rol principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: gallery.id } }] diff --git a/modules/Microsoft.Compute/galleries/images/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Compute/galleries/images/.bicep/nested_roleAssignments.bicep index caa9501f85..1446438bb3 100644 --- a/modules/Microsoft.Compute/galleries/images/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Compute/galleries/images/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -52,6 +64,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: galleryImage }] diff --git a/modules/Microsoft.Compute/galleries/images/deploy.bicep b/modules/Microsoft.Compute/galleries/images/deploy.bicep index fd0c265da3..6df440b0d5 100644 --- a/modules/Microsoft.Compute/galleries/images/deploy.bicep +++ b/modules/Microsoft.Compute/galleries/images/deploy.bicep @@ -157,6 +157,8 @@ module galleryImage_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: image.id } }] diff --git a/modules/Microsoft.Compute/images/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Compute/images/.bicep/nested_roleAssignments.bicep index 95f8211862..f55ec89ba4 100644 --- a/modules/Microsoft.Compute/images/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Compute/images/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -52,6 +64,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: image }] diff --git a/modules/Microsoft.Compute/images/deploy.bicep b/modules/Microsoft.Compute/images/deploy.bicep index 3e57fd0ad8..a4a27a0c4a 100644 --- a/modules/Microsoft.Compute/images/deploy.bicep +++ b/modules/Microsoft.Compute/images/deploy.bicep @@ -69,6 +69,8 @@ module image_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleA principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: image.id } }] diff --git a/modules/Microsoft.Compute/proximityPlacementGroups/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Compute/proximityPlacementGroups/.bicep/nested_roleAssignments.bicep index 883e781c21..f238858e71 100644 --- a/modules/Microsoft.Compute/proximityPlacementGroups/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Compute/proximityPlacementGroups/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -54,6 +66,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: proximityPlacementGroup }] diff --git a/modules/Microsoft.Compute/proximityPlacementGroups/deploy.bicep b/modules/Microsoft.Compute/proximityPlacementGroups/deploy.bicep index da83b30727..66b04c5488 100644 --- a/modules/Microsoft.Compute/proximityPlacementGroups/deploy.bicep +++ b/modules/Microsoft.Compute/proximityPlacementGroups/deploy.bicep @@ -65,6 +65,8 @@ module proximityPlacementGroup_roleAssignments '.bicep/nested_roleAssignments.bi principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: proximityPlacementGroup.id } }] diff --git a/modules/Microsoft.Compute/virtualMachineScaleSets/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Compute/virtualMachineScaleSets/.bicep/nested_roleAssignments.bicep index a82b2c3b0d..e7aacccc1a 100644 --- a/modules/Microsoft.Compute/virtualMachineScaleSets/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Compute/virtualMachineScaleSets/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -55,6 +67,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: vmss }] diff --git a/modules/Microsoft.Compute/virtualMachineScaleSets/deploy.bicep b/modules/Microsoft.Compute/virtualMachineScaleSets/deploy.bicep index c1555834e9..db5dc67701 100644 --- a/modules/Microsoft.Compute/virtualMachineScaleSets/deploy.bicep +++ b/modules/Microsoft.Compute/virtualMachineScaleSets/deploy.bicep @@ -638,6 +638,8 @@ module vmss_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAs principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: vmss.id } }] diff --git a/modules/Microsoft.Compute/virtualMachines/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Compute/virtualMachines/.bicep/nested_roleAssignments.bicep index 71948a0ce9..749989dbbd 100644 --- a/modules/Microsoft.Compute/virtualMachines/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Compute/virtualMachines/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -56,6 +68,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: virtualMachine }] diff --git a/modules/Microsoft.Compute/virtualMachines/deploy.bicep b/modules/Microsoft.Compute/virtualMachines/deploy.bicep index 3e938b231e..b3b4b599db 100644 --- a/modules/Microsoft.Compute/virtualMachines/deploy.bicep +++ b/modules/Microsoft.Compute/virtualMachines/deploy.bicep @@ -662,6 +662,8 @@ module vm_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssi principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: vm.id } }] diff --git a/modules/Microsoft.ContainerRegistry/registries/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.ContainerRegistry/registries/.bicep/nested_roleAssignments.bicep index 4536d502de..b2a788f293 100644 --- a/modules/Microsoft.ContainerRegistry/registries/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.ContainerRegistry/registries/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -57,6 +69,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: registry }] diff --git a/modules/Microsoft.ContainerRegistry/registries/deploy.bicep b/modules/Microsoft.ContainerRegistry/registries/deploy.bicep index 451bdd7b1f..cde593ea62 100644 --- a/modules/Microsoft.ContainerRegistry/registries/deploy.bicep +++ b/modules/Microsoft.ContainerRegistry/registries/deploy.bicep @@ -318,6 +318,8 @@ module registry_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (ro principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: registry.id } }] diff --git a/modules/Microsoft.ContainerService/managedClusters/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.ContainerService/managedClusters/.bicep/nested_roleAssignments.bicep index ee50d7dcd7..bb0ddccd90 100644 --- a/modules/Microsoft.ContainerService/managedClusters/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.ContainerService/managedClusters/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -57,6 +69,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: managedCluster }] diff --git a/modules/Microsoft.ContainerService/managedClusters/deploy.bicep b/modules/Microsoft.ContainerService/managedClusters/deploy.bicep index 349f1ed662..dfb5edc731 100644 --- a/modules/Microsoft.ContainerService/managedClusters/deploy.bicep +++ b/modules/Microsoft.ContainerService/managedClusters/deploy.bicep @@ -570,6 +570,8 @@ module managedCluster_roleAssignments '.bicep/nested_roleAssignments.bicep' = [f principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: managedCluster.id } }] diff --git a/modules/Microsoft.DataFactory/factories/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.DataFactory/factories/.bicep/nested_roleAssignments.bicep index 9ec94ace90..458c9aa84e 100644 --- a/modules/Microsoft.DataFactory/factories/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.DataFactory/factories/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -49,6 +61,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: dataFactory }] diff --git a/modules/Microsoft.DataFactory/factories/deploy.bicep b/modules/Microsoft.DataFactory/factories/deploy.bicep index a297914769..2e9b8db85e 100644 --- a/modules/Microsoft.DataFactory/factories/deploy.bicep +++ b/modules/Microsoft.DataFactory/factories/deploy.bicep @@ -258,6 +258,8 @@ module dataFactory_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: dataFactory.id } }] diff --git a/modules/Microsoft.DataProtection/backupVaults/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.DataProtection/backupVaults/.bicep/nested_roleAssignments.bicep index 02cd494ea4..874599d60f 100644 --- a/modules/Microsoft.DataProtection/backupVaults/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.DataProtection/backupVaults/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -38,6 +50,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: backupVault }] diff --git a/modules/Microsoft.DataProtection/backupVaults/deploy.bicep b/modules/Microsoft.DataProtection/backupVaults/deploy.bicep index 9bf4bbd954..e940b43e9b 100644 --- a/modules/Microsoft.DataProtection/backupVaults/deploy.bicep +++ b/modules/Microsoft.DataProtection/backupVaults/deploy.bicep @@ -107,6 +107,8 @@ module backupVault_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: backupVault.id } }] diff --git a/modules/Microsoft.Databricks/workspaces/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Databricks/workspaces/.bicep/nested_roleAssignments.bicep index 1f7cd94516..63a7d73b34 100644 --- a/modules/Microsoft.Databricks/workspaces/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Databricks/workspaces/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -50,6 +62,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: workspace }] diff --git a/modules/Microsoft.Databricks/workspaces/deploy.bicep b/modules/Microsoft.Databricks/workspaces/deploy.bicep index 126ca0719e..45757bedd3 100644 --- a/modules/Microsoft.Databricks/workspaces/deploy.bicep +++ b/modules/Microsoft.Databricks/workspaces/deploy.bicep @@ -147,6 +147,8 @@ module workspace_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (r principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: workspace.id } }] diff --git a/modules/Microsoft.DesktopVirtualization/applicationgroups/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.DesktopVirtualization/applicationgroups/.bicep/nested_roleAssignments.bicep index 0af2eb4e13..36bd515bbf 100644 --- a/modules/Microsoft.DesktopVirtualization/applicationgroups/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.DesktopVirtualization/applicationgroups/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -56,6 +68,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: appGroup }] diff --git a/modules/Microsoft.DesktopVirtualization/applicationgroups/deploy.bicep b/modules/Microsoft.DesktopVirtualization/applicationgroups/deploy.bicep index 5618d12940..65e1183265 100644 --- a/modules/Microsoft.DesktopVirtualization/applicationgroups/deploy.bicep +++ b/modules/Microsoft.DesktopVirtualization/applicationgroups/deploy.bicep @@ -157,6 +157,8 @@ module appGroup_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (ro principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: appGroup.id } }] diff --git a/modules/Microsoft.DesktopVirtualization/hostpools/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.DesktopVirtualization/hostpools/.bicep/nested_roleAssignments.bicep index 4add31f03d..238c84376f 100644 --- a/modules/Microsoft.DesktopVirtualization/hostpools/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.DesktopVirtualization/hostpools/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -57,6 +69,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: hostPool }] diff --git a/modules/Microsoft.DesktopVirtualization/hostpools/deploy.bicep b/modules/Microsoft.DesktopVirtualization/hostpools/deploy.bicep index e4f3126f4b..beb5fbecb4 100644 --- a/modules/Microsoft.DesktopVirtualization/hostpools/deploy.bicep +++ b/modules/Microsoft.DesktopVirtualization/hostpools/deploy.bicep @@ -193,6 +193,8 @@ module hostPool_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (ro principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: hostPool.id } }] diff --git a/modules/Microsoft.DesktopVirtualization/scalingplans/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.DesktopVirtualization/scalingplans/.bicep/nested_roleAssignments.bicep index 4add31f03d..238c84376f 100644 --- a/modules/Microsoft.DesktopVirtualization/scalingplans/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.DesktopVirtualization/scalingplans/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -57,6 +69,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: hostPool }] diff --git a/modules/Microsoft.DesktopVirtualization/scalingplans/deploy.bicep b/modules/Microsoft.DesktopVirtualization/scalingplans/deploy.bicep index 66bf926312..09d8c936b7 100644 --- a/modules/Microsoft.DesktopVirtualization/scalingplans/deploy.bicep +++ b/modules/Microsoft.DesktopVirtualization/scalingplans/deploy.bicep @@ -142,6 +142,8 @@ module scalingplan_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: scalingPlan.id } }] diff --git a/modules/Microsoft.DesktopVirtualization/workspaces/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.DesktopVirtualization/workspaces/.bicep/nested_roleAssignments.bicep index 4aa5b62342..9510f24f3e 100644 --- a/modules/Microsoft.DesktopVirtualization/workspaces/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.DesktopVirtualization/workspaces/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -53,6 +65,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: workspace }] diff --git a/modules/Microsoft.DesktopVirtualization/workspaces/deploy.bicep b/modules/Microsoft.DesktopVirtualization/workspaces/deploy.bicep index 5f31b36f53..8879c53f78 100644 --- a/modules/Microsoft.DesktopVirtualization/workspaces/deploy.bicep +++ b/modules/Microsoft.DesktopVirtualization/workspaces/deploy.bicep @@ -124,6 +124,8 @@ module workspace_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (r principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: workspace.id } }] diff --git a/modules/Microsoft.DocumentDB/databaseAccounts/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.DocumentDB/databaseAccounts/.bicep/nested_roleAssignments.bicep index 0b05979bde..e74ad7fc69 100644 --- a/modules/Microsoft.DocumentDB/databaseAccounts/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.DocumentDB/databaseAccounts/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -52,6 +64,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: databaseAccount }] diff --git a/modules/Microsoft.DocumentDB/databaseAccounts/deploy.bicep b/modules/Microsoft.DocumentDB/databaseAccounts/deploy.bicep index 5361d5c066..aebd612634 100644 --- a/modules/Microsoft.DocumentDB/databaseAccounts/deploy.bicep +++ b/modules/Microsoft.DocumentDB/databaseAccounts/deploy.bicep @@ -314,6 +314,8 @@ module databaseAccount_roleAssignments '.bicep/nested_roleAssignments.bicep' = [ principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: databaseAccount.id } }] diff --git a/modules/Microsoft.EventGrid/systemTopics/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.EventGrid/systemTopics/.bicep/nested_roleAssignments.bicep index bba6460f24..a4b3259973 100644 --- a/modules/Microsoft.EventGrid/systemTopics/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.EventGrid/systemTopics/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -50,6 +62,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: systemTopic }] diff --git a/modules/Microsoft.EventGrid/systemTopics/deploy.bicep b/modules/Microsoft.EventGrid/systemTopics/deploy.bicep index 4f023500da..cd80306a5f 100644 --- a/modules/Microsoft.EventGrid/systemTopics/deploy.bicep +++ b/modules/Microsoft.EventGrid/systemTopics/deploy.bicep @@ -147,6 +147,8 @@ module systemTopic_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: systemTopic.id } }] diff --git a/modules/Microsoft.EventGrid/topics/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.EventGrid/topics/.bicep/nested_roleAssignments.bicep index 44af3022cf..13906d0d8f 100644 --- a/modules/Microsoft.EventGrid/topics/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.EventGrid/topics/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -50,6 +62,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: eventGrid }] diff --git a/modules/Microsoft.EventGrid/topics/deploy.bicep b/modules/Microsoft.EventGrid/topics/deploy.bicep index d9b43d4fa0..2e967fc80c 100644 --- a/modules/Microsoft.EventGrid/topics/deploy.bicep +++ b/modules/Microsoft.EventGrid/topics/deploy.bicep @@ -165,6 +165,8 @@ module topic_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleA principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: topic.id } }] diff --git a/modules/Microsoft.EventHub/namespaces/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.EventHub/namespaces/.bicep/nested_roleAssignments.bicep index 9fa7d807dd..8f8ca4b8ef 100644 --- a/modules/Microsoft.EventHub/namespaces/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.EventHub/namespaces/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -53,6 +65,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: eventHubNamespace }] diff --git a/modules/Microsoft.EventHub/namespaces/deploy.bicep b/modules/Microsoft.EventHub/namespaces/deploy.bicep index 4316710636..5f7adaa8a7 100644 --- a/modules/Microsoft.EventHub/namespaces/deploy.bicep +++ b/modules/Microsoft.EventHub/namespaces/deploy.bicep @@ -282,6 +282,8 @@ module eventHubNamespace_roleAssignments '.bicep/nested_roleAssignments.bicep' = principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: eventHubNamespace.id } }] diff --git a/modules/Microsoft.EventHub/namespaces/eventhubs/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.EventHub/namespaces/eventhubs/.bicep/nested_roleAssignments.bicep index fd0146583f..608c416af4 100644 --- a/modules/Microsoft.EventHub/namespaces/eventhubs/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.EventHub/namespaces/eventhubs/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -51,6 +63,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: eventHub }] diff --git a/modules/Microsoft.EventHub/namespaces/eventhubs/deploy.bicep b/modules/Microsoft.EventHub/namespaces/eventhubs/deploy.bicep index 9e447a54b6..ab6eee8e0e 100644 --- a/modules/Microsoft.EventHub/namespaces/eventhubs/deploy.bicep +++ b/modules/Microsoft.EventHub/namespaces/eventhubs/deploy.bicep @@ -184,6 +184,8 @@ module eventHub_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (ro principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: eventHub.id } }] diff --git a/modules/Microsoft.HealthBot/healthBots/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.HealthBot/healthBots/.bicep/nested_roleAssignments.bicep index 7895eb9e5a..94450de286 100644 --- a/modules/Microsoft.HealthBot/healthBots/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.HealthBot/healthBots/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -48,6 +60,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: healthBot }] diff --git a/modules/Microsoft.HealthBot/healthBots/deploy.bicep b/modules/Microsoft.HealthBot/healthBots/deploy.bicep index b4de7ab9c6..10fe31fc87 100644 --- a/modules/Microsoft.HealthBot/healthBots/deploy.bicep +++ b/modules/Microsoft.HealthBot/healthBots/deploy.bicep @@ -62,6 +62,8 @@ module healthBot_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (r principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: azureHealthBot.id } }] diff --git a/modules/Microsoft.Insights/actionGroups/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Insights/actionGroups/.bicep/nested_roleAssignments.bicep index 476058f9a4..19a571c7d1 100644 --- a/modules/Microsoft.Insights/actionGroups/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Insights/actionGroups/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -49,6 +61,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: actionGroup }] diff --git a/modules/Microsoft.Insights/actionGroups/deploy.bicep b/modules/Microsoft.Insights/actionGroups/deploy.bicep index fbb29d8d19..204c13899e 100644 --- a/modules/Microsoft.Insights/actionGroups/deploy.bicep +++ b/modules/Microsoft.Insights/actionGroups/deploy.bicep @@ -88,6 +88,8 @@ module actionGroup_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: actionGroup.id } }] diff --git a/modules/Microsoft.Insights/activityLogAlerts/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Insights/activityLogAlerts/.bicep/nested_roleAssignments.bicep index 5694033cdc..a3e6299f33 100644 --- a/modules/Microsoft.Insights/activityLogAlerts/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Insights/activityLogAlerts/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -49,6 +61,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: activityLogAlert }] diff --git a/modules/Microsoft.Insights/activityLogAlerts/deploy.bicep b/modules/Microsoft.Insights/activityLogAlerts/deploy.bicep index 2b73c94ef0..f4a798be60 100644 --- a/modules/Microsoft.Insights/activityLogAlerts/deploy.bicep +++ b/modules/Microsoft.Insights/activityLogAlerts/deploy.bicep @@ -71,6 +71,8 @@ module activityLogAlert_roleAssignments '.bicep/nested_roleAssignments.bicep' = principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: activityLogAlert.id } }] diff --git a/modules/Microsoft.Insights/components/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Insights/components/.bicep/nested_roleAssignments.bicep index b95fcf74f1..0d03afeef5 100644 --- a/modules/Microsoft.Insights/components/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Insights/components/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -52,6 +64,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: appInsights }] diff --git a/modules/Microsoft.Insights/components/deploy.bicep b/modules/Microsoft.Insights/components/deploy.bicep index 3bdc2f9f3d..9eacc50893 100644 --- a/modules/Microsoft.Insights/components/deploy.bicep +++ b/modules/Microsoft.Insights/components/deploy.bicep @@ -93,6 +93,8 @@ module appInsights_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: appInsights.id } }] diff --git a/modules/Microsoft.Insights/metricAlerts/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Insights/metricAlerts/.bicep/nested_roleAssignments.bicep index ec5e914fc0..ea9e25489a 100644 --- a/modules/Microsoft.Insights/metricAlerts/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Insights/metricAlerts/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -52,6 +64,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: metricAlert }] diff --git a/modules/Microsoft.Insights/metricAlerts/deploy.bicep b/modules/Microsoft.Insights/metricAlerts/deploy.bicep index 14edcd37bf..547fb36dc3 100644 --- a/modules/Microsoft.Insights/metricAlerts/deploy.bicep +++ b/modules/Microsoft.Insights/metricAlerts/deploy.bicep @@ -126,6 +126,8 @@ module metricAlert_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: metricAlert.id } }] diff --git a/modules/Microsoft.Insights/privateLinkScopes/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Insights/privateLinkScopes/.bicep/nested_roleAssignments.bicep index 71c903ae40..d15e834753 100644 --- a/modules/Microsoft.Insights/privateLinkScopes/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Insights/privateLinkScopes/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -48,6 +60,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: privateLinkScope }] diff --git a/modules/Microsoft.Insights/privateLinkScopes/deploy.bicep b/modules/Microsoft.Insights/privateLinkScopes/deploy.bicep index 9ebc791a18..9624a9b61d 100644 --- a/modules/Microsoft.Insights/privateLinkScopes/deploy.bicep +++ b/modules/Microsoft.Insights/privateLinkScopes/deploy.bicep @@ -95,6 +95,8 @@ module privateLinkScope_roleAssignments '.bicep/nested_roleAssignments.bicep' = principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: privateLinkScope.id } }] diff --git a/modules/Microsoft.Insights/scheduledQueryRules/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Insights/scheduledQueryRules/.bicep/nested_roleAssignments.bicep index 3c37c05305..ed739102d3 100644 --- a/modules/Microsoft.Insights/scheduledQueryRules/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Insights/scheduledQueryRules/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -50,6 +62,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: queryAlert }] diff --git a/modules/Microsoft.Insights/scheduledQueryRules/deploy.bicep b/modules/Microsoft.Insights/scheduledQueryRules/deploy.bicep index f9313a62ff..325eaa0b07 100644 --- a/modules/Microsoft.Insights/scheduledQueryRules/deploy.bicep +++ b/modules/Microsoft.Insights/scheduledQueryRules/deploy.bicep @@ -112,6 +112,8 @@ module queryRule_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (r principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: queryRule.id } }] diff --git a/modules/Microsoft.KeyVault/vaults/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.KeyVault/vaults/.bicep/nested_roleAssignments.bicep index b03611076e..6c5662bcc6 100644 --- a/modules/Microsoft.KeyVault/vaults/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.KeyVault/vaults/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -57,6 +69,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: keyVault }] diff --git a/modules/Microsoft.KeyVault/vaults/deploy.bicep b/modules/Microsoft.KeyVault/vaults/deploy.bicep index 1cfcef417c..85a848eab0 100644 --- a/modules/Microsoft.KeyVault/vaults/deploy.bicep +++ b/modules/Microsoft.KeyVault/vaults/deploy.bicep @@ -301,6 +301,8 @@ module keyVault_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (ro principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: keyVault.id } }] diff --git a/modules/Microsoft.KeyVault/vaults/keys/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.KeyVault/vaults/keys/.bicep/nested_roleAssignments.bicep index 7eafd1c2d8..1b36d2e935 100644 --- a/modules/Microsoft.KeyVault/vaults/keys/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.KeyVault/vaults/keys/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -56,6 +68,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: key }] diff --git a/modules/Microsoft.KeyVault/vaults/keys/deploy.bicep b/modules/Microsoft.KeyVault/vaults/keys/deploy.bicep index 1b25378b60..71e620db59 100644 --- a/modules/Microsoft.KeyVault/vaults/keys/deploy.bicep +++ b/modules/Microsoft.KeyVault/vaults/keys/deploy.bicep @@ -95,6 +95,8 @@ module key_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAss principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: key.id } }] diff --git a/modules/Microsoft.KeyVault/vaults/secrets/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.KeyVault/vaults/secrets/.bicep/nested_roleAssignments.bicep index d80da03d4d..8ba33bbc54 100644 --- a/modules/Microsoft.KeyVault/vaults/secrets/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.KeyVault/vaults/secrets/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -55,6 +67,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: secret }] diff --git a/modules/Microsoft.KeyVault/vaults/secrets/deploy.bicep b/modules/Microsoft.KeyVault/vaults/secrets/deploy.bicep index 842528bbb2..2abe71e332 100644 --- a/modules/Microsoft.KeyVault/vaults/secrets/deploy.bicep +++ b/modules/Microsoft.KeyVault/vaults/secrets/deploy.bicep @@ -68,6 +68,8 @@ module secret_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (role principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: secret.id } }] diff --git a/modules/Microsoft.Logic/workflows/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Logic/workflows/.bicep/nested_roleAssignments.bicep index 9427c50737..e10f981ace 100644 --- a/modules/Microsoft.Logic/workflows/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Logic/workflows/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -51,6 +63,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: logicApp }] diff --git a/modules/Microsoft.Logic/workflows/deploy.bicep b/modules/Microsoft.Logic/workflows/deploy.bicep index 2820d69b8c..f0dad08bfe 100644 --- a/modules/Microsoft.Logic/workflows/deploy.bicep +++ b/modules/Microsoft.Logic/workflows/deploy.bicep @@ -215,6 +215,8 @@ module logicApp_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (ro principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: logicApp.id } }] diff --git a/modules/Microsoft.MachineLearningServices/workspaces/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.MachineLearningServices/workspaces/.bicep/nested_roleAssignments.bicep index 1bd860393a..0358938d9d 100644 --- a/modules/Microsoft.MachineLearningServices/workspaces/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.MachineLearningServices/workspaces/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -49,6 +61,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: workspace }] diff --git a/modules/Microsoft.MachineLearningServices/workspaces/deploy.bicep b/modules/Microsoft.MachineLearningServices/workspaces/deploy.bicep index f8f03655ec..7eeb19dbc4 100644 --- a/modules/Microsoft.MachineLearningServices/workspaces/deploy.bicep +++ b/modules/Microsoft.MachineLearningServices/workspaces/deploy.bicep @@ -294,6 +294,8 @@ module workspace_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (r principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: workspace.id } }] diff --git a/modules/Microsoft.ManagedIdentity/userAssignedIdentities/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.ManagedIdentity/userAssignedIdentities/.bicep/nested_roleAssignments.bicep index 85fdd4d9ab..da5d83e322 100644 --- a/modules/Microsoft.ManagedIdentity/userAssignedIdentities/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.ManagedIdentity/userAssignedIdentities/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -50,6 +62,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: userMsi }] diff --git a/modules/Microsoft.ManagedIdentity/userAssignedIdentities/deploy.bicep b/modules/Microsoft.ManagedIdentity/userAssignedIdentities/deploy.bicep index 6b15bd61ad..a65529880a 100644 --- a/modules/Microsoft.ManagedIdentity/userAssignedIdentities/deploy.bicep +++ b/modules/Microsoft.ManagedIdentity/userAssignedIdentities/deploy.bicep @@ -55,6 +55,8 @@ module userMsi_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (rol principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: userMsi.id } }] diff --git a/modules/Microsoft.NetApp/netAppAccounts/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.NetApp/netAppAccounts/.bicep/nested_roleAssignments.bicep index 6473c683ef..df6f4c99d5 100644 --- a/modules/Microsoft.NetApp/netAppAccounts/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.NetApp/netAppAccounts/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -48,6 +60,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: netAppAccount }] diff --git a/modules/Microsoft.NetApp/netAppAccounts/capacityPools/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.NetApp/netAppAccounts/capacityPools/.bicep/nested_roleAssignments.bicep index 9ef2d1f9f0..aa7e9ebe26 100644 --- a/modules/Microsoft.NetApp/netAppAccounts/capacityPools/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.NetApp/netAppAccounts/capacityPools/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -48,6 +60,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: capacityPool }] diff --git a/modules/Microsoft.NetApp/netAppAccounts/capacityPools/deploy.bicep b/modules/Microsoft.NetApp/netAppAccounts/capacityPools/deploy.bicep index 53a5c5e865..885597e938 100644 --- a/modules/Microsoft.NetApp/netAppAccounts/capacityPools/deploy.bicep +++ b/modules/Microsoft.NetApp/netAppAccounts/capacityPools/deploy.bicep @@ -98,6 +98,8 @@ module capacityPool_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: capacityPool.id } }] diff --git a/modules/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/.bicep/nested_roleAssignments.bicep index fc4003f377..e11c3268cd 100644 --- a/modules/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -48,6 +60,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: volume }] diff --git a/modules/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/deploy.bicep b/modules/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/deploy.bicep index a4a39895dd..a04563d537 100644 --- a/modules/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/deploy.bicep +++ b/modules/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/deploy.bicep @@ -83,6 +83,8 @@ module volume_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (role principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: volume.id } }] diff --git a/modules/Microsoft.NetApp/netAppAccounts/deploy.bicep b/modules/Microsoft.NetApp/netAppAccounts/deploy.bicep index c7831ff6cc..14e0462d4e 100644 --- a/modules/Microsoft.NetApp/netAppAccounts/deploy.bicep +++ b/modules/Microsoft.NetApp/netAppAccounts/deploy.bicep @@ -93,6 +93,8 @@ module netAppAccount_roleAssignments '.bicep/nested_roleAssignments.bicep' = [fo principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: netAppAccount.id } }] diff --git a/modules/Microsoft.Network/applicationGateways/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/applicationGateways/.bicep/nested_roleAssignments.bicep index d851fbd618..6f39e4d4c3 100644 --- a/modules/Microsoft.Network/applicationGateways/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/applicationGateways/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -56,6 +68,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: applicationGateway }] diff --git a/modules/Microsoft.Network/applicationGateways/deploy.bicep b/modules/Microsoft.Network/applicationGateways/deploy.bicep index ea098325c2..a7cc8d8851 100644 --- a/modules/Microsoft.Network/applicationGateways/deploy.bicep +++ b/modules/Microsoft.Network/applicationGateways/deploy.bicep @@ -349,6 +349,8 @@ module applicationGateway_roleAssignments '.bicep/nested_roleAssignments.bicep' principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: applicationGateway.id } }] diff --git a/modules/Microsoft.Network/applicationSecurityGroups/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/applicationSecurityGroups/.bicep/nested_roleAssignments.bicep index da46fc14ab..4a64db3276 100644 --- a/modules/Microsoft.Network/applicationSecurityGroups/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/applicationSecurityGroups/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -55,6 +67,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: applicationSecurityGroup }] diff --git a/modules/Microsoft.Network/applicationSecurityGroups/deploy.bicep b/modules/Microsoft.Network/applicationSecurityGroups/deploy.bicep index d728abdbc5..07d8c2b9cf 100644 --- a/modules/Microsoft.Network/applicationSecurityGroups/deploy.bicep +++ b/modules/Microsoft.Network/applicationSecurityGroups/deploy.bicep @@ -56,6 +56,8 @@ module applicationSecurityGroup_roleAssignments '.bicep/nested_roleAssignments.b principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: applicationSecurityGroup.id } }] diff --git a/modules/Microsoft.Network/azureFirewalls/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/azureFirewalls/.bicep/nested_roleAssignments.bicep index 0b6ad0b35f..adb273b82c 100644 --- a/modules/Microsoft.Network/azureFirewalls/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/azureFirewalls/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -55,6 +67,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: azureFirewall }] diff --git a/modules/Microsoft.Network/azureFirewalls/deploy.bicep b/modules/Microsoft.Network/azureFirewalls/deploy.bicep index fe37638df4..1c43488988 100644 --- a/modules/Microsoft.Network/azureFirewalls/deploy.bicep +++ b/modules/Microsoft.Network/azureFirewalls/deploy.bicep @@ -275,6 +275,8 @@ module azureFirewall_roleAssignments '.bicep/nested_roleAssignments.bicep' = [fo principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: azureFirewall.id } }] diff --git a/modules/Microsoft.Network/bastionHosts/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/bastionHosts/.bicep/nested_roleAssignments.bicep index 001f37914f..9f5513b032 100644 --- a/modules/Microsoft.Network/bastionHosts/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/bastionHosts/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -55,6 +67,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: azureBastion }] diff --git a/modules/Microsoft.Network/bastionHosts/deploy.bicep b/modules/Microsoft.Network/bastionHosts/deploy.bicep index b8bb03cea4..404c8bec75 100644 --- a/modules/Microsoft.Network/bastionHosts/deploy.bicep +++ b/modules/Microsoft.Network/bastionHosts/deploy.bicep @@ -209,6 +209,8 @@ module azureBastion_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: azureBastion.id } }] diff --git a/modules/Microsoft.Network/ddosProtectionPlans/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/ddosProtectionPlans/.bicep/nested_roleAssignments.bicep index 474e421f80..75f3a4e2f1 100644 --- a/modules/Microsoft.Network/ddosProtectionPlans/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/ddosProtectionPlans/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -50,6 +62,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: ddosProtectionPlan }] diff --git a/modules/Microsoft.Network/ddosProtectionPlans/deploy.bicep b/modules/Microsoft.Network/ddosProtectionPlans/deploy.bicep index c7476e6b52..85b46d5b73 100644 --- a/modules/Microsoft.Network/ddosProtectionPlans/deploy.bicep +++ b/modules/Microsoft.Network/ddosProtectionPlans/deploy.bicep @@ -57,6 +57,8 @@ module ddosProtectionPlan_roleAssignments '.bicep/nested_roleAssignments.bicep' principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: ddosProtectionPlan.id } }] diff --git a/modules/Microsoft.Network/expressRouteCircuits/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/expressRouteCircuits/.bicep/nested_roleAssignments.bicep index 9a7e1ee92a..f63bf9cb6c 100644 --- a/modules/Microsoft.Network/expressRouteCircuits/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/expressRouteCircuits/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -50,6 +62,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: expressRouteCircuits }] diff --git a/modules/Microsoft.Network/expressRouteCircuits/deploy.bicep b/modules/Microsoft.Network/expressRouteCircuits/deploy.bicep index 63a5bb2e58..1fe5c08a4d 100644 --- a/modules/Microsoft.Network/expressRouteCircuits/deploy.bicep +++ b/modules/Microsoft.Network/expressRouteCircuits/deploy.bicep @@ -203,6 +203,8 @@ module expressRouteCircuits_roleAssignments '.bicep/nested_roleAssignments.bicep principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: expressRouteCircuits.id } }] diff --git a/modules/Microsoft.Network/frontDoors/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/frontDoors/.bicep/nested_roleAssignments.bicep index 9a72de9cc3..0f16440ece 100644 --- a/modules/Microsoft.Network/frontDoors/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/frontDoors/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -51,6 +63,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: frontDoor }] diff --git a/modules/Microsoft.Network/frontDoors/deploy.bicep b/modules/Microsoft.Network/frontDoors/deploy.bicep index fd343f3492..609b3ed924 100644 --- a/modules/Microsoft.Network/frontDoors/deploy.bicep +++ b/modules/Microsoft.Network/frontDoors/deploy.bicep @@ -164,6 +164,8 @@ module frontDoor_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (r principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: frontDoor.id } }] diff --git a/modules/Microsoft.Network/ipGroups/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/ipGroups/.bicep/nested_roleAssignments.bicep index 101a93067d..9dbde36d57 100644 --- a/modules/Microsoft.Network/ipGroups/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/ipGroups/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -50,6 +62,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: ipGroup }] diff --git a/modules/Microsoft.Network/ipGroups/deploy.bicep b/modules/Microsoft.Network/ipGroups/deploy.bicep index 8d2985142b..d81f517988 100644 --- a/modules/Microsoft.Network/ipGroups/deploy.bicep +++ b/modules/Microsoft.Network/ipGroups/deploy.bicep @@ -62,6 +62,8 @@ module ipGroup_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (rol principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: ipGroup.id } }] diff --git a/modules/Microsoft.Network/loadBalancers/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/loadBalancers/.bicep/nested_roleAssignments.bicep index 7bfcecd270..57915c648d 100644 --- a/modules/Microsoft.Network/loadBalancers/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/loadBalancers/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -54,6 +66,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: loadBalancer }] diff --git a/modules/Microsoft.Network/loadBalancers/deploy.bicep b/modules/Microsoft.Network/loadBalancers/deploy.bicep index 3a9947c23e..33757cd2ca 100644 --- a/modules/Microsoft.Network/loadBalancers/deploy.bicep +++ b/modules/Microsoft.Network/loadBalancers/deploy.bicep @@ -253,6 +253,8 @@ module loadBalancer_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: loadBalancer.id } }] diff --git a/modules/Microsoft.Network/localNetworkGateways/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/localNetworkGateways/.bicep/nested_roleAssignments.bicep index 13456f25a4..0ff4914be5 100644 --- a/modules/Microsoft.Network/localNetworkGateways/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/localNetworkGateways/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -50,6 +62,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: localNetworkGateway }] diff --git a/modules/Microsoft.Network/localNetworkGateways/deploy.bicep b/modules/Microsoft.Network/localNetworkGateways/deploy.bicep index 085112ac98..2369d03f01 100644 --- a/modules/Microsoft.Network/localNetworkGateways/deploy.bicep +++ b/modules/Microsoft.Network/localNetworkGateways/deploy.bicep @@ -88,6 +88,8 @@ module localNetworkGateway_roleAssignments '.bicep/nested_roleAssignments.bicep' principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: localNetworkGateway.id } }] diff --git a/modules/Microsoft.Network/natGateways/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/natGateways/.bicep/nested_roleAssignments.bicep index 3d771d8fe1..a7855933bd 100644 --- a/modules/Microsoft.Network/natGateways/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/natGateways/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -50,6 +62,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: natGateway }] diff --git a/modules/Microsoft.Network/natGateways/deploy.bicep b/modules/Microsoft.Network/natGateways/deploy.bicep index 0324f056e7..0d602a25a5 100644 --- a/modules/Microsoft.Network/natGateways/deploy.bicep +++ b/modules/Microsoft.Network/natGateways/deploy.bicep @@ -200,6 +200,8 @@ module natGateway_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for ( principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: natGateway.id } }] diff --git a/modules/Microsoft.Network/networkInterfaces/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/networkInterfaces/.bicep/nested_roleAssignments.bicep index e66a728227..8e1f75c6df 100644 --- a/modules/Microsoft.Network/networkInterfaces/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/networkInterfaces/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') diff --git a/modules/Microsoft.Network/networkInterfaces/deploy.bicep b/modules/Microsoft.Network/networkInterfaces/deploy.bicep index 4deafd3272..ab16b53571 100644 --- a/modules/Microsoft.Network/networkInterfaces/deploy.bicep +++ b/modules/Microsoft.Network/networkInterfaces/deploy.bicep @@ -151,6 +151,8 @@ module networkInterface_roleAssignments '.bicep/nested_roleAssignments.bicep' = principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: networkInterface.id } }] diff --git a/modules/Microsoft.Network/networkSecurityGroups/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/networkSecurityGroups/.bicep/nested_roleAssignments.bicep index 2ec942eb69..3fe623fc71 100644 --- a/modules/Microsoft.Network/networkSecurityGroups/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/networkSecurityGroups/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -53,6 +65,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: networkSecurityGroup }] diff --git a/modules/Microsoft.Network/networkSecurityGroups/deploy.bicep b/modules/Microsoft.Network/networkSecurityGroups/deploy.bicep index 26b73ce556..fd3b5a6fd2 100644 --- a/modules/Microsoft.Network/networkSecurityGroups/deploy.bicep +++ b/modules/Microsoft.Network/networkSecurityGroups/deploy.bicep @@ -157,6 +157,8 @@ module networkSecurityGroup_roleAssignments '.bicep/nested_roleAssignments.bicep principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: networkSecurityGroup.id } }] diff --git a/modules/Microsoft.Network/networkWatchers/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/networkWatchers/.bicep/nested_roleAssignments.bicep index aacdc90fac..8187cb9f01 100644 --- a/modules/Microsoft.Network/networkWatchers/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/networkWatchers/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -50,6 +62,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: networkWatcher }] diff --git a/modules/Microsoft.Network/networkWatchers/deploy.bicep b/modules/Microsoft.Network/networkWatchers/deploy.bicep index c6d977446c..ae77b9c555 100644 --- a/modules/Microsoft.Network/networkWatchers/deploy.bicep +++ b/modules/Microsoft.Network/networkWatchers/deploy.bicep @@ -65,6 +65,8 @@ module networkWatcher_roleAssignments '.bicep/nested_roleAssignments.bicep' = [f principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: networkWatcher.id } }] diff --git a/modules/Microsoft.Network/privateDnsZones/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/privateDnsZones/.bicep/nested_roleAssignments.bicep index b75bab676a..b7b880d931 100644 --- a/modules/Microsoft.Network/privateDnsZones/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/privateDnsZones/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -51,6 +63,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: privateDnsZone }] diff --git a/modules/Microsoft.Network/privateDnsZones/A/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/privateDnsZones/A/.bicep/nested_roleAssignments.bicep index e7c72f0a22..b04636f694 100644 --- a/modules/Microsoft.Network/privateDnsZones/A/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/privateDnsZones/A/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -51,6 +63,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: A }] diff --git a/modules/Microsoft.Network/privateDnsZones/A/deploy.bicep b/modules/Microsoft.Network/privateDnsZones/A/deploy.bicep index b5318a28cb..8d37144094 100644 --- a/modules/Microsoft.Network/privateDnsZones/A/deploy.bicep +++ b/modules/Microsoft.Network/privateDnsZones/A/deploy.bicep @@ -52,6 +52,8 @@ module A_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssig principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: A.id } }] diff --git a/modules/Microsoft.Network/privateDnsZones/AAAA/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/privateDnsZones/AAAA/.bicep/nested_roleAssignments.bicep index 4c1d7a8055..9dd3b41994 100644 --- a/modules/Microsoft.Network/privateDnsZones/AAAA/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/privateDnsZones/AAAA/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -51,6 +63,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: AAAA }] diff --git a/modules/Microsoft.Network/privateDnsZones/AAAA/deploy.bicep b/modules/Microsoft.Network/privateDnsZones/AAAA/deploy.bicep index 75471310d9..41ee28ac41 100644 --- a/modules/Microsoft.Network/privateDnsZones/AAAA/deploy.bicep +++ b/modules/Microsoft.Network/privateDnsZones/AAAA/deploy.bicep @@ -52,6 +52,8 @@ module AAAA_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAs principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: AAAA.id } }] diff --git a/modules/Microsoft.Network/privateDnsZones/CNAME/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/privateDnsZones/CNAME/.bicep/nested_roleAssignments.bicep index f35b9ecb27..fdbbc21f61 100644 --- a/modules/Microsoft.Network/privateDnsZones/CNAME/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/privateDnsZones/CNAME/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -51,6 +63,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: CNAME }] diff --git a/modules/Microsoft.Network/privateDnsZones/CNAME/deploy.bicep b/modules/Microsoft.Network/privateDnsZones/CNAME/deploy.bicep index dff254b6c4..ccf10def3e 100644 --- a/modules/Microsoft.Network/privateDnsZones/CNAME/deploy.bicep +++ b/modules/Microsoft.Network/privateDnsZones/CNAME/deploy.bicep @@ -52,6 +52,8 @@ module CNAME_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleA principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: CNAME.id } }] diff --git a/modules/Microsoft.Network/privateDnsZones/MX/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/privateDnsZones/MX/.bicep/nested_roleAssignments.bicep index ba3a2d0b69..0a079d37e4 100644 --- a/modules/Microsoft.Network/privateDnsZones/MX/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/privateDnsZones/MX/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -51,6 +63,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: MX }] diff --git a/modules/Microsoft.Network/privateDnsZones/MX/deploy.bicep b/modules/Microsoft.Network/privateDnsZones/MX/deploy.bicep index ad6e1c6e12..ccfaa8a0bc 100644 --- a/modules/Microsoft.Network/privateDnsZones/MX/deploy.bicep +++ b/modules/Microsoft.Network/privateDnsZones/MX/deploy.bicep @@ -52,6 +52,8 @@ module MX_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAssi principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: MX.id } }] diff --git a/modules/Microsoft.Network/privateDnsZones/PTR/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/privateDnsZones/PTR/.bicep/nested_roleAssignments.bicep index 1b57ee386f..285cbd7cfa 100644 --- a/modules/Microsoft.Network/privateDnsZones/PTR/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/privateDnsZones/PTR/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -51,6 +63,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: PTR }] diff --git a/modules/Microsoft.Network/privateDnsZones/PTR/deploy.bicep b/modules/Microsoft.Network/privateDnsZones/PTR/deploy.bicep index 123347591a..0cffc9b69b 100644 --- a/modules/Microsoft.Network/privateDnsZones/PTR/deploy.bicep +++ b/modules/Microsoft.Network/privateDnsZones/PTR/deploy.bicep @@ -38,6 +38,8 @@ module PTR_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAss principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: PTR.id } }] diff --git a/modules/Microsoft.Network/privateDnsZones/SOA/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/privateDnsZones/SOA/.bicep/nested_roleAssignments.bicep index 9181915040..4272916595 100644 --- a/modules/Microsoft.Network/privateDnsZones/SOA/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/privateDnsZones/SOA/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -51,6 +63,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: SOA }] diff --git a/modules/Microsoft.Network/privateDnsZones/SOA/deploy.bicep b/modules/Microsoft.Network/privateDnsZones/SOA/deploy.bicep index 440768cd19..23a76cbb72 100644 --- a/modules/Microsoft.Network/privateDnsZones/SOA/deploy.bicep +++ b/modules/Microsoft.Network/privateDnsZones/SOA/deploy.bicep @@ -52,6 +52,8 @@ module SOA_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAss principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: SOA.id } }] diff --git a/modules/Microsoft.Network/privateDnsZones/SRV/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/privateDnsZones/SRV/.bicep/nested_roleAssignments.bicep index f77b4b0736..2f4af9aeff 100644 --- a/modules/Microsoft.Network/privateDnsZones/SRV/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/privateDnsZones/SRV/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -51,6 +63,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: SRV }] diff --git a/modules/Microsoft.Network/privateDnsZones/SRV/deploy.bicep b/modules/Microsoft.Network/privateDnsZones/SRV/deploy.bicep index 7f3f62be7e..a037a1dead 100644 --- a/modules/Microsoft.Network/privateDnsZones/SRV/deploy.bicep +++ b/modules/Microsoft.Network/privateDnsZones/SRV/deploy.bicep @@ -52,6 +52,8 @@ module SRV_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAss principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: SRV.id } }] diff --git a/modules/Microsoft.Network/privateDnsZones/TXT/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/privateDnsZones/TXT/.bicep/nested_roleAssignments.bicep index 8635e9dd44..22f692aecd 100644 --- a/modules/Microsoft.Network/privateDnsZones/TXT/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/privateDnsZones/TXT/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -51,6 +63,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: TXT }] diff --git a/modules/Microsoft.Network/privateDnsZones/TXT/deploy.bicep b/modules/Microsoft.Network/privateDnsZones/TXT/deploy.bicep index 22ee2d2c18..2e12ffc291 100644 --- a/modules/Microsoft.Network/privateDnsZones/TXT/deploy.bicep +++ b/modules/Microsoft.Network/privateDnsZones/TXT/deploy.bicep @@ -52,6 +52,8 @@ module TXT_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAss principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: TXT.id } }] diff --git a/modules/Microsoft.Network/privateDnsZones/deploy.bicep b/modules/Microsoft.Network/privateDnsZones/deploy.bicep index fe12dc9a65..9c8616e9f0 100644 --- a/modules/Microsoft.Network/privateDnsZones/deploy.bicep +++ b/modules/Microsoft.Network/privateDnsZones/deploy.bicep @@ -201,6 +201,8 @@ module privateDnsZone_roleAssignments '.bicep/nested_roleAssignments.bicep' = [f principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: privateDnsZone.id } }] diff --git a/modules/Microsoft.Network/privateEndpoints/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/privateEndpoints/.bicep/nested_roleAssignments.bicep index b740e6f492..eb1972b296 100644 --- a/modules/Microsoft.Network/privateEndpoints/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/privateEndpoints/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -50,6 +62,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: privateEndpoint }] diff --git a/modules/Microsoft.Network/privateEndpoints/deploy.bicep b/modules/Microsoft.Network/privateEndpoints/deploy.bicep index 7f92756118..d5000940ad 100644 --- a/modules/Microsoft.Network/privateEndpoints/deploy.bicep +++ b/modules/Microsoft.Network/privateEndpoints/deploy.bicep @@ -100,6 +100,8 @@ module privateEndpoint_roleAssignments '.bicep/nested_roleAssignments.bicep' = [ principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: privateEndpoint.id } }] diff --git a/modules/Microsoft.Network/publicIPAddresses/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/publicIPAddresses/.bicep/nested_roleAssignments.bicep index 9622eda330..b56c582b02 100644 --- a/modules/Microsoft.Network/publicIPAddresses/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/publicIPAddresses/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -54,6 +66,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: publicIpAddress }] diff --git a/modules/Microsoft.Network/publicIPAddresses/deploy.bicep b/modules/Microsoft.Network/publicIPAddresses/deploy.bicep index fa00e5fb50..32ce98b45c 100644 --- a/modules/Microsoft.Network/publicIPAddresses/deploy.bicep +++ b/modules/Microsoft.Network/publicIPAddresses/deploy.bicep @@ -177,6 +177,8 @@ module publicIpAddress_roleAssignments '.bicep/nested_roleAssignments.bicep' = [ principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: publicIpAddress.id } }] diff --git a/modules/Microsoft.Network/publicIPPrefixes/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/publicIPPrefixes/.bicep/nested_roleAssignments.bicep index 435db33ba2..d92b4471dc 100644 --- a/modules/Microsoft.Network/publicIPPrefixes/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/publicIPPrefixes/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -50,6 +62,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: publicIpPrefix }] diff --git a/modules/Microsoft.Network/publicIPPrefixes/deploy.bicep b/modules/Microsoft.Network/publicIPPrefixes/deploy.bicep index 160e9ddd9f..a010a0db1e 100644 --- a/modules/Microsoft.Network/publicIPPrefixes/deploy.bicep +++ b/modules/Microsoft.Network/publicIPPrefixes/deploy.bicep @@ -68,6 +68,8 @@ module publicIpPrefix_roleAssignments '.bicep/nested_roleAssignments.bicep' = [f principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: publicIpPrefix.id } }] diff --git a/modules/Microsoft.Network/routeTables/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/routeTables/.bicep/nested_roleAssignments.bicep index 17271b59e8..32190a5465 100644 --- a/modules/Microsoft.Network/routeTables/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/routeTables/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -51,6 +63,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: routeTable }] diff --git a/modules/Microsoft.Network/routeTables/deploy.bicep b/modules/Microsoft.Network/routeTables/deploy.bicep index ac8dd9e63a..2fd2a0f402 100644 --- a/modules/Microsoft.Network/routeTables/deploy.bicep +++ b/modules/Microsoft.Network/routeTables/deploy.bicep @@ -65,6 +65,8 @@ module routeTable_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for ( principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: routeTable.id } }] diff --git a/modules/Microsoft.Network/trafficmanagerprofiles/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/trafficmanagerprofiles/.bicep/nested_roleAssignments.bicep index 10e6217855..0863d2448b 100644 --- a/modules/Microsoft.Network/trafficmanagerprofiles/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/trafficmanagerprofiles/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -51,6 +63,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: trafficmanagerprofile }] diff --git a/modules/Microsoft.Network/trafficmanagerprofiles/deploy.bicep b/modules/Microsoft.Network/trafficmanagerprofiles/deploy.bicep index b9b15370e0..05bb124eee 100644 --- a/modules/Microsoft.Network/trafficmanagerprofiles/deploy.bicep +++ b/modules/Microsoft.Network/trafficmanagerprofiles/deploy.bicep @@ -177,6 +177,8 @@ module trafficManagerProfile_roleAssignments '.bicep/nested_roleAssignments.bice principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: trafficManagerProfile.id } }] diff --git a/modules/Microsoft.Network/virtualNetworkGateways/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/virtualNetworkGateways/.bicep/nested_roleAssignments.bicep index 2c0e33a923..2c2d5db1d2 100644 --- a/modules/Microsoft.Network/virtualNetworkGateways/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/virtualNetworkGateways/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -50,6 +62,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: virtualNetworkGateway }] diff --git a/modules/Microsoft.Network/virtualNetworkGateways/deploy.bicep b/modules/Microsoft.Network/virtualNetworkGateways/deploy.bicep index 2d7f7a3bf8..e032f02953 100644 --- a/modules/Microsoft.Network/virtualNetworkGateways/deploy.bicep +++ b/modules/Microsoft.Network/virtualNetworkGateways/deploy.bicep @@ -388,6 +388,8 @@ module virtualNetworkGateway_roleAssignments '.bicep/nested_roleAssignments.bice principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: virtualNetworkGateway.id } }] diff --git a/modules/Microsoft.Network/virtualNetworks/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/virtualNetworks/.bicep/nested_roleAssignments.bicep index d401645e45..0fbd44b4ad 100644 --- a/modules/Microsoft.Network/virtualNetworks/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/virtualNetworks/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -65,6 +77,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: virtualNetwork }] diff --git a/modules/Microsoft.Network/virtualNetworks/deploy.bicep b/modules/Microsoft.Network/virtualNetworks/deploy.bicep index b6a657d283..0b84d70b6b 100644 --- a/modules/Microsoft.Network/virtualNetworks/deploy.bicep +++ b/modules/Microsoft.Network/virtualNetworks/deploy.bicep @@ -242,6 +242,8 @@ module virtualNetwork_roleAssignments '.bicep/nested_roleAssignments.bicep' = [f principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: virtualNetwork.id } }] diff --git a/modules/Microsoft.Network/virtualNetworks/subnets/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/virtualNetworks/subnets/.bicep/nested_roleAssignments.bicep index 36751d8e3a..c527f13b9e 100644 --- a/modules/Microsoft.Network/virtualNetworks/subnets/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/virtualNetworks/subnets/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -65,6 +77,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: subnet }] diff --git a/modules/Microsoft.Network/virtualNetworks/subnets/deploy.bicep b/modules/Microsoft.Network/virtualNetworks/subnets/deploy.bicep index a197a5fb98..898fc0707f 100644 --- a/modules/Microsoft.Network/virtualNetworks/subnets/deploy.bicep +++ b/modules/Microsoft.Network/virtualNetworks/subnets/deploy.bicep @@ -104,6 +104,8 @@ module subnet_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (role principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: subnet.id } }] diff --git a/modules/Microsoft.Network/virtualWans/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/virtualWans/.bicep/nested_roleAssignments.bicep index dbc3fcce9e..fe41c7b914 100644 --- a/modules/Microsoft.Network/virtualWans/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/virtualWans/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -50,6 +62,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: virtualWan }] diff --git a/modules/Microsoft.Network/virtualWans/deploy.bicep b/modules/Microsoft.Network/virtualWans/deploy.bicep index e1bc1d059c..ffd07708fa 100644 --- a/modules/Microsoft.Network/virtualWans/deploy.bicep +++ b/modules/Microsoft.Network/virtualWans/deploy.bicep @@ -77,6 +77,8 @@ module virtualWan_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for ( principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: virtualWan.id } }] diff --git a/modules/Microsoft.OperationalInsights/workspaces/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.OperationalInsights/workspaces/.bicep/nested_roleAssignments.bicep index bbd97d0598..325c6fa8dc 100644 --- a/modules/Microsoft.OperationalInsights/workspaces/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.OperationalInsights/workspaces/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -55,6 +67,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: logAnalyticsWorkspace }] diff --git a/modules/Microsoft.OperationalInsights/workspaces/deploy.bicep b/modules/Microsoft.OperationalInsights/workspaces/deploy.bicep index 09163125e9..c601cd203a 100644 --- a/modules/Microsoft.OperationalInsights/workspaces/deploy.bicep +++ b/modules/Microsoft.OperationalInsights/workspaces/deploy.bicep @@ -283,6 +283,8 @@ module logAnalyticsWorkspace_roleAssignments '.bicep/nested_roleAssignments.bice principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: logAnalyticsWorkspace.id } }] diff --git a/modules/Microsoft.RecoveryServices/vaults/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.RecoveryServices/vaults/.bicep/nested_roleAssignments.bicep index a16c2390fa..a4edf440b5 100644 --- a/modules/Microsoft.RecoveryServices/vaults/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.RecoveryServices/vaults/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -55,6 +67,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: rsv }] diff --git a/modules/Microsoft.RecoveryServices/vaults/deploy.bicep b/modules/Microsoft.RecoveryServices/vaults/deploy.bicep index 38c979b1e5..07918225c9 100644 --- a/modules/Microsoft.RecoveryServices/vaults/deploy.bicep +++ b/modules/Microsoft.RecoveryServices/vaults/deploy.bicep @@ -292,6 +292,8 @@ module rsv_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAss principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: rsv.id } }] diff --git a/modules/Microsoft.Resources/resourceGroups/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Resources/resourceGroups/.bicep/nested_roleAssignments.bicep index aec6bf8af7..8a1d612fc4 100644 --- a/modules/Microsoft.Resources/resourceGroups/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Resources/resourceGroups/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'AcrDelete': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c2f4ef07-c644-48eb-af81-4b1b4947fb11') 'AcrImageSigner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '6cef56e8-d556-48e5-a04f-b8e64114680f') @@ -204,5 +216,8 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } }] diff --git a/modules/Microsoft.Resources/resourceGroups/deploy.bicep b/modules/Microsoft.Resources/resourceGroups/deploy.bicep index 503d2fc765..461761e354 100644 --- a/modules/Microsoft.Resources/resourceGroups/deploy.bicep +++ b/modules/Microsoft.Resources/resourceGroups/deploy.bicep @@ -59,6 +59,8 @@ module resourceGroup_roleAssignments '.bicep/nested_roleAssignments.bicep' = [fo principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: resourceGroup.id } scope: resourceGroup diff --git a/modules/Microsoft.ServiceBus/namespaces/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.ServiceBus/namespaces/.bicep/nested_roleAssignments.bicep index b1f28138a1..5852e0a802 100644 --- a/modules/Microsoft.ServiceBus/namespaces/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.ServiceBus/namespaces/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -51,6 +63,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: namespace }] diff --git a/modules/Microsoft.ServiceBus/namespaces/deploy.bicep b/modules/Microsoft.ServiceBus/namespaces/deploy.bicep index 1a171abd91..536b7a7a8e 100644 --- a/modules/Microsoft.ServiceBus/namespaces/deploy.bicep +++ b/modules/Microsoft.ServiceBus/namespaces/deploy.bicep @@ -363,6 +363,8 @@ module serviceBusNamespace_roleAssignments '.bicep/nested_roleAssignments.bicep' principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: serviceBusNamespace.id } }] diff --git a/modules/Microsoft.ServiceBus/namespaces/queues/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.ServiceBus/namespaces/queues/.bicep/nested_roleAssignments.bicep index 573648e0a5..883164970b 100644 --- a/modules/Microsoft.ServiceBus/namespaces/queues/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.ServiceBus/namespaces/queues/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -51,6 +63,9 @@ resource roleAssigment 'Microsoft.Authorization/roleAssignments@2020-10-01-previ roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: queue }] diff --git a/modules/Microsoft.ServiceBus/namespaces/queues/deploy.bicep b/modules/Microsoft.ServiceBus/namespaces/queues/deploy.bicep index e4519febe4..f3dfd89835 100644 --- a/modules/Microsoft.ServiceBus/namespaces/queues/deploy.bicep +++ b/modules/Microsoft.ServiceBus/namespaces/queues/deploy.bicep @@ -147,6 +147,8 @@ module queue_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleA principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: queue.id } }] diff --git a/modules/Microsoft.ServiceBus/namespaces/topics/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.ServiceBus/namespaces/topics/.bicep/nested_roleAssignments.bicep index b67f08e3e0..ec20a14691 100644 --- a/modules/Microsoft.ServiceBus/namespaces/topics/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.ServiceBus/namespaces/topics/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -51,6 +63,9 @@ resource roleAssigment 'Microsoft.Authorization/roleAssignments@2020-10-01-previ roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: topic }] diff --git a/modules/Microsoft.ServiceBus/namespaces/topics/deploy.bicep b/modules/Microsoft.ServiceBus/namespaces/topics/deploy.bicep index b3fcc8b398..eca1634651 100644 --- a/modules/Microsoft.ServiceBus/namespaces/topics/deploy.bicep +++ b/modules/Microsoft.ServiceBus/namespaces/topics/deploy.bicep @@ -143,6 +143,8 @@ module topic_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleA principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: topic.id } }] diff --git a/modules/Microsoft.SignalRService/webPubSub/.bicep/nested_rbac.bicep b/modules/Microsoft.SignalRService/webPubSub/.bicep/nested_rbac.bicep index 5ee208ae94..94483254f0 100644 --- a/modules/Microsoft.SignalRService/webPubSub/.bicep/nested_rbac.bicep +++ b/modules/Microsoft.SignalRService/webPubSub/.bicep/nested_rbac.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -52,6 +64,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: webPubSub }] diff --git a/modules/Microsoft.SignalRService/webPubSub/deploy.bicep b/modules/Microsoft.SignalRService/webPubSub/deploy.bicep index 22678cea52..f1507698f5 100644 --- a/modules/Microsoft.SignalRService/webPubSub/deploy.bicep +++ b/modules/Microsoft.SignalRService/webPubSub/deploy.bicep @@ -153,6 +153,8 @@ module webPubSub_rbac '.bicep/nested_rbac.bicep' = [for (roleAssignment, index) principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: webPubSub.id } }] diff --git a/modules/Microsoft.Sql/managedInstances/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Sql/managedInstances/.bicep/nested_roleAssignments.bicep index 63cd145815..5ce15946ce 100644 --- a/modules/Microsoft.Sql/managedInstances/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Sql/managedInstances/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -51,6 +63,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: managedInstance }] diff --git a/modules/Microsoft.Sql/managedInstances/deploy.bicep b/modules/Microsoft.Sql/managedInstances/deploy.bicep index 4c4bbd46e3..2e85ed8935 100644 --- a/modules/Microsoft.Sql/managedInstances/deploy.bicep +++ b/modules/Microsoft.Sql/managedInstances/deploy.bicep @@ -277,6 +277,8 @@ module managedInstance_roleAssignments '.bicep/nested_roleAssignments.bicep' = [ principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: managedInstance.id } }] diff --git a/modules/Microsoft.Sql/servers/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Sql/servers/.bicep/nested_roleAssignments.bicep index be5cfb01a9..a3497ab19a 100644 --- a/modules/Microsoft.Sql/servers/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Sql/servers/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -52,6 +64,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: server }] diff --git a/modules/Microsoft.Sql/servers/deploy.bicep b/modules/Microsoft.Sql/servers/deploy.bicep index 85d606d785..cc0a4b8a4e 100644 --- a/modules/Microsoft.Sql/servers/deploy.bicep +++ b/modules/Microsoft.Sql/servers/deploy.bicep @@ -118,6 +118,8 @@ module server_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (role principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: server.id } }] diff --git a/modules/Microsoft.Storage/storageAccounts/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Storage/storageAccounts/.bicep/nested_roleAssignments.bicep index 56e8999b5a..371dbb5d5b 100644 --- a/modules/Microsoft.Storage/storageAccounts/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Storage/storageAccounts/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -75,6 +87,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: storageAccount }] diff --git a/modules/Microsoft.Storage/storageAccounts/blobServices/containers/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Storage/storageAccounts/blobServices/containers/.bicep/nested_roleAssignments.bicep index fba6716e39..abebd6f7a3 100644 --- a/modules/Microsoft.Storage/storageAccounts/blobServices/containers/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Storage/storageAccounts/blobServices/containers/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -66,6 +78,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: container }] diff --git a/modules/Microsoft.Storage/storageAccounts/blobServices/containers/deploy.bicep b/modules/Microsoft.Storage/storageAccounts/blobServices/containers/deploy.bicep index 29562e5f9c..ac86988139 100644 --- a/modules/Microsoft.Storage/storageAccounts/blobServices/containers/deploy.bicep +++ b/modules/Microsoft.Storage/storageAccounts/blobServices/containers/deploy.bicep @@ -77,6 +77,8 @@ module container_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (r principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: container.id } }] diff --git a/modules/Microsoft.Storage/storageAccounts/deploy.bicep b/modules/Microsoft.Storage/storageAccounts/deploy.bicep index 5d24b21524..9289378ce9 100644 --- a/modules/Microsoft.Storage/storageAccounts/deploy.bicep +++ b/modules/Microsoft.Storage/storageAccounts/deploy.bicep @@ -275,6 +275,8 @@ module storageAccount_roleAssignments '.bicep/nested_roleAssignments.bicep' = [f principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: storageAccount.id } }] diff --git a/modules/Microsoft.Storage/storageAccounts/fileServices/shares/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Storage/storageAccounts/fileServices/shares/.bicep/nested_roleAssignments.bicep index e20e219e6c..c04f53e73a 100644 --- a/modules/Microsoft.Storage/storageAccounts/fileServices/shares/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Storage/storageAccounts/fileServices/shares/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -75,6 +87,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: fileShare }] diff --git a/modules/Microsoft.Storage/storageAccounts/fileServices/shares/deploy.bicep b/modules/Microsoft.Storage/storageAccounts/fileServices/shares/deploy.bicep index d1fff3cd7b..aae763c92d 100644 --- a/modules/Microsoft.Storage/storageAccounts/fileServices/shares/deploy.bicep +++ b/modules/Microsoft.Storage/storageAccounts/fileServices/shares/deploy.bicep @@ -69,6 +69,8 @@ module fileShare_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (r principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: fileShare.id } }] diff --git a/modules/Microsoft.Storage/storageAccounts/queueServices/queues/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Storage/storageAccounts/queueServices/queues/.bicep/nested_roleAssignments.bicep index 66911f4dd9..8c348d0802 100644 --- a/modules/Microsoft.Storage/storageAccounts/queueServices/queues/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Storage/storageAccounts/queueServices/queues/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -72,6 +84,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: queue }] diff --git a/modules/Microsoft.Storage/storageAccounts/queueServices/queues/deploy.bicep b/modules/Microsoft.Storage/storageAccounts/queueServices/queues/deploy.bicep index ef945796ff..fe8ce29f61 100644 --- a/modules/Microsoft.Storage/storageAccounts/queueServices/queues/deploy.bicep +++ b/modules/Microsoft.Storage/storageAccounts/queueServices/queues/deploy.bicep @@ -52,6 +52,8 @@ module queue_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleA principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: queue.id } }] diff --git a/modules/Microsoft.Synapse/privateLinkHubs/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Synapse/privateLinkHubs/.bicep/nested_roleAssignments.bicep index 810e105821..cacd538cdd 100644 --- a/modules/Microsoft.Synapse/privateLinkHubs/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Synapse/privateLinkHubs/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -48,6 +60,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: privateLinkHub }] diff --git a/modules/Microsoft.Synapse/privateLinkHubs/deploy.bicep b/modules/Microsoft.Synapse/privateLinkHubs/deploy.bicep index 7953f72058..1bfed5a231 100644 --- a/modules/Microsoft.Synapse/privateLinkHubs/deploy.bicep +++ b/modules/Microsoft.Synapse/privateLinkHubs/deploy.bicep @@ -62,6 +62,8 @@ module privateLinkHub_roleAssignments '.bicep/nested_roleAssignments.bicep' = [f principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: privateLinkHub.id } }] diff --git a/modules/Microsoft.VirtualMachineImages/imageTemplates/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.VirtualMachineImages/imageTemplates/.bicep/nested_roleAssignments.bicep index 1bd3d488bf..73d057c289 100644 --- a/modules/Microsoft.VirtualMachineImages/imageTemplates/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.VirtualMachineImages/imageTemplates/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -48,6 +60,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: imageTemplate }] diff --git a/modules/Microsoft.VirtualMachineImages/imageTemplates/deploy.bicep b/modules/Microsoft.VirtualMachineImages/imageTemplates/deploy.bicep index 5af926bba2..573f3a2a52 100644 --- a/modules/Microsoft.VirtualMachineImages/imageTemplates/deploy.bicep +++ b/modules/Microsoft.VirtualMachineImages/imageTemplates/deploy.bicep @@ -171,6 +171,8 @@ module imageTemplate_roleAssignments '.bicep/nested_roleAssignments.bicep' = [fo principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: imageTemplate.id } }] diff --git a/modules/Microsoft.Web/connections/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Web/connections/.bicep/nested_roleAssignments.bicep index e34dc1dff1..8dbd2f92b9 100644 --- a/modules/Microsoft.Web/connections/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Web/connections/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -50,6 +62,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: connection }] diff --git a/modules/Microsoft.Web/connections/deploy.bicep b/modules/Microsoft.Web/connections/deploy.bicep index cb7ee4b257..6c75c1bf42 100644 --- a/modules/Microsoft.Web/connections/deploy.bicep +++ b/modules/Microsoft.Web/connections/deploy.bicep @@ -89,6 +89,8 @@ module connection_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for ( principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: connection.id } }] diff --git a/modules/Microsoft.Web/hostingEnvironments/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Web/hostingEnvironments/.bicep/nested_roleAssignments.bicep index 698394c2cf..0ef2a76c30 100644 --- a/modules/Microsoft.Web/hostingEnvironments/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Web/hostingEnvironments/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -49,6 +61,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: appServiceEnvironment }] diff --git a/modules/Microsoft.Web/hostingEnvironments/deploy.bicep b/modules/Microsoft.Web/hostingEnvironments/deploy.bicep index b93e5bd838..c48db682e0 100644 --- a/modules/Microsoft.Web/hostingEnvironments/deploy.bicep +++ b/modules/Microsoft.Web/hostingEnvironments/deploy.bicep @@ -177,6 +177,8 @@ module appServiceEnvironment_roleAssignments '.bicep/nested_roleAssignments.bice principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: appServiceEnvironment.id } }] diff --git a/modules/Microsoft.Web/serverfarms/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Web/serverfarms/.bicep/nested_roleAssignments.bicep index 459ca0ee20..987c0ee6b6 100644 --- a/modules/Microsoft.Web/serverfarms/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Web/serverfarms/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -52,6 +64,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: appServicePlan }] diff --git a/modules/Microsoft.Web/serverfarms/deploy.bicep b/modules/Microsoft.Web/serverfarms/deploy.bicep index a9d9f988c2..02ba34d065 100644 --- a/modules/Microsoft.Web/serverfarms/deploy.bicep +++ b/modules/Microsoft.Web/serverfarms/deploy.bicep @@ -163,6 +163,8 @@ module appServicePlan_roleAssignments '.bicep/nested_roleAssignments.bicep' = [f principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: appServicePlan.id } }] diff --git a/modules/Microsoft.Web/sites/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Web/sites/.bicep/nested_roleAssignments.bicep index ff31a44080..b51f6c00e4 100644 --- a/modules/Microsoft.Web/sites/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Web/sites/.bicep/nested_roleAssignments.bicep @@ -21,6 +21,18 @@ param principalType string = '' @sys.description('Optional. The description of the role assignment.') param description string = '' +@sys.description('Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container"') +param condition string = '' + +@sys.description('Optional. Version of the condition.') +@allowed([ + '2.0' +]) +param conditionVersion string = '2.0' + +@sys.description('Optional. Id of the delegated managed identity resource.') +param delegatedManagedIdentityResourceId string = '' + var builtInRoleNames = { 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') @@ -50,6 +62,9 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: app }] diff --git a/modules/Microsoft.Web/sites/deploy.bicep b/modules/Microsoft.Web/sites/deploy.bicep index 0c284bbf2e..d519dda124 100644 --- a/modules/Microsoft.Web/sites/deploy.bicep +++ b/modules/Microsoft.Web/sites/deploy.bicep @@ -251,6 +251,8 @@ module app_roleAssignments '.bicep/nested_roleAssignments.bicep' = [for (roleAss principalIds: roleAssignment.principalIds principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName + condition: contains(roleAssignment, 'condition') ? roleAssignment.condition : '' + delegatedManagedIdentityResourceId: contains(roleAssignment, 'delegatedManagedIdentityResourceId') ? roleAssignment.delegatedManagedIdentityResourceId : '' resourceId: app.id } }] From 8894785a4152022e2527ed1a9f3439748213fcda Mon Sep 17 00:00:00 2001 From: MrMCake Date: Mon, 8 Aug 2022 20:12:42 +0200 Subject: [PATCH 3/5] Resolved several issues / warnings --- modules/Microsoft.Automation/automationAccounts/deploy.bicep | 1 + .../automationAccounts/jobSchedules/deploy.bicep | 2 +- .../automationAccounts/jobSchedules/readme.md | 2 +- .../networkInterfaces/.bicep/nested_roleAssignments.bicep | 5 ++++- .../Microsoft.Synapse/workspaces/.bicep/nested_cmkRbac.bicep | 2 +- modules/Microsoft.Synapse/workspaces/readme.md | 2 +- 6 files changed, 9 insertions(+), 5 deletions(-) diff --git a/modules/Microsoft.Automation/automationAccounts/deploy.bicep b/modules/Microsoft.Automation/automationAccounts/deploy.bicep index 269c006d6c..95a8f89c29 100644 --- a/modules/Microsoft.Automation/automationAccounts/deploy.bicep +++ b/modules/Microsoft.Automation/automationAccounts/deploy.bicep @@ -242,6 +242,7 @@ module automationAccount_runbooks 'runbooks/deploy.bicep' = [for (runbook, index module automationAccount_jobSchedules 'jobSchedules/deploy.bicep' = [for (jobSchedule, index) in jobSchedules: { name: '${uniqueString(deployment().name, location)}-AutoAccount-JobSchedule-${index}' params: { + name: contains(jobSchedule, 'name') ? jobSchedule.name : uniqueString(name, subscription().id) automationAccountName: automationAccount.name runbookName: jobSchedule.runbookName scheduleName: jobSchedule.scheduleName diff --git a/modules/Microsoft.Automation/automationAccounts/jobSchedules/deploy.bicep b/modules/Microsoft.Automation/automationAccounts/jobSchedules/deploy.bicep index d0e4961052..4739908f63 100644 --- a/modules/Microsoft.Automation/automationAccounts/jobSchedules/deploy.bicep +++ b/modules/Microsoft.Automation/automationAccounts/jobSchedules/deploy.bicep @@ -1,5 +1,5 @@ @description('Optional. Name of the Automation Account job schedule. Must be a GUID. If not provided, a new GUID is generated.') -param name string = newGuid() +param name string = uniqueString(automationAccountName, subscription().id) @description('Conditional. The name of the parent Automation Account. Required if the template is used in a standalone deployment.') param automationAccountName string diff --git a/modules/Microsoft.Automation/automationAccounts/jobSchedules/readme.md b/modules/Microsoft.Automation/automationAccounts/jobSchedules/readme.md index f859ea827c..826eb55954 100644 --- a/modules/Microsoft.Automation/automationAccounts/jobSchedules/readme.md +++ b/modules/Microsoft.Automation/automationAccounts/jobSchedules/readme.md @@ -31,7 +31,7 @@ This module deploys an Azure Automation Account Job Schedule. | Parameter Name | Type | Default Value | Description | | :-- | :-- | :-- | :-- | | `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `name` | string | `[newGuid()]` | Name of the Automation Account job schedule. Must be a GUID. If not provided, a new GUID is generated. | +| `name` | string | `[uniqueString(parameters('automationAccountName'), subscription().id)]` | Name of the Automation Account job schedule. Must be a GUID. If not provided, a new GUID is generated. | | `parameters` | object | `{object}` | List of job properties. | | `runOn` | string | `''` | The hybrid worker group that the scheduled job should run on. | diff --git a/modules/Microsoft.Network/networkInterfaces/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/networkInterfaces/.bicep/nested_roleAssignments.bicep index 8e1f75c6df..d477262fe5 100644 --- a/modules/Microsoft.Network/networkInterfaces/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/networkInterfaces/.bicep/nested_roleAssignments.bicep @@ -69,7 +69,10 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-prev description: description roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName principalId: principalId - principalType: any(!empty(principalType) ? principalType : null) + principalType: !empty(principalType) ? any(principalType) : null + condition: !empty(condition) ? condition : null + conditionVersion: !empty(conditionVersion) ? conditionVersion : null + delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: networkInterface }] diff --git a/modules/Microsoft.Synapse/workspaces/.bicep/nested_cmkRbac.bicep b/modules/Microsoft.Synapse/workspaces/.bicep/nested_cmkRbac.bicep index 4c30fb8494..716a02a3d8 100644 --- a/modules/Microsoft.Synapse/workspaces/.bicep/nested_cmkRbac.bicep +++ b/modules/Microsoft.Synapse/workspaces/.bicep/nested_cmkRbac.bicep @@ -8,7 +8,7 @@ resource keyVault 'Microsoft.KeyVault/vaults@2019-09-01' existing = { } // Assign RBAC role Key Vault Crypto User -resource workspace_cmk_rbac 'Microsoft.Authorization/roleAssignments@2021-04-01-preview' = if (usesRbacAuthorization) { +resource workspace_cmk_rbac 'Microsoft.Authorization/roleAssignments@2022-04-01' = if (usesRbacAuthorization) { name: '${workspaceIdentity}-cmk-rbac' properties: { roleDefinitionId: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '12338af0-0e69-4776-bea7-57ae8d297424') diff --git a/modules/Microsoft.Synapse/workspaces/readme.md b/modules/Microsoft.Synapse/workspaces/readme.md index 3a3635bf0d..b0960812ec 100644 --- a/modules/Microsoft.Synapse/workspaces/readme.md +++ b/modules/Microsoft.Synapse/workspaces/readme.md @@ -14,7 +14,7 @@ This module deploys a Synapse Workspace. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2021-04-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | | `Microsoft.KeyVault/vaults/accessPolicies` | [2021-06-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.KeyVault/2021-06-01-preview/vaults/accessPolicies) | From 0a1d674d62feb658a2cf066adf975b46111f0d2f Mon Sep 17 00:00:00 2001 From: MrMCake Date: Mon, 8 Aug 2022 20:56:07 +0200 Subject: [PATCH 4/5] Updated further RBAC implementations --- .../roleAssignments-multiRolesMultiPrincipals/readme.md | 2 +- constructs/Microsoft.Compute/virtualMachinesMultiple/readme.md | 2 +- docs/wiki/The library - Module design.md | 2 +- .../DomainServices/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.AAD/DomainServices/readme.md | 2 +- .../servers/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.AnalysisServices/servers/readme.md | 2 +- .../service/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.ApiManagement/service/readme.md | 2 +- .../configurationStores/.bicep/nested_roleAssignments.bicep | 2 +- .../keyValues/.bicep/nested_roleAssignments.bicep | 2 +- .../Microsoft.AppConfiguration/configurationStores/readme.md | 2 +- .../policyAssignments/managementGroup/deploy.bicep | 2 +- .../policyAssignments/managementGroup/readme.md | 2 +- modules/Microsoft.Authorization/policyAssignments/readme.md | 2 +- .../policyAssignments/resourceGroup/deploy.bicep | 2 +- .../policyAssignments/resourceGroup/readme.md | 2 +- .../policyAssignments/subscription/deploy.bicep | 2 +- .../policyAssignments/subscription/readme.md | 2 +- .../roleAssignments/managementGroup/deploy.bicep | 2 +- .../roleAssignments/managementGroup/readme.md | 2 +- modules/Microsoft.Authorization/roleAssignments/readme.md | 2 +- .../roleAssignments/resourceGroup/deploy.bicep | 2 +- .../roleAssignments/resourceGroup/readme.md | 2 +- .../roleAssignments/subscription/deploy.bicep | 2 +- .../roleAssignments/subscription/readme.md | 2 +- .../automationAccounts/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Automation/automationAccounts/readme.md | 2 +- modules/Microsoft.Batch/batchAccounts/readme.md | 2 +- modules/Microsoft.Cache/redis/.bicep/nested_rbac.bicep | 2 +- modules/Microsoft.Cache/redis/readme.md | 2 +- .../accounts/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.CognitiveServices/accounts/readme.md | 2 +- .../availabilitySets/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Compute/availabilitySets/readme.md | 2 +- .../diskEncryptionSets/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Compute/diskEncryptionSets/readme.md | 2 +- .../Microsoft.Compute/disks/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Compute/disks/readme.md | 2 +- .../galleries/.bicep/nested_roleAssignments.bicep | 2 +- .../galleries/images/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Compute/galleries/images/readme.md | 2 +- modules/Microsoft.Compute/galleries/readme.md | 2 +- .../images/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Compute/images/readme.md | 2 +- .../.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Compute/proximityPlacementGroups/readme.md | 2 +- .../virtualMachineScaleSets/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Compute/virtualMachineScaleSets/readme.md | 2 +- .../virtualMachines/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Compute/virtualMachines/readme.md | 2 +- .../registries/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.ContainerRegistry/registries/readme.md | 2 +- .../managedClusters/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.ContainerService/managedClusters/readme.md | 2 +- .../factories/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.DataFactory/factories/readme.md | 2 +- .../backupVaults/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.DataProtection/backupVaults/readme.md | 2 +- .../workspaces/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Databricks/workspaces/readme.md | 2 +- .../applicationgroups/.bicep/nested_roleAssignments.bicep | 2 +- .../Microsoft.DesktopVirtualization/applicationgroups/readme.md | 2 +- .../hostpools/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.DesktopVirtualization/hostpools/readme.md | 2 +- .../scalingplans/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.DesktopVirtualization/scalingplans/readme.md | 2 +- .../workspaces/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.DesktopVirtualization/workspaces/readme.md | 2 +- .../databaseAccounts/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.DocumentDB/databaseAccounts/readme.md | 2 +- .../systemTopics/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.EventGrid/systemTopics/readme.md | 2 +- .../topics/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.EventGrid/topics/readme.md | 2 +- .../namespaces/.bicep/nested_roleAssignments.bicep | 2 +- .../namespaces/eventhubs/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.EventHub/namespaces/eventhubs/readme.md | 2 +- modules/Microsoft.EventHub/namespaces/readme.md | 2 +- .../healthBots/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.HealthBot/healthBots/readme.md | 2 +- .../actionGroups/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Insights/actionGroups/readme.md | 2 +- .../activityLogAlerts/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Insights/activityLogAlerts/readme.md | 2 +- .../components/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Insights/components/readme.md | 2 +- .../metricAlerts/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Insights/metricAlerts/readme.md | 2 +- .../privateLinkScopes/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Insights/privateLinkScopes/readme.md | 2 +- .../scheduledQueryRules/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Insights/scheduledQueryRules/readme.md | 2 +- .../vaults/.bicep/nested_roleAssignments.bicep | 2 +- .../vaults/keys/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.KeyVault/vaults/keys/readme.md | 2 +- modules/Microsoft.KeyVault/vaults/readme.md | 2 +- .../vaults/secrets/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.KeyVault/vaults/secrets/readme.md | 2 +- .../workflows/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Logic/workflows/readme.md | 2 +- .../workspaces/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.MachineLearningServices/workspaces/readme.md | 2 +- .../userAssignedIdentities/.bicep/nested_roleAssignments.bicep | 2 +- .../Microsoft.ManagedIdentity/userAssignedIdentities/readme.md | 2 +- .../netAppAccounts/.bicep/nested_roleAssignments.bicep | 2 +- .../capacityPools/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.NetApp/netAppAccounts/capacityPools/readme.md | 2 +- .../capacityPools/volumes/.bicep/nested_roleAssignments.bicep | 2 +- .../netAppAccounts/capacityPools/volumes/readme.md | 2 +- modules/Microsoft.NetApp/netAppAccounts/readme.md | 2 +- .../applicationGateways/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Network/applicationGateways/readme.md | 2 +- .../.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Network/applicationSecurityGroups/readme.md | 2 +- .../azureFirewalls/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Network/azureFirewalls/readme.md | 2 +- .../bastionHosts/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Network/bastionHosts/readme.md | 2 +- .../ddosProtectionPlans/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Network/ddosProtectionPlans/readme.md | 2 +- .../expressRouteCircuits/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Network/expressRouteCircuits/readme.md | 2 +- .../frontDoors/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Network/frontDoors/readme.md | 2 +- .../ipGroups/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Network/ipGroups/readme.md | 2 +- .../loadBalancers/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Network/loadBalancers/readme.md | 2 +- .../localNetworkGateways/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Network/localNetworkGateways/readme.md | 2 +- .../natGateways/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Network/natGateways/readme.md | 2 +- .../networkInterfaces/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Network/networkInterfaces/readme.md | 2 +- .../networkSecurityGroups/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Network/networkSecurityGroups/readme.md | 2 +- .../networkWatchers/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Network/networkWatchers/readme.md | 2 +- .../privateDnsZones/.bicep/nested_roleAssignments.bicep | 2 +- .../privateDnsZones/A/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Network/privateDnsZones/A/readme.md | 2 +- .../privateDnsZones/AAAA/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Network/privateDnsZones/AAAA/readme.md | 2 +- .../privateDnsZones/CNAME/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Network/privateDnsZones/CNAME/readme.md | 2 +- .../privateDnsZones/MX/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Network/privateDnsZones/MX/readme.md | 2 +- .../privateDnsZones/PTR/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Network/privateDnsZones/PTR/readme.md | 2 +- .../privateDnsZones/SOA/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Network/privateDnsZones/SOA/readme.md | 2 +- .../privateDnsZones/SRV/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Network/privateDnsZones/SRV/readme.md | 2 +- .../privateDnsZones/TXT/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Network/privateDnsZones/TXT/readme.md | 2 +- modules/Microsoft.Network/privateDnsZones/readme.md | 2 +- .../privateEndpoints/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Network/privateEndpoints/readme.md | 2 +- .../publicIPAddresses/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Network/publicIPAddresses/readme.md | 2 +- .../publicIPPrefixes/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Network/publicIPPrefixes/readme.md | 2 +- .../routeTables/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Network/routeTables/readme.md | 2 +- .../trafficmanagerprofiles/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Network/trafficmanagerprofiles/readme.md | 2 +- .../virtualNetworkGateways/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Network/virtualNetworkGateways/readme.md | 2 +- .../virtualNetworks/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Network/virtualNetworks/readme.md | 2 +- .../virtualNetworks/subnets/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Network/virtualNetworks/subnets/readme.md | 2 +- .../virtualWans/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Network/virtualWans/readme.md | 2 +- .../vpnSites/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Network/vpnSites/readme.md | 2 +- .../workspaces/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.OperationalInsights/workspaces/readme.md | 2 +- .../vaults/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.RecoveryServices/vaults/readme.md | 2 +- .../resourceGroups/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Resources/resourceGroups/readme.md | 2 +- .../namespaces/.bicep/nested_roleAssignments.bicep | 2 +- .../namespaces/queues/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.ServiceBus/namespaces/queues/readme.md | 2 +- modules/Microsoft.ServiceBus/namespaces/readme.md | 2 +- .../namespaces/topics/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.ServiceBus/namespaces/topics/readme.md | 2 +- .../Microsoft.SignalRService/webPubSub/.bicep/nested_rbac.bicep | 2 +- modules/Microsoft.SignalRService/webPubSub/readme.md | 2 +- .../managedInstances/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Sql/managedInstances/readme.md | 2 +- .../Microsoft.Sql/servers/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Sql/servers/readme.md | 2 +- .../storageAccounts/.bicep/nested_roleAssignments.bicep | 2 +- .../blobServices/containers/.bicep/nested_roleAssignments.bicep | 2 +- .../storageAccounts/blobServices/containers/readme.md | 2 +- .../Microsoft.Storage/storageAccounts/blobServices/readme.md | 2 +- .../Microsoft.Storage/storageAccounts/fileServices/readme.md | 2 +- .../fileServices/shares/.bicep/nested_roleAssignments.bicep | 2 +- .../storageAccounts/fileServices/shares/readme.md | 2 +- .../queueServices/queues/.bicep/nested_roleAssignments.bicep | 2 +- .../storageAccounts/queueServices/queues/readme.md | 2 +- .../Microsoft.Storage/storageAccounts/queueServices/readme.md | 2 +- modules/Microsoft.Storage/storageAccounts/readme.md | 2 +- .../privateLinkHubs/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Synapse/privateLinkHubs/readme.md | 2 +- modules/Microsoft.Synapse/workspaces/.bicep/nested_rbac.bicep | 2 +- modules/Microsoft.Synapse/workspaces/readme.md | 2 +- .../imageTemplates/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.VirtualMachineImages/imageTemplates/readme.md | 2 +- .../connections/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Web/connections/readme.md | 2 +- .../hostingEnvironments/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Web/hostingEnvironments/readme.md | 2 +- .../serverfarms/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Web/serverfarms/readme.md | 2 +- modules/Microsoft.Web/sites/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Web/sites/readme.md | 2 +- .../staticSites/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Web/staticSites/readme.md | 2 +- utilities/tools/Get-LinkedModuleList.ps1 | 2 +- 223 files changed, 223 insertions(+), 223 deletions(-) diff --git a/constructs/Microsoft.Authorization/roleAssignments-multiRolesMultiPrincipals/readme.md b/constructs/Microsoft.Authorization/roleAssignments-multiRolesMultiPrincipals/readme.md index 33de0faaef..276ba09b4a 100644 --- a/constructs/Microsoft.Authorization/roleAssignments-multiRolesMultiPrincipals/readme.md +++ b/constructs/Microsoft.Authorization/roleAssignments-multiRolesMultiPrincipals/readme.md @@ -13,7 +13,7 @@ This module deploys Role Assignments. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | ## Parameters diff --git a/constructs/Microsoft.Compute/virtualMachinesMultiple/readme.md b/constructs/Microsoft.Compute/virtualMachinesMultiple/readme.md index 42548137ef..758b2eb951 100644 --- a/constructs/Microsoft.Compute/virtualMachinesMultiple/readme.md +++ b/constructs/Microsoft.Compute/virtualMachinesMultiple/readme.md @@ -13,7 +13,7 @@ This module deploys one or multiple Virtual Machines. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Automanage/configurationProfileAssignments` | [2021-04-30-preview](https://docs.microsoft.com/en-us/azure/templates) | | `Microsoft.Compute/virtualMachines` | [2021-07-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Compute/2021-07-01/virtualMachines) | | `Microsoft.Compute/virtualMachines/extensions` | [2021-07-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Compute/2021-07-01/virtualMachines/extensions) | diff --git a/docs/wiki/The library - Module design.md b/docs/wiki/The library - Module design.md index 800e158f27..28fc71a331 100644 --- a/docs/wiki/The library - Module design.md +++ b/docs/wiki/The library - Module design.md @@ -227,7 +227,7 @@ resource '/@.id, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/modules/Microsoft.AAD/DomainServices/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.AAD/DomainServices/.bicep/nested_roleAssignments.bicep index ae4435779e..969156b15c 100644 --- a/modules/Microsoft.AAD/DomainServices/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.AAD/DomainServices/.bicep/nested_roleAssignments.bicep @@ -70,7 +70,7 @@ resource AzureADDS 'Microsoft.AAD/DomainServices@2021-05-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(AzureADDS.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.AAD/DomainServices/readme.md b/modules/Microsoft.AAD/DomainServices/readme.md index d534a730f4..45eef30410 100644 --- a/modules/Microsoft.AAD/DomainServices/readme.md +++ b/modules/Microsoft.AAD/DomainServices/readme.md @@ -16,7 +16,7 @@ This template deploys Azure Active Directory Domain Services (AADDS). | :-- | :-- | | `Microsoft.AAD/domainServices` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.AAD/2021-05-01/domainServices) | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | ## Parameters diff --git a/modules/Microsoft.AnalysisServices/servers/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.AnalysisServices/servers/.bicep/nested_roleAssignments.bicep index c04012fc46..c3821f8b9a 100644 --- a/modules/Microsoft.AnalysisServices/servers/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.AnalysisServices/servers/.bicep/nested_roleAssignments.bicep @@ -53,7 +53,7 @@ resource server 'Microsoft.AnalysisServices/servers@2017-08-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(server.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.AnalysisServices/servers/readme.md b/modules/Microsoft.AnalysisServices/servers/readme.md index 8cf4e035df..9e7e2ac350 100644 --- a/modules/Microsoft.AnalysisServices/servers/readme.md +++ b/modules/Microsoft.AnalysisServices/servers/readme.md @@ -15,7 +15,7 @@ This module deploys an Analysis Services Server. | :-- | :-- | | `Microsoft.AnalysisServices/servers` | [2017-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.AnalysisServices/2017-08-01/servers) | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | ## Parameters diff --git a/modules/Microsoft.ApiManagement/service/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.ApiManagement/service/.bicep/nested_roleAssignments.bicep index 5210f6832f..d182b08972 100644 --- a/modules/Microsoft.ApiManagement/service/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.ApiManagement/service/.bicep/nested_roleAssignments.bicep @@ -56,7 +56,7 @@ resource service 'Microsoft.ApiManagement/service@2020-12-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(service.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.ApiManagement/service/readme.md b/modules/Microsoft.ApiManagement/service/readme.md index 51dc87115d..a9e6adefa0 100644 --- a/modules/Microsoft.ApiManagement/service/readme.md +++ b/modules/Microsoft.ApiManagement/service/readme.md @@ -30,7 +30,7 @@ This module deploys an API management service. | `Microsoft.ApiManagement/service/products/groups` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/products/groups) | | `Microsoft.ApiManagement/service/subscriptions` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ApiManagement/2021-08-01/service/subscriptions) | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | ## Parameters diff --git a/modules/Microsoft.AppConfiguration/configurationStores/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.AppConfiguration/configurationStores/.bicep/nested_roleAssignments.bicep index 521bc93ee3..89f0f16520 100644 --- a/modules/Microsoft.AppConfiguration/configurationStores/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.AppConfiguration/configurationStores/.bicep/nested_roleAssignments.bicep @@ -55,7 +55,7 @@ resource appConfiguration 'Microsoft.AppConfiguration/configurationStores@2021-1 name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(appConfiguration.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.AppConfiguration/configurationStores/keyValues/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.AppConfiguration/configurationStores/keyValues/.bicep/nested_roleAssignments.bicep index 095aca3c11..44de91061d 100644 --- a/modules/Microsoft.AppConfiguration/configurationStores/keyValues/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.AppConfiguration/configurationStores/keyValues/.bicep/nested_roleAssignments.bicep @@ -55,7 +55,7 @@ resource appConfiguration 'Microsoft.AppConfiguration/configurationStores@2021-1 name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(appConfiguration.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.AppConfiguration/configurationStores/readme.md b/modules/Microsoft.AppConfiguration/configurationStores/readme.md index 0ca1f373ad..2985e2ae23 100644 --- a/modules/Microsoft.AppConfiguration/configurationStores/readme.md +++ b/modules/Microsoft.AppConfiguration/configurationStores/readme.md @@ -16,7 +16,7 @@ This module deploys an App Configuration Store. | `Microsoft.AppConfiguration/configurationStores` | [2021-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.AppConfiguration/2021-10-01-preview/configurationStores) | | `Microsoft.AppConfiguration/configurationStores/keyValues` | [2021-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.AppConfiguration/2021-10-01-preview/configurationStores/keyValues) | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | | `Microsoft.Network/privateEndpoints` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/privateEndpoints) | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/privateEndpoints/privateDnsZoneGroups) | diff --git a/modules/Microsoft.Authorization/policyAssignments/managementGroup/deploy.bicep b/modules/Microsoft.Authorization/policyAssignments/managementGroup/deploy.bicep index 9c491f4ac8..a0ba11b562 100644 --- a/modules/Microsoft.Authorization/policyAssignments/managementGroup/deploy.bicep +++ b/modules/Microsoft.Authorization/policyAssignments/managementGroup/deploy.bicep @@ -94,7 +94,7 @@ resource policyAssignment 'Microsoft.Authorization/policyAssignments@2021-06-01' identity: identity_var } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for roleDefinitionId in roleDefinitionIds: if (!empty(roleDefinitionIds) && identity == 'SystemAssigned') { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for roleDefinitionId in roleDefinitionIds: if (!empty(roleDefinitionIds) && identity == 'SystemAssigned') { name: guid(managementGroupId, roleDefinitionId, location, name) properties: { roleDefinitionId: roleDefinitionId diff --git a/modules/Microsoft.Authorization/policyAssignments/managementGroup/readme.md b/modules/Microsoft.Authorization/policyAssignments/managementGroup/readme.md index cddd198d17..65a5bf0a60 100644 --- a/modules/Microsoft.Authorization/policyAssignments/managementGroup/readme.md +++ b/modules/Microsoft.Authorization/policyAssignments/managementGroup/readme.md @@ -13,7 +13,7 @@ With this module you can perform policy assignments on a management group level. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/policyAssignments` | [2021-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-06-01/policyAssignments) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | ## Parameters diff --git a/modules/Microsoft.Authorization/policyAssignments/readme.md b/modules/Microsoft.Authorization/policyAssignments/readme.md index 3ecaaa5184..c3e59f50d7 100644 --- a/modules/Microsoft.Authorization/policyAssignments/readme.md +++ b/modules/Microsoft.Authorization/policyAssignments/readme.md @@ -15,7 +15,7 @@ With this module you can perform policy assignments across the management group, | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/policyAssignments` | [2021-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-06-01/policyAssignments) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | ## Parameters diff --git a/modules/Microsoft.Authorization/policyAssignments/resourceGroup/deploy.bicep b/modules/Microsoft.Authorization/policyAssignments/resourceGroup/deploy.bicep index 2cd0edbf87..0f5bf6fcf5 100644 --- a/modules/Microsoft.Authorization/policyAssignments/resourceGroup/deploy.bicep +++ b/modules/Microsoft.Authorization/policyAssignments/resourceGroup/deploy.bicep @@ -96,7 +96,7 @@ resource policyAssignment 'Microsoft.Authorization/policyAssignments@2021-06-01' identity: identity_var } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for roleDefinitionId in roleDefinitionIds: if (!empty(roleDefinitionIds) && identity == 'SystemAssigned') { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for roleDefinitionId in roleDefinitionIds: if (!empty(roleDefinitionIds) && identity == 'SystemAssigned') { name: guid(subscriptionId, resourceGroupName, roleDefinitionId, location, name) properties: { roleDefinitionId: roleDefinitionId diff --git a/modules/Microsoft.Authorization/policyAssignments/resourceGroup/readme.md b/modules/Microsoft.Authorization/policyAssignments/resourceGroup/readme.md index 6abf22a61f..2543eb41c5 100644 --- a/modules/Microsoft.Authorization/policyAssignments/resourceGroup/readme.md +++ b/modules/Microsoft.Authorization/policyAssignments/resourceGroup/readme.md @@ -13,7 +13,7 @@ With this module you can perform policy assignments on a resource group level | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/policyAssignments` | [2021-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-06-01/policyAssignments) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | ## Parameters diff --git a/modules/Microsoft.Authorization/policyAssignments/subscription/deploy.bicep b/modules/Microsoft.Authorization/policyAssignments/subscription/deploy.bicep index 3da57a2b4c..0375ee6be6 100644 --- a/modules/Microsoft.Authorization/policyAssignments/subscription/deploy.bicep +++ b/modules/Microsoft.Authorization/policyAssignments/subscription/deploy.bicep @@ -94,7 +94,7 @@ resource policyAssignment 'Microsoft.Authorization/policyAssignments@2021-06-01' identity: identity_var } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for roleDefinitionId in roleDefinitionIds: if (!empty(roleDefinitionIds) && identity == 'SystemAssigned') { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for roleDefinitionId in roleDefinitionIds: if (!empty(roleDefinitionIds) && identity == 'SystemAssigned') { name: guid(subscriptionId, roleDefinitionId, location, name) properties: { roleDefinitionId: roleDefinitionId diff --git a/modules/Microsoft.Authorization/policyAssignments/subscription/readme.md b/modules/Microsoft.Authorization/policyAssignments/subscription/readme.md index 2eb4d38acb..1fed382313 100644 --- a/modules/Microsoft.Authorization/policyAssignments/subscription/readme.md +++ b/modules/Microsoft.Authorization/policyAssignments/subscription/readme.md @@ -13,7 +13,7 @@ With this module you can perform policy assignments on a subscription level. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/policyAssignments` | [2021-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-06-01/policyAssignments) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | ## Parameters diff --git a/modules/Microsoft.Authorization/roleAssignments/managementGroup/deploy.bicep b/modules/Microsoft.Authorization/roleAssignments/managementGroup/deploy.bicep index 20a01686bd..91b07265c9 100644 --- a/modules/Microsoft.Authorization/roleAssignments/managementGroup/deploy.bicep +++ b/modules/Microsoft.Authorization/roleAssignments/managementGroup/deploy.bicep @@ -340,7 +340,7 @@ resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (ena } } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = { name: guid(managementGroupId, roleDefinitionId_var, principalId) properties: { roleDefinitionId: roleDefinitionId_var diff --git a/modules/Microsoft.Authorization/roleAssignments/managementGroup/readme.md b/modules/Microsoft.Authorization/roleAssignments/managementGroup/readme.md index 58a7e80259..d9f63b01c3 100644 --- a/modules/Microsoft.Authorization/roleAssignments/managementGroup/readme.md +++ b/modules/Microsoft.Authorization/roleAssignments/managementGroup/readme.md @@ -12,7 +12,7 @@ With this module you can perform role assignments on a management group level | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | ## Parameters diff --git a/modules/Microsoft.Authorization/roleAssignments/readme.md b/modules/Microsoft.Authorization/roleAssignments/readme.md index c291efc442..1f11d96d67 100644 --- a/modules/Microsoft.Authorization/roleAssignments/readme.md +++ b/modules/Microsoft.Authorization/roleAssignments/readme.md @@ -15,7 +15,7 @@ This module deploys Role Assignments across the management group, subscription o | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | ## Parameters diff --git a/modules/Microsoft.Authorization/roleAssignments/resourceGroup/deploy.bicep b/modules/Microsoft.Authorization/roleAssignments/resourceGroup/deploy.bicep index e5cd422e5a..ce78371514 100644 --- a/modules/Microsoft.Authorization/roleAssignments/resourceGroup/deploy.bicep +++ b/modules/Microsoft.Authorization/roleAssignments/resourceGroup/deploy.bicep @@ -339,7 +339,7 @@ resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (ena } } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = { name: guid(subscriptionId, resourceGroupName, roleDefinitionId_var, principalId) properties: { roleDefinitionId: roleDefinitionId_var diff --git a/modules/Microsoft.Authorization/roleAssignments/resourceGroup/readme.md b/modules/Microsoft.Authorization/roleAssignments/resourceGroup/readme.md index be4092bbe0..a1d92f5ec2 100644 --- a/modules/Microsoft.Authorization/roleAssignments/resourceGroup/readme.md +++ b/modules/Microsoft.Authorization/roleAssignments/resourceGroup/readme.md @@ -12,7 +12,7 @@ With this module you can perform role assignments on a resource group level | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | ## Parameters diff --git a/modules/Microsoft.Authorization/roleAssignments/subscription/deploy.bicep b/modules/Microsoft.Authorization/roleAssignments/subscription/deploy.bicep index 2a8927bfca..ae2b4a4f8b 100644 --- a/modules/Microsoft.Authorization/roleAssignments/subscription/deploy.bicep +++ b/modules/Microsoft.Authorization/roleAssignments/subscription/deploy.bicep @@ -340,7 +340,7 @@ resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (ena var roleDefinitionId_var = (contains(builtInRoleNames_var, roleDefinitionIdOrName) ? builtInRoleNames_var[roleDefinitionIdOrName] : roleDefinitionIdOrName) -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = { name: guid(subscriptionId, roleDefinitionId_var, principalId) properties: { roleDefinitionId: roleDefinitionId_var diff --git a/modules/Microsoft.Authorization/roleAssignments/subscription/readme.md b/modules/Microsoft.Authorization/roleAssignments/subscription/readme.md index 537f5687b6..8c7738f8d3 100644 --- a/modules/Microsoft.Authorization/roleAssignments/subscription/readme.md +++ b/modules/Microsoft.Authorization/roleAssignments/subscription/readme.md @@ -12,7 +12,7 @@ With this module you can perform role assignments on a subscription level | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | ## Parameters diff --git a/modules/Microsoft.Automation/automationAccounts/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Automation/automationAccounts/.bicep/nested_roleAssignments.bicep index 374d5fafd8..0f5c709b48 100644 --- a/modules/Microsoft.Automation/automationAccounts/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Automation/automationAccounts/.bicep/nested_roleAssignments.bicep @@ -57,7 +57,7 @@ resource automationAccount 'Microsoft.Automation/automationAccounts@2020-01-13-p name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(automationAccount.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Automation/automationAccounts/readme.md b/modules/Microsoft.Automation/automationAccounts/readme.md index f17873b667..adadd69ac6 100644 --- a/modules/Microsoft.Automation/automationAccounts/readme.md +++ b/modules/Microsoft.Automation/automationAccounts/readme.md @@ -14,7 +14,7 @@ This module deploys an Azure Automation Account. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Automation/automationAccounts` | [2020-01-13-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Automation/2020-01-13-preview/automationAccounts) | | `Microsoft.Automation/automationAccounts/jobSchedules` | [2020-01-13-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Automation/2020-01-13-preview/automationAccounts/jobSchedules) | | `Microsoft.Automation/automationAccounts/modules` | [2020-01-13-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Automation/2020-01-13-preview/automationAccounts/modules) | diff --git a/modules/Microsoft.Batch/batchAccounts/readme.md b/modules/Microsoft.Batch/batchAccounts/readme.md index ed14d06b4e..2fb3b51387 100644 --- a/modules/Microsoft.Batch/batchAccounts/readme.md +++ b/modules/Microsoft.Batch/batchAccounts/readme.md @@ -12,7 +12,7 @@ | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Batch/batchAccounts` | [2022-01-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Batch/2022-01-01/batchAccounts) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | | `Microsoft.Network/privateEndpoints` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/privateEndpoints) | diff --git a/modules/Microsoft.Cache/redis/.bicep/nested_rbac.bicep b/modules/Microsoft.Cache/redis/.bicep/nested_rbac.bicep index 27d601b09a..b56c043ed5 100644 --- a/modules/Microsoft.Cache/redis/.bicep/nested_rbac.bicep +++ b/modules/Microsoft.Cache/redis/.bicep/nested_rbac.bicep @@ -54,7 +54,7 @@ resource redisCache 'Microsoft.Cache/redis@2021-06-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(redisCache.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Cache/redis/readme.md b/modules/Microsoft.Cache/redis/readme.md index 3170da5774..44b17d64c3 100644 --- a/modules/Microsoft.Cache/redis/readme.md +++ b/modules/Microsoft.Cache/redis/readme.md @@ -14,7 +14,7 @@ This module deploys a Redis Cache service. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Cache/redis` | [2021-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Cache/2021-06-01/redis) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | | `Microsoft.Network/privateEndpoints` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/privateEndpoints) | diff --git a/modules/Microsoft.CognitiveServices/accounts/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.CognitiveServices/accounts/.bicep/nested_roleAssignments.bicep index 5e8e6c85f7..03b0116304 100644 --- a/modules/Microsoft.CognitiveServices/accounts/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.CognitiveServices/accounts/.bicep/nested_roleAssignments.bicep @@ -70,7 +70,7 @@ resource account 'Microsoft.CognitiveServices/accounts@2017-04-18' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(account.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.CognitiveServices/accounts/readme.md b/modules/Microsoft.CognitiveServices/accounts/readme.md index 4bcdfd1ba7..626a215976 100644 --- a/modules/Microsoft.CognitiveServices/accounts/readme.md +++ b/modules/Microsoft.CognitiveServices/accounts/readme.md @@ -15,7 +15,7 @@ This module deploys different kinds of cognitive services resources | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.CognitiveServices/accounts` | [2021-10-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.CognitiveServices/2021-10-01/accounts) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | | `Microsoft.Network/privateEndpoints` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/privateEndpoints) | diff --git a/modules/Microsoft.Compute/availabilitySets/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Compute/availabilitySets/.bicep/nested_roleAssignments.bicep index 684faeefc3..196c3ca1b7 100644 --- a/modules/Microsoft.Compute/availabilitySets/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Compute/availabilitySets/.bicep/nested_roleAssignments.bicep @@ -61,7 +61,7 @@ resource availabilitySet 'Microsoft.Compute/availabilitySets@2021-04-01' existin name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(availabilitySet.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Compute/availabilitySets/readme.md b/modules/Microsoft.Compute/availabilitySets/readme.md index baca2a5e2c..7df260c8e3 100644 --- a/modules/Microsoft.Compute/availabilitySets/readme.md +++ b/modules/Microsoft.Compute/availabilitySets/readme.md @@ -14,7 +14,7 @@ This template deploys an availability set | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Compute/availabilitySets` | [2021-07-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Compute/2021-07-01/availabilitySets) | ## Parameters diff --git a/modules/Microsoft.Compute/diskEncryptionSets/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Compute/diskEncryptionSets/.bicep/nested_roleAssignments.bicep index b4455a41b5..1bf27de755 100644 --- a/modules/Microsoft.Compute/diskEncryptionSets/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Compute/diskEncryptionSets/.bicep/nested_roleAssignments.bicep @@ -59,7 +59,7 @@ resource diskEncryptionSet 'Microsoft.Compute/diskEncryptionSets@2020-12-01' exi name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(diskEncryptionSet.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Compute/diskEncryptionSets/readme.md b/modules/Microsoft.Compute/diskEncryptionSets/readme.md index d3099a7366..177bb90d81 100644 --- a/modules/Microsoft.Compute/diskEncryptionSets/readme.md +++ b/modules/Microsoft.Compute/diskEncryptionSets/readme.md @@ -13,7 +13,7 @@ This template deploys a disk encryption set. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Compute/diskEncryptionSets` | [2021-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Compute/2021-04-01/diskEncryptionSets) | | `Microsoft.KeyVault/vaults/accessPolicies` | [2021-06-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.KeyVault/2021-06-01-preview/vaults/accessPolicies) | diff --git a/modules/Microsoft.Compute/disks/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Compute/disks/.bicep/nested_roleAssignments.bicep index 5e0f991a9b..22ce98e76d 100644 --- a/modules/Microsoft.Compute/disks/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Compute/disks/.bicep/nested_roleAssignments.bicep @@ -60,7 +60,7 @@ resource disk 'Microsoft.Compute/disks@2021-08-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(disk.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Compute/disks/readme.md b/modules/Microsoft.Compute/disks/readme.md index 5aa88f45cf..572f3a04b0 100644 --- a/modules/Microsoft.Compute/disks/readme.md +++ b/modules/Microsoft.Compute/disks/readme.md @@ -14,7 +14,7 @@ This template deploys a disk | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Compute/disks` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Compute/2021-08-01/disks) | ## Parameters diff --git a/modules/Microsoft.Compute/galleries/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Compute/galleries/.bicep/nested_roleAssignments.bicep index 9224a82908..2c8d5fc71e 100644 --- a/modules/Microsoft.Compute/galleries/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Compute/galleries/.bicep/nested_roleAssignments.bicep @@ -55,7 +55,7 @@ resource gallery 'Microsoft.Compute/galleries@2021-10-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(gallery.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Compute/galleries/images/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Compute/galleries/images/.bicep/nested_roleAssignments.bicep index 1446438bb3..c1b4195dad 100644 --- a/modules/Microsoft.Compute/galleries/images/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Compute/galleries/images/.bicep/nested_roleAssignments.bicep @@ -57,7 +57,7 @@ resource galleryImage 'Microsoft.Compute/galleries/images@2021-10-01' existing = name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}' } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(galleryImage.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Compute/galleries/images/readme.md b/modules/Microsoft.Compute/galleries/images/readme.md index 5fb68dc021..38ac87e725 100644 --- a/modules/Microsoft.Compute/galleries/images/readme.md +++ b/modules/Microsoft.Compute/galleries/images/readme.md @@ -12,7 +12,7 @@ This module deploys an Image Definition in a Shared Image Gallery. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Compute/galleries/images` | [2021-10-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Compute/2021-10-01/galleries/images) | ## Parameters diff --git a/modules/Microsoft.Compute/galleries/readme.md b/modules/Microsoft.Compute/galleries/readme.md index 57540f8b65..56f03883b6 100644 --- a/modules/Microsoft.Compute/galleries/readme.md +++ b/modules/Microsoft.Compute/galleries/readme.md @@ -14,7 +14,7 @@ This module deploys an Azure compute gallery (formerly known as shared image gal | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Compute/galleries` | [2021-10-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Compute/2021-10-01/galleries) | | `Microsoft.Compute/galleries/images` | [2021-10-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Compute/2021-10-01/galleries/images) | diff --git a/modules/Microsoft.Compute/images/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Compute/images/.bicep/nested_roleAssignments.bicep index f55ec89ba4..b94415bb61 100644 --- a/modules/Microsoft.Compute/images/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Compute/images/.bicep/nested_roleAssignments.bicep @@ -57,7 +57,7 @@ resource image 'Microsoft.Compute/images@2021-04-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(image.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Compute/images/readme.md b/modules/Microsoft.Compute/images/readme.md index 9933b90a5e..df85938fde 100644 --- a/modules/Microsoft.Compute/images/readme.md +++ b/modules/Microsoft.Compute/images/readme.md @@ -13,7 +13,7 @@ This module deploys a compute image. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Compute/images` | [2021-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Compute/2021-04-01/images) | ## Parameters diff --git a/modules/Microsoft.Compute/proximityPlacementGroups/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Compute/proximityPlacementGroups/.bicep/nested_roleAssignments.bicep index f238858e71..96c33701c3 100644 --- a/modules/Microsoft.Compute/proximityPlacementGroups/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Compute/proximityPlacementGroups/.bicep/nested_roleAssignments.bicep @@ -59,7 +59,7 @@ resource proximityPlacementGroup 'Microsoft.Compute/proximityPlacementGroups@202 name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(proximityPlacementGroup.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Compute/proximityPlacementGroups/readme.md b/modules/Microsoft.Compute/proximityPlacementGroups/readme.md index a41617a5d2..1c6725e023 100644 --- a/modules/Microsoft.Compute/proximityPlacementGroups/readme.md +++ b/modules/Microsoft.Compute/proximityPlacementGroups/readme.md @@ -14,7 +14,7 @@ This template deploys a proximity placement group. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Compute/proximityPlacementGroups` | [2021-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Compute/2021-04-01/proximityPlacementGroups) | ## Parameters diff --git a/modules/Microsoft.Compute/virtualMachineScaleSets/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Compute/virtualMachineScaleSets/.bicep/nested_roleAssignments.bicep index e7aacccc1a..0a7254416b 100644 --- a/modules/Microsoft.Compute/virtualMachineScaleSets/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Compute/virtualMachineScaleSets/.bicep/nested_roleAssignments.bicep @@ -60,7 +60,7 @@ resource vmss 'Microsoft.Compute/virtualMachineScaleSets@2021-04-01' existing = name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(vmss.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Compute/virtualMachineScaleSets/readme.md b/modules/Microsoft.Compute/virtualMachineScaleSets/readme.md index 9cddb93d63..88164aa8d4 100644 --- a/modules/Microsoft.Compute/virtualMachineScaleSets/readme.md +++ b/modules/Microsoft.Compute/virtualMachineScaleSets/readme.md @@ -14,7 +14,7 @@ This module deploys a virtual machine scale set. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Compute/virtualMachineScaleSets` | [2021-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Compute/2021-04-01/virtualMachineScaleSets) | | `Microsoft.Compute/virtualMachineScaleSets/extensions` | [2021-07-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Compute/2021-07-01/virtualMachineScaleSets/extensions) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | diff --git a/modules/Microsoft.Compute/virtualMachines/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Compute/virtualMachines/.bicep/nested_roleAssignments.bicep index 749989dbbd..cfc53c66a5 100644 --- a/modules/Microsoft.Compute/virtualMachines/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Compute/virtualMachines/.bicep/nested_roleAssignments.bicep @@ -61,7 +61,7 @@ resource virtualMachine 'Microsoft.Compute/virtualMachines@2021-07-01' existing name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(virtualMachine.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Compute/virtualMachines/readme.md b/modules/Microsoft.Compute/virtualMachines/readme.md index 67261c0e0d..e72ffd5ec8 100644 --- a/modules/Microsoft.Compute/virtualMachines/readme.md +++ b/modules/Microsoft.Compute/virtualMachines/readme.md @@ -15,7 +15,7 @@ This module deploys one Virtual Machine with one or multiple nics and optionally | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Automanage/configurationProfileAssignments` | [2021-04-30-preview](https://docs.microsoft.com/en-us/azure/templates) | | `Microsoft.Compute/virtualMachines` | [2021-07-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Compute/2021-07-01/virtualMachines) | | `Microsoft.Compute/virtualMachines/extensions` | [2021-07-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Compute/2021-07-01/virtualMachines/extensions) | diff --git a/modules/Microsoft.ContainerRegistry/registries/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.ContainerRegistry/registries/.bicep/nested_roleAssignments.bicep index b2a788f293..f9fb59ebd9 100644 --- a/modules/Microsoft.ContainerRegistry/registries/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.ContainerRegistry/registries/.bicep/nested_roleAssignments.bicep @@ -62,7 +62,7 @@ resource registry 'Microsoft.ContainerRegistry/registries@2021-09-01' existing = name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(registry.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.ContainerRegistry/registries/readme.md b/modules/Microsoft.ContainerRegistry/registries/readme.md index 9875c6917e..03a9a6ebeb 100644 --- a/modules/Microsoft.ContainerRegistry/registries/readme.md +++ b/modules/Microsoft.ContainerRegistry/registries/readme.md @@ -14,7 +14,7 @@ Azure Container Registry is a managed, private Docker registry service based on | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.ContainerRegistry/registries` | [2021-09-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerRegistry/2021-09-01/registries) | | `Microsoft.ContainerRegistry/registries/replications` | [2021-12-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerRegistry/2021-12-01-preview/registries/replications) | | `Microsoft.ContainerRegistry/registries/webhooks` | [2021-12-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerRegistry/2021-12-01-preview/registries/webhooks) | diff --git a/modules/Microsoft.ContainerService/managedClusters/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.ContainerService/managedClusters/.bicep/nested_roleAssignments.bicep index bb0ddccd90..4d24fed366 100644 --- a/modules/Microsoft.ContainerService/managedClusters/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.ContainerService/managedClusters/.bicep/nested_roleAssignments.bicep @@ -62,7 +62,7 @@ resource managedCluster 'Microsoft.ContainerService/managedClusters@2022-04-02-p name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(managedCluster.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.ContainerService/managedClusters/readme.md b/modules/Microsoft.ContainerService/managedClusters/readme.md index 2f370bc747..6fef89b47f 100644 --- a/modules/Microsoft.ContainerService/managedClusters/readme.md +++ b/modules/Microsoft.ContainerService/managedClusters/readme.md @@ -14,7 +14,7 @@ This module deploys Azure Kubernetes Cluster (AKS). | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.ContainerService/managedClusters` | [2022-04-02-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerService/2022-04-02-preview/managedClusters) | | `Microsoft.ContainerService/managedClusters/agentPools` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ContainerService/2021-08-01/managedClusters/agentPools) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | diff --git a/modules/Microsoft.DataFactory/factories/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.DataFactory/factories/.bicep/nested_roleAssignments.bicep index 458c9aa84e..7fbe277115 100644 --- a/modules/Microsoft.DataFactory/factories/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.DataFactory/factories/.bicep/nested_roleAssignments.bicep @@ -54,7 +54,7 @@ resource dataFactory 'Microsoft.DataFactory/factories@2018-06-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(dataFactory.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.DataFactory/factories/readme.md b/modules/Microsoft.DataFactory/factories/readme.md index 643b3aca33..36407d820b 100644 --- a/modules/Microsoft.DataFactory/factories/readme.md +++ b/modules/Microsoft.DataFactory/factories/readme.md @@ -12,7 +12,7 @@ | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.DataFactory/factories` | [2018-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DataFactory/2018-06-01/factories) | | `Microsoft.DataFactory/factories/integrationRuntimes` | [2018-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DataFactory/2018-06-01/factories/integrationRuntimes) | | `Microsoft.DataFactory/factories/managedVirtualNetworks` | [2018-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DataFactory/2018-06-01/factories/managedVirtualNetworks) | diff --git a/modules/Microsoft.DataProtection/backupVaults/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.DataProtection/backupVaults/.bicep/nested_roleAssignments.bicep index 874599d60f..4270d7a6b0 100644 --- a/modules/Microsoft.DataProtection/backupVaults/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.DataProtection/backupVaults/.bicep/nested_roleAssignments.bicep @@ -43,7 +43,7 @@ resource backupVault 'Microsoft.DataProtection/backupVaults@2022-03-01' existing name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(backupVault.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.DataProtection/backupVaults/readme.md b/modules/Microsoft.DataProtection/backupVaults/readme.md index 987bb7a359..785c66f9b0 100644 --- a/modules/Microsoft.DataProtection/backupVaults/readme.md +++ b/modules/Microsoft.DataProtection/backupVaults/readme.md @@ -14,7 +14,7 @@ This module deploys DataProtection BackupVaults. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.DataProtection/backupVaults` | [2022-03-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DataProtection/2022-03-01/backupVaults) | | `Microsoft.DataProtection/backupVaults/backupPolicies` | [2022-03-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DataProtection/2022-03-01/backupVaults/backupPolicies) | diff --git a/modules/Microsoft.Databricks/workspaces/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Databricks/workspaces/.bicep/nested_roleAssignments.bicep index 63a7d73b34..7e78cd0bd9 100644 --- a/modules/Microsoft.Databricks/workspaces/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Databricks/workspaces/.bicep/nested_roleAssignments.bicep @@ -55,7 +55,7 @@ resource workspace 'Microsoft.Databricks/workspaces@2018-04-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(workspace.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Databricks/workspaces/readme.md b/modules/Microsoft.Databricks/workspaces/readme.md index 2c39906f46..e4015c3df4 100644 --- a/modules/Microsoft.Databricks/workspaces/readme.md +++ b/modules/Microsoft.Databricks/workspaces/readme.md @@ -12,7 +12,7 @@ | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Databricks/workspaces` | [2018-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Databricks/2018-04-01/workspaces) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | diff --git a/modules/Microsoft.DesktopVirtualization/applicationgroups/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.DesktopVirtualization/applicationgroups/.bicep/nested_roleAssignments.bicep index 36bd515bbf..dd92120ee9 100644 --- a/modules/Microsoft.DesktopVirtualization/applicationgroups/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.DesktopVirtualization/applicationgroups/.bicep/nested_roleAssignments.bicep @@ -61,7 +61,7 @@ resource appGroup 'Microsoft.DesktopVirtualization/applicationgroups@2021-07-12' name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(appGroup.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.DesktopVirtualization/applicationgroups/readme.md b/modules/Microsoft.DesktopVirtualization/applicationgroups/readme.md index c6556476f8..45d92f108c 100644 --- a/modules/Microsoft.DesktopVirtualization/applicationgroups/readme.md +++ b/modules/Microsoft.DesktopVirtualization/applicationgroups/readme.md @@ -14,7 +14,7 @@ This module deploys an Azure virtual desktop application group. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.DesktopVirtualization/applicationGroups` | [2021-07-12](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DesktopVirtualization/2021-07-12/applicationGroups) | | `Microsoft.DesktopVirtualization/applicationGroups/applications` | [2021-07-12](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DesktopVirtualization/2021-07-12/applicationGroups/applications) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | diff --git a/modules/Microsoft.DesktopVirtualization/hostpools/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.DesktopVirtualization/hostpools/.bicep/nested_roleAssignments.bicep index 238c84376f..cba575d90a 100644 --- a/modules/Microsoft.DesktopVirtualization/hostpools/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.DesktopVirtualization/hostpools/.bicep/nested_roleAssignments.bicep @@ -62,7 +62,7 @@ resource hostPool 'Microsoft.DesktopVirtualization/hostpools@2021-07-12' existin name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(hostPool.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.DesktopVirtualization/hostpools/readme.md b/modules/Microsoft.DesktopVirtualization/hostpools/readme.md index 1dcd6ca374..e89cf83c7c 100644 --- a/modules/Microsoft.DesktopVirtualization/hostpools/readme.md +++ b/modules/Microsoft.DesktopVirtualization/hostpools/readme.md @@ -14,7 +14,7 @@ This module deploys an Azure virtual desktop host pool. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.DesktopVirtualization/hostPools` | [2021-07-12](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DesktopVirtualization/2021-07-12/hostPools) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | diff --git a/modules/Microsoft.DesktopVirtualization/scalingplans/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.DesktopVirtualization/scalingplans/.bicep/nested_roleAssignments.bicep index 238c84376f..cba575d90a 100644 --- a/modules/Microsoft.DesktopVirtualization/scalingplans/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.DesktopVirtualization/scalingplans/.bicep/nested_roleAssignments.bicep @@ -62,7 +62,7 @@ resource hostPool 'Microsoft.DesktopVirtualization/hostpools@2021-07-12' existin name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(hostPool.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.DesktopVirtualization/scalingplans/readme.md b/modules/Microsoft.DesktopVirtualization/scalingplans/readme.md index 67dde7adff..6667441d7f 100644 --- a/modules/Microsoft.DesktopVirtualization/scalingplans/readme.md +++ b/modules/Microsoft.DesktopVirtualization/scalingplans/readme.md @@ -13,7 +13,7 @@ This module deploys an AVD Scaling Plan. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.DesktopVirtualization/scalingPlans` | [2021-09-03-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DesktopVirtualization/2021-09-03-preview/scalingPlans) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | diff --git a/modules/Microsoft.DesktopVirtualization/workspaces/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.DesktopVirtualization/workspaces/.bicep/nested_roleAssignments.bicep index 9510f24f3e..0f2b4daee0 100644 --- a/modules/Microsoft.DesktopVirtualization/workspaces/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.DesktopVirtualization/workspaces/.bicep/nested_roleAssignments.bicep @@ -58,7 +58,7 @@ resource workspace 'Microsoft.DesktopVirtualization/workspaces@2021-07-12' exist name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(workspace.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.DesktopVirtualization/workspaces/readme.md b/modules/Microsoft.DesktopVirtualization/workspaces/readme.md index 39ef85d05b..edb9937b6b 100644 --- a/modules/Microsoft.DesktopVirtualization/workspaces/readme.md +++ b/modules/Microsoft.DesktopVirtualization/workspaces/readme.md @@ -14,7 +14,7 @@ This module deploys an Azure virtual desktop workspace. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.DesktopVirtualization/workspaces` | [2021-07-12](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DesktopVirtualization/2021-07-12/workspaces) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | diff --git a/modules/Microsoft.DocumentDB/databaseAccounts/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.DocumentDB/databaseAccounts/.bicep/nested_roleAssignments.bicep index e74ad7fc69..e727a63d76 100644 --- a/modules/Microsoft.DocumentDB/databaseAccounts/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.DocumentDB/databaseAccounts/.bicep/nested_roleAssignments.bicep @@ -57,7 +57,7 @@ resource databaseAccount 'Microsoft.DocumentDB/databaseAccounts@2021-06-15' exis name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(databaseAccount.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.DocumentDB/databaseAccounts/readme.md b/modules/Microsoft.DocumentDB/databaseAccounts/readme.md index f9efa8aa88..aa1c956b4c 100644 --- a/modules/Microsoft.DocumentDB/databaseAccounts/readme.md +++ b/modules/Microsoft.DocumentDB/databaseAccounts/readme.md @@ -14,7 +14,7 @@ This module deploys a DocumentDB database account and its child resources. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.DocumentDB/databaseAccounts` | [2022-02-15-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DocumentDB/2022-02-15-preview/databaseAccounts) | | `Microsoft.DocumentDB/databaseAccounts/gremlinDatabases` | [2022-02-15-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DocumentDB/2022-02-15-preview/databaseAccounts/gremlinDatabases) | | `Microsoft.DocumentDB/databaseAccounts/gremlinDatabases/graphs` | [2022-02-15-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.DocumentDB/2022-02-15-preview/databaseAccounts/gremlinDatabases/graphs) | diff --git a/modules/Microsoft.EventGrid/systemTopics/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.EventGrid/systemTopics/.bicep/nested_roleAssignments.bicep index a4b3259973..d24bd83baa 100644 --- a/modules/Microsoft.EventGrid/systemTopics/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.EventGrid/systemTopics/.bicep/nested_roleAssignments.bicep @@ -55,7 +55,7 @@ resource systemTopic 'Microsoft.EventGrid/systemTopics@2021-12-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(systemTopic.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.EventGrid/systemTopics/readme.md b/modules/Microsoft.EventGrid/systemTopics/readme.md index 2d481acd78..dfc47d682e 100644 --- a/modules/Microsoft.EventGrid/systemTopics/readme.md +++ b/modules/Microsoft.EventGrid/systemTopics/readme.md @@ -14,7 +14,7 @@ This module deploys an Event Grid System Topic. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.EventGrid/systemTopics` | [2021-12-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.EventGrid/2021-12-01/systemTopics) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | diff --git a/modules/Microsoft.EventGrid/topics/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.EventGrid/topics/.bicep/nested_roleAssignments.bicep index 13906d0d8f..f3b1b157eb 100644 --- a/modules/Microsoft.EventGrid/topics/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.EventGrid/topics/.bicep/nested_roleAssignments.bicep @@ -55,7 +55,7 @@ resource eventGrid 'Microsoft.EventGrid/topics@2020-06-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(eventGrid.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.EventGrid/topics/readme.md b/modules/Microsoft.EventGrid/topics/readme.md index 84b3ac3f96..01c8e26a32 100644 --- a/modules/Microsoft.EventGrid/topics/readme.md +++ b/modules/Microsoft.EventGrid/topics/readme.md @@ -14,7 +14,7 @@ This module deploys an event grid topic. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.EventGrid/topics` | [2020-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.EventGrid/2020-06-01/topics) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | | `Microsoft.Network/privateEndpoints` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/privateEndpoints) | diff --git a/modules/Microsoft.EventHub/namespaces/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.EventHub/namespaces/.bicep/nested_roleAssignments.bicep index 8f8ca4b8ef..ccc1aacfb9 100644 --- a/modules/Microsoft.EventHub/namespaces/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.EventHub/namespaces/.bicep/nested_roleAssignments.bicep @@ -58,7 +58,7 @@ resource eventHubNamespace 'Microsoft.EventHub/namespaces@2021-11-01' existing = name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(eventHubNamespace.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.EventHub/namespaces/eventhubs/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.EventHub/namespaces/eventhubs/.bicep/nested_roleAssignments.bicep index 608c416af4..b099cc63a4 100644 --- a/modules/Microsoft.EventHub/namespaces/eventhubs/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.EventHub/namespaces/eventhubs/.bicep/nested_roleAssignments.bicep @@ -56,7 +56,7 @@ resource eventHub 'Microsoft.EventHub/namespaces/eventhubs@2021-11-01' existing name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}}' } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(split(resourceId, '/')[0], split(resourceId, '/')[1], principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.EventHub/namespaces/eventhubs/readme.md b/modules/Microsoft.EventHub/namespaces/eventhubs/readme.md index 352c4d5061..2de6e919e7 100644 --- a/modules/Microsoft.EventHub/namespaces/eventhubs/readme.md +++ b/modules/Microsoft.EventHub/namespaces/eventhubs/readme.md @@ -13,7 +13,7 @@ This module deploys an Event Hub. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.EventHub/namespaces/eventhubs` | [2021-11-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.EventHub/2021-11-01/namespaces/eventhubs) | | `Microsoft.EventHub/namespaces/eventhubs/authorizationRules` | [2021-11-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.EventHub/2021-11-01/namespaces/eventhubs/authorizationRules) | | `Microsoft.EventHub/namespaces/eventhubs/consumergroups` | [2021-11-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.EventHub/2021-11-01/namespaces/eventhubs/consumergroups) | diff --git a/modules/Microsoft.EventHub/namespaces/readme.md b/modules/Microsoft.EventHub/namespaces/readme.md index c6d224215b..b4447f8303 100644 --- a/modules/Microsoft.EventHub/namespaces/readme.md +++ b/modules/Microsoft.EventHub/namespaces/readme.md @@ -14,7 +14,7 @@ This module deploys an event hub namespace. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.EventHub/namespaces` | [2021-11-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.EventHub/2021-11-01/namespaces) | | `Microsoft.EventHub/namespaces/authorizationRules` | [2021-11-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.EventHub/2021-11-01/namespaces/authorizationRules) | | `Microsoft.EventHub/namespaces/disasterRecoveryConfigs` | [2021-11-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.EventHub/2021-11-01/namespaces/disasterRecoveryConfigs) | diff --git a/modules/Microsoft.HealthBot/healthBots/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.HealthBot/healthBots/.bicep/nested_roleAssignments.bicep index 94450de286..29b9a1c766 100644 --- a/modules/Microsoft.HealthBot/healthBots/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.HealthBot/healthBots/.bicep/nested_roleAssignments.bicep @@ -53,7 +53,7 @@ resource healthBot 'Microsoft.HealthBot/healthBots@2021-06-10' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(healthBot.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.HealthBot/healthBots/readme.md b/modules/Microsoft.HealthBot/healthBots/readme.md index 99d4bef4b6..5b460f7033 100644 --- a/modules/Microsoft.HealthBot/healthBots/readme.md +++ b/modules/Microsoft.HealthBot/healthBots/readme.md @@ -14,7 +14,7 @@ This module deploys an Azure Health Bot. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.HealthBot/healthBots` | [2020-12-08](https://docs.microsoft.com/en-us/azure/templates/Microsoft.HealthBot/2020-12-08/healthBots) | ## Parameters diff --git a/modules/Microsoft.Insights/actionGroups/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Insights/actionGroups/.bicep/nested_roleAssignments.bicep index 19a571c7d1..013c118539 100644 --- a/modules/Microsoft.Insights/actionGroups/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Insights/actionGroups/.bicep/nested_roleAssignments.bicep @@ -54,7 +54,7 @@ resource actionGroup 'microsoft.insights/actionGroups@2019-06-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(actionGroup.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Insights/actionGroups/readme.md b/modules/Microsoft.Insights/actionGroups/readme.md index 9cc782cb56..73954eec5c 100644 --- a/modules/Microsoft.Insights/actionGroups/readme.md +++ b/modules/Microsoft.Insights/actionGroups/readme.md @@ -13,7 +13,7 @@ This module deploys an Action Group. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `microsoft.insights/actionGroups` | [2019-06-01](https://docs.microsoft.com/en-us/azure/templates/microsoft.insights/2019-06-01/actionGroups) | ## Parameters diff --git a/modules/Microsoft.Insights/activityLogAlerts/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Insights/activityLogAlerts/.bicep/nested_roleAssignments.bicep index a3e6299f33..d0e730fc1a 100644 --- a/modules/Microsoft.Insights/activityLogAlerts/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Insights/activityLogAlerts/.bicep/nested_roleAssignments.bicep @@ -54,7 +54,7 @@ resource activityLogAlert 'Microsoft.Insights/activityLogAlerts@2020-10-01' exis name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(activityLogAlert.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Insights/activityLogAlerts/readme.md b/modules/Microsoft.Insights/activityLogAlerts/readme.md index 4436b6b03a..05eac8bd11 100644 --- a/modules/Microsoft.Insights/activityLogAlerts/readme.md +++ b/modules/Microsoft.Insights/activityLogAlerts/readme.md @@ -13,7 +13,7 @@ This module deploys an Alert based on Activity Log. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/activityLogAlerts` | [2020-10-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2020-10-01/activityLogAlerts) | ## Parameters diff --git a/modules/Microsoft.Insights/components/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Insights/components/.bicep/nested_roleAssignments.bicep index 0d03afeef5..ee18f0b34b 100644 --- a/modules/Microsoft.Insights/components/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Insights/components/.bicep/nested_roleAssignments.bicep @@ -57,7 +57,7 @@ resource appInsights 'Microsoft.Insights/components@2020-02-02' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(appInsights.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Insights/components/readme.md b/modules/Microsoft.Insights/components/readme.md index ab7eafb6be..f0875467b9 100644 --- a/modules/Microsoft.Insights/components/readme.md +++ b/modules/Microsoft.Insights/components/readme.md @@ -11,7 +11,7 @@ | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/components` | [2020-02-02](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2020-02-02/components) | ## Parameters diff --git a/modules/Microsoft.Insights/metricAlerts/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Insights/metricAlerts/.bicep/nested_roleAssignments.bicep index ea9e25489a..329678bf38 100644 --- a/modules/Microsoft.Insights/metricAlerts/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Insights/metricAlerts/.bicep/nested_roleAssignments.bicep @@ -57,7 +57,7 @@ resource metricAlert 'Microsoft.Insights/metricAlerts@2018-03-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(metricAlert.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Insights/metricAlerts/readme.md b/modules/Microsoft.Insights/metricAlerts/readme.md index 01c1a594a2..ba6464c6ec 100644 --- a/modules/Microsoft.Insights/metricAlerts/readme.md +++ b/modules/Microsoft.Insights/metricAlerts/readme.md @@ -13,7 +13,7 @@ This module deploys an alert based on metrics. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/metricAlerts` | [2018-03-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2018-03-01/metricAlerts) | ## Parameters diff --git a/modules/Microsoft.Insights/privateLinkScopes/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Insights/privateLinkScopes/.bicep/nested_roleAssignments.bicep index d15e834753..78d1fe4e03 100644 --- a/modules/Microsoft.Insights/privateLinkScopes/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Insights/privateLinkScopes/.bicep/nested_roleAssignments.bicep @@ -53,7 +53,7 @@ resource privateLinkScope 'Microsoft.Insights/privateLinkScopes@2019-10-17-previ name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(privateLinkScope.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Insights/privateLinkScopes/readme.md b/modules/Microsoft.Insights/privateLinkScopes/readme.md index d1498c012b..fdba42262b 100644 --- a/modules/Microsoft.Insights/privateLinkScopes/readme.md +++ b/modules/Microsoft.Insights/privateLinkScopes/readme.md @@ -14,7 +14,7 @@ This module deploys an Azure Monitor Private Link Scope. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `microsoft.insights/privateLinkScopes` | [2019-10-17-preview](https://docs.microsoft.com/en-us/azure/templates/microsoft.insights/2019-10-17-preview/privateLinkScopes) | | `Microsoft.Insights/privateLinkScopes/scopedResources` | [2021-07-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-07-01-preview/privateLinkScopes/scopedResources) | | `Microsoft.Network/privateEndpoints` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/privateEndpoints) | diff --git a/modules/Microsoft.Insights/scheduledQueryRules/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Insights/scheduledQueryRules/.bicep/nested_roleAssignments.bicep index ed739102d3..77b0c6e538 100644 --- a/modules/Microsoft.Insights/scheduledQueryRules/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Insights/scheduledQueryRules/.bicep/nested_roleAssignments.bicep @@ -55,7 +55,7 @@ resource queryAlert 'microsoft.insights/scheduledQueryRules@2018-04-16' existing name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(queryAlert.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Insights/scheduledQueryRules/readme.md b/modules/Microsoft.Insights/scheduledQueryRules/readme.md index 73e477eea2..136424c954 100644 --- a/modules/Microsoft.Insights/scheduledQueryRules/readme.md +++ b/modules/Microsoft.Insights/scheduledQueryRules/readme.md @@ -13,7 +13,7 @@ This module deploys a scheduled query rule. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/scheduledQueryRules` | [2021-02-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-02-01-preview/scheduledQueryRules) | ## Parameters diff --git a/modules/Microsoft.KeyVault/vaults/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.KeyVault/vaults/.bicep/nested_roleAssignments.bicep index 6c5662bcc6..19842f70d5 100644 --- a/modules/Microsoft.KeyVault/vaults/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.KeyVault/vaults/.bicep/nested_roleAssignments.bicep @@ -62,7 +62,7 @@ resource keyVault 'Microsoft.KeyVault/vaults@2019-09-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(keyVault.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.KeyVault/vaults/keys/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.KeyVault/vaults/keys/.bicep/nested_roleAssignments.bicep index 1b36d2e935..2ffb7a276e 100644 --- a/modules/Microsoft.KeyVault/vaults/keys/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.KeyVault/vaults/keys/.bicep/nested_roleAssignments.bicep @@ -61,7 +61,7 @@ resource key 'Microsoft.KeyVault/vaults/keys@2021-06-01-preview' existing = { name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}' } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(key.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.KeyVault/vaults/keys/readme.md b/modules/Microsoft.KeyVault/vaults/keys/readme.md index 8c01e66063..7c6ba6742c 100644 --- a/modules/Microsoft.KeyVault/vaults/keys/readme.md +++ b/modules/Microsoft.KeyVault/vaults/keys/readme.md @@ -12,7 +12,7 @@ This module deploys a key vault key. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.KeyVault/vaults/keys` | [2019-09-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.KeyVault/2019-09-01/vaults/keys) | ## Parameters diff --git a/modules/Microsoft.KeyVault/vaults/readme.md b/modules/Microsoft.KeyVault/vaults/readme.md index c87bdf0dbb..d206bdd2a7 100644 --- a/modules/Microsoft.KeyVault/vaults/readme.md +++ b/modules/Microsoft.KeyVault/vaults/readme.md @@ -14,7 +14,7 @@ This module deploys a key vault and its child resources. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | | `Microsoft.KeyVault/vaults` | [2021-11-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.KeyVault/2021-11-01-preview/vaults) | | `Microsoft.KeyVault/vaults/accessPolicies` | [2021-06-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.KeyVault/2021-06-01-preview/vaults/accessPolicies) | diff --git a/modules/Microsoft.KeyVault/vaults/secrets/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.KeyVault/vaults/secrets/.bicep/nested_roleAssignments.bicep index 8ba33bbc54..21f6896a2a 100644 --- a/modules/Microsoft.KeyVault/vaults/secrets/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.KeyVault/vaults/secrets/.bicep/nested_roleAssignments.bicep @@ -60,7 +60,7 @@ resource secret 'Microsoft.KeyVault/vaults/secrets@2021-06-01-preview' existing name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}' } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(secret.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.KeyVault/vaults/secrets/readme.md b/modules/Microsoft.KeyVault/vaults/secrets/readme.md index 820cb78109..c75da32316 100644 --- a/modules/Microsoft.KeyVault/vaults/secrets/readme.md +++ b/modules/Microsoft.KeyVault/vaults/secrets/readme.md @@ -12,7 +12,7 @@ This module deploys a key vault secret. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.KeyVault/vaults/secrets` | [2019-09-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.KeyVault/2019-09-01/vaults/secrets) | ## Parameters diff --git a/modules/Microsoft.Logic/workflows/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Logic/workflows/.bicep/nested_roleAssignments.bicep index e10f981ace..5d2447c68b 100644 --- a/modules/Microsoft.Logic/workflows/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Logic/workflows/.bicep/nested_roleAssignments.bicep @@ -56,7 +56,7 @@ resource logicApp 'Microsoft.Logic/workflows@2019-05-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(logicApp.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Logic/workflows/readme.md b/modules/Microsoft.Logic/workflows/readme.md index d343514cd4..0aaf8d8fda 100644 --- a/modules/Microsoft.Logic/workflows/readme.md +++ b/modules/Microsoft.Logic/workflows/readme.md @@ -14,7 +14,7 @@ This module deploys a Logic App resource. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | | `Microsoft.Logic/workflows` | [2019-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Logic/2019-05-01/workflows) | diff --git a/modules/Microsoft.MachineLearningServices/workspaces/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.MachineLearningServices/workspaces/.bicep/nested_roleAssignments.bicep index 0358938d9d..64d098f42c 100644 --- a/modules/Microsoft.MachineLearningServices/workspaces/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.MachineLearningServices/workspaces/.bicep/nested_roleAssignments.bicep @@ -54,7 +54,7 @@ resource workspace 'Microsoft.MachineLearningServices/workspaces@2021-04-01' exi name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(workspace.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.MachineLearningServices/workspaces/readme.md b/modules/Microsoft.MachineLearningServices/workspaces/readme.md index 9da0b80efb..7f0533ec07 100644 --- a/modules/Microsoft.MachineLearningServices/workspaces/readme.md +++ b/modules/Microsoft.MachineLearningServices/workspaces/readme.md @@ -14,7 +14,7 @@ This module deploys a Machine Learning Services Workspace. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | | `Microsoft.MachineLearningServices/workspaces` | [2021-07-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.MachineLearningServices/2021-07-01/workspaces) | | `Microsoft.MachineLearningServices/workspaces/computes` | [2022-01-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.MachineLearningServices/2022-01-01-preview/workspaces/computes) | diff --git a/modules/Microsoft.ManagedIdentity/userAssignedIdentities/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.ManagedIdentity/userAssignedIdentities/.bicep/nested_roleAssignments.bicep index da5d83e322..694fc671b5 100644 --- a/modules/Microsoft.ManagedIdentity/userAssignedIdentities/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.ManagedIdentity/userAssignedIdentities/.bicep/nested_roleAssignments.bicep @@ -55,7 +55,7 @@ resource userMsi 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' e name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(userMsi.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.ManagedIdentity/userAssignedIdentities/readme.md b/modules/Microsoft.ManagedIdentity/userAssignedIdentities/readme.md index 4a9efd95ff..6e7f8800b8 100644 --- a/modules/Microsoft.ManagedIdentity/userAssignedIdentities/readme.md +++ b/modules/Microsoft.ManagedIdentity/userAssignedIdentities/readme.md @@ -14,7 +14,7 @@ This module deploys a user assigned identity. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.ManagedIdentity/userAssignedIdentities` | [2018-11-30](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ManagedIdentity/2018-11-30/userAssignedIdentities) | ## Parameters diff --git a/modules/Microsoft.NetApp/netAppAccounts/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.NetApp/netAppAccounts/.bicep/nested_roleAssignments.bicep index df6f4c99d5..102a146d4f 100644 --- a/modules/Microsoft.NetApp/netAppAccounts/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.NetApp/netAppAccounts/.bicep/nested_roleAssignments.bicep @@ -53,7 +53,7 @@ resource netAppAccount 'Microsoft.NetApp/netAppAccounts@2022-01-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(netAppAccount.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.NetApp/netAppAccounts/capacityPools/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.NetApp/netAppAccounts/capacityPools/.bicep/nested_roleAssignments.bicep index aa7e9ebe26..483ff7f0dc 100644 --- a/modules/Microsoft.NetApp/netAppAccounts/capacityPools/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.NetApp/netAppAccounts/capacityPools/.bicep/nested_roleAssignments.bicep @@ -53,7 +53,7 @@ resource capacityPool 'Microsoft.NetApp/netAppAccounts/capacityPools@2021-04-01' name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}' } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(capacityPool.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.NetApp/netAppAccounts/capacityPools/readme.md b/modules/Microsoft.NetApp/netAppAccounts/capacityPools/readme.md index 5786bcc9fb..e22c6c30fb 100644 --- a/modules/Microsoft.NetApp/netAppAccounts/capacityPools/readme.md +++ b/modules/Microsoft.NetApp/netAppAccounts/capacityPools/readme.md @@ -12,7 +12,7 @@ This template deploys capacity pools in an Azure NetApp Files. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.NetApp/netAppAccounts/capacityPools` | [2021-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2021-06-01/netAppAccounts/capacityPools) | | `Microsoft.NetApp/netAppAccounts/capacityPools/volumes` | [2021-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2021-06-01/netAppAccounts/capacityPools/volumes) | diff --git a/modules/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/.bicep/nested_roleAssignments.bicep index e11c3268cd..8e073df922 100644 --- a/modules/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/.bicep/nested_roleAssignments.bicep @@ -53,7 +53,7 @@ resource volume 'Microsoft.NetApp/netAppAccounts/capacityPools/volumes@2021-04-0 name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}/${split(resourceId, '/')[12]}' } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(volume.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/readme.md b/modules/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/readme.md index b3dc491f74..19df6d0429 100644 --- a/modules/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/readme.md +++ b/modules/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/readme.md @@ -12,7 +12,7 @@ This template deploys volumes in a capacity pool of an Azure NetApp files. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.NetApp/netAppAccounts/capacityPools/volumes` | [2021-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2021-06-01/netAppAccounts/capacityPools/volumes) | ## Parameters diff --git a/modules/Microsoft.NetApp/netAppAccounts/readme.md b/modules/Microsoft.NetApp/netAppAccounts/readme.md index b90e4bdac7..28015efa21 100644 --- a/modules/Microsoft.NetApp/netAppAccounts/readme.md +++ b/modules/Microsoft.NetApp/netAppAccounts/readme.md @@ -14,7 +14,7 @@ This template deploys Azure NetApp Files. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.NetApp/netAppAccounts` | [2022-01-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2022-01-01/netAppAccounts) | | `Microsoft.NetApp/netAppAccounts/capacityPools` | [2021-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2021-06-01/netAppAccounts/capacityPools) | | `Microsoft.NetApp/netAppAccounts/capacityPools/volumes` | [2021-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2021-06-01/netAppAccounts/capacityPools/volumes) | diff --git a/modules/Microsoft.Network/applicationGateways/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/applicationGateways/.bicep/nested_roleAssignments.bicep index 6f39e4d4c3..ff6672a09e 100644 --- a/modules/Microsoft.Network/applicationGateways/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/applicationGateways/.bicep/nested_roleAssignments.bicep @@ -61,7 +61,7 @@ resource applicationGateway 'Microsoft.Network/applicationGateways@2021-08-01' e name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(applicationGateway.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Network/applicationGateways/readme.md b/modules/Microsoft.Network/applicationGateways/readme.md index 3b9d9936df..0103cb06a5 100644 --- a/modules/Microsoft.Network/applicationGateways/readme.md +++ b/modules/Microsoft.Network/applicationGateways/readme.md @@ -14,7 +14,7 @@ This module deploys Network ApplicationGateways. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | | `Microsoft.Network/applicationGateways` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/applicationGateways) | diff --git a/modules/Microsoft.Network/applicationSecurityGroups/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/applicationSecurityGroups/.bicep/nested_roleAssignments.bicep index 4a64db3276..be0fc36bd3 100644 --- a/modules/Microsoft.Network/applicationSecurityGroups/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/applicationSecurityGroups/.bicep/nested_roleAssignments.bicep @@ -60,7 +60,7 @@ resource applicationSecurityGroup 'Microsoft.Network/applicationSecurityGroups@2 name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(applicationSecurityGroup.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Network/applicationSecurityGroups/readme.md b/modules/Microsoft.Network/applicationSecurityGroups/readme.md index 17856a4da1..83cd259194 100644 --- a/modules/Microsoft.Network/applicationSecurityGroups/readme.md +++ b/modules/Microsoft.Network/applicationSecurityGroups/readme.md @@ -14,7 +14,7 @@ This module deploys an application security group. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Network/applicationSecurityGroups` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/applicationSecurityGroups) | ## Parameters diff --git a/modules/Microsoft.Network/azureFirewalls/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/azureFirewalls/.bicep/nested_roleAssignments.bicep index adb273b82c..a203beebf7 100644 --- a/modules/Microsoft.Network/azureFirewalls/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/azureFirewalls/.bicep/nested_roleAssignments.bicep @@ -60,7 +60,7 @@ resource azureFirewall 'Microsoft.Network/azureFirewalls@2021-08-01' existing = name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(azureFirewall.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Network/azureFirewalls/readme.md b/modules/Microsoft.Network/azureFirewalls/readme.md index e72b20d069..495338b367 100644 --- a/modules/Microsoft.Network/azureFirewalls/readme.md +++ b/modules/Microsoft.Network/azureFirewalls/readme.md @@ -15,7 +15,7 @@ This module deploys a firewall. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | | `Microsoft.Network/azureFirewalls` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/azureFirewalls) | | `Microsoft.Network/publicIPAddresses` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/publicIPAddresses) | diff --git a/modules/Microsoft.Network/bastionHosts/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/bastionHosts/.bicep/nested_roleAssignments.bicep index 9f5513b032..e7db6b185b 100644 --- a/modules/Microsoft.Network/bastionHosts/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/bastionHosts/.bicep/nested_roleAssignments.bicep @@ -60,7 +60,7 @@ resource azureBastion 'Microsoft.Network/bastionHosts@2021-08-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(azureBastion.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Network/bastionHosts/readme.md b/modules/Microsoft.Network/bastionHosts/readme.md index a12722dc01..43e7b95c9c 100644 --- a/modules/Microsoft.Network/bastionHosts/readme.md +++ b/modules/Microsoft.Network/bastionHosts/readme.md @@ -14,7 +14,7 @@ This module deploys a bastion host. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | | `Microsoft.Network/bastionHosts` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/bastionHosts) | | `Microsoft.Network/publicIPAddresses` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/publicIPAddresses) | diff --git a/modules/Microsoft.Network/ddosProtectionPlans/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/ddosProtectionPlans/.bicep/nested_roleAssignments.bicep index 75f3a4e2f1..aff656be52 100644 --- a/modules/Microsoft.Network/ddosProtectionPlans/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/ddosProtectionPlans/.bicep/nested_roleAssignments.bicep @@ -55,7 +55,7 @@ resource ddosProtectionPlan 'Microsoft.Network/ddosProtectionPlans@2021-08-01' e name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(ddosProtectionPlan.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Network/ddosProtectionPlans/readme.md b/modules/Microsoft.Network/ddosProtectionPlans/readme.md index 838193293b..75b550d5fe 100644 --- a/modules/Microsoft.Network/ddosProtectionPlans/readme.md +++ b/modules/Microsoft.Network/ddosProtectionPlans/readme.md @@ -14,7 +14,7 @@ This template deploys a DDoS protection plan. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Network/ddosProtectionPlans` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/ddosProtectionPlans) | ## Parameters diff --git a/modules/Microsoft.Network/expressRouteCircuits/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/expressRouteCircuits/.bicep/nested_roleAssignments.bicep index f63bf9cb6c..2e4edcf2f9 100644 --- a/modules/Microsoft.Network/expressRouteCircuits/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/expressRouteCircuits/.bicep/nested_roleAssignments.bicep @@ -55,7 +55,7 @@ resource expressRouteCircuits 'Microsoft.Network/expressRouteCircuits@2021-08-01 name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(expressRouteCircuits.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Network/expressRouteCircuits/readme.md b/modules/Microsoft.Network/expressRouteCircuits/readme.md index 05db8e8359..f7c0a6408b 100644 --- a/modules/Microsoft.Network/expressRouteCircuits/readme.md +++ b/modules/Microsoft.Network/expressRouteCircuits/readme.md @@ -14,7 +14,7 @@ This template deploys an express route circuit. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | | `Microsoft.Network/expressRouteCircuits` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/expressRouteCircuits) | diff --git a/modules/Microsoft.Network/frontDoors/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/frontDoors/.bicep/nested_roleAssignments.bicep index 0f16440ece..21a41aed1c 100644 --- a/modules/Microsoft.Network/frontDoors/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/frontDoors/.bicep/nested_roleAssignments.bicep @@ -56,7 +56,7 @@ resource frontDoor 'Microsoft.Network/frontDoors@2020-05-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(frontDoor.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Network/frontDoors/readme.md b/modules/Microsoft.Network/frontDoors/readme.md index 420c7a08c9..9d5df2209d 100644 --- a/modules/Microsoft.Network/frontDoors/readme.md +++ b/modules/Microsoft.Network/frontDoors/readme.md @@ -15,7 +15,7 @@ This module deploys Front Doors. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | | `Microsoft.Network/frontDoors` | [2020-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-05-01/frontDoors) | diff --git a/modules/Microsoft.Network/ipGroups/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/ipGroups/.bicep/nested_roleAssignments.bicep index 9dbde36d57..16185b0609 100644 --- a/modules/Microsoft.Network/ipGroups/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/ipGroups/.bicep/nested_roleAssignments.bicep @@ -55,7 +55,7 @@ resource ipGroup 'Microsoft.Network/ipGroups@2021-08-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(ipGroup.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Network/ipGroups/readme.md b/modules/Microsoft.Network/ipGroups/readme.md index e3a9719f97..2a6f6bd776 100644 --- a/modules/Microsoft.Network/ipGroups/readme.md +++ b/modules/Microsoft.Network/ipGroups/readme.md @@ -14,7 +14,7 @@ This module deploys an IP group. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Network/ipGroups` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/ipGroups) | ## Parameters diff --git a/modules/Microsoft.Network/loadBalancers/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/loadBalancers/.bicep/nested_roleAssignments.bicep index 57915c648d..9bf6c48a12 100644 --- a/modules/Microsoft.Network/loadBalancers/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/loadBalancers/.bicep/nested_roleAssignments.bicep @@ -59,7 +59,7 @@ resource loadBalancer 'Microsoft.Network/loadBalancers@2021-08-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(loadBalancer.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Network/loadBalancers/readme.md b/modules/Microsoft.Network/loadBalancers/readme.md index bb7d15ca9d..b39c0a7bfe 100644 --- a/modules/Microsoft.Network/loadBalancers/readme.md +++ b/modules/Microsoft.Network/loadBalancers/readme.md @@ -14,7 +14,7 @@ This module deploys a load balancer. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | | `Microsoft.Network/loadBalancers` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/loadBalancers) | | `Microsoft.Network/loadBalancers/backendAddressPools` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/loadBalancers/backendAddressPools) | diff --git a/modules/Microsoft.Network/localNetworkGateways/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/localNetworkGateways/.bicep/nested_roleAssignments.bicep index 0ff4914be5..20131a9936 100644 --- a/modules/Microsoft.Network/localNetworkGateways/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/localNetworkGateways/.bicep/nested_roleAssignments.bicep @@ -55,7 +55,7 @@ resource localNetworkGateway 'Microsoft.Network/localNetworkGateways@2021-08-01' name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(localNetworkGateway.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Network/localNetworkGateways/readme.md b/modules/Microsoft.Network/localNetworkGateways/readme.md index 10a7438cc7..31a81eb524 100644 --- a/modules/Microsoft.Network/localNetworkGateways/readme.md +++ b/modules/Microsoft.Network/localNetworkGateways/readme.md @@ -14,7 +14,7 @@ This module deploys a local network gateway. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Network/localNetworkGateways` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/localNetworkGateways) | ## Parameters diff --git a/modules/Microsoft.Network/natGateways/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/natGateways/.bicep/nested_roleAssignments.bicep index a7855933bd..bb246d25b0 100644 --- a/modules/Microsoft.Network/natGateways/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/natGateways/.bicep/nested_roleAssignments.bicep @@ -55,7 +55,7 @@ resource natGateway 'Microsoft.Network/natGateways@2021-08-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(natGateway.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Network/natGateways/readme.md b/modules/Microsoft.Network/natGateways/readme.md index 00a0115369..696c11ed85 100644 --- a/modules/Microsoft.Network/natGateways/readme.md +++ b/modules/Microsoft.Network/natGateways/readme.md @@ -14,7 +14,7 @@ This module deploys a NAT gateway. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | | `Microsoft.Network/natGateways` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/natGateways) | | `Microsoft.Network/publicIPAddresses` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/publicIPAddresses) | diff --git a/modules/Microsoft.Network/networkInterfaces/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/networkInterfaces/.bicep/nested_roleAssignments.bicep index d477262fe5..9e8d4ebb17 100644 --- a/modules/Microsoft.Network/networkInterfaces/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/networkInterfaces/.bicep/nested_roleAssignments.bicep @@ -63,7 +63,7 @@ resource networkInterface 'Microsoft.Network/networkInterfaces@2021-08-01' exist name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(networkInterface.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Network/networkInterfaces/readme.md b/modules/Microsoft.Network/networkInterfaces/readme.md index 4918ec1ffb..66187897f0 100644 --- a/modules/Microsoft.Network/networkInterfaces/readme.md +++ b/modules/Microsoft.Network/networkInterfaces/readme.md @@ -14,7 +14,7 @@ This module deploys Network Interfaces. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | | `Microsoft.Network/networkInterfaces` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/networkInterfaces) | diff --git a/modules/Microsoft.Network/networkSecurityGroups/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/networkSecurityGroups/.bicep/nested_roleAssignments.bicep index 3fe623fc71..3c0eba8076 100644 --- a/modules/Microsoft.Network/networkSecurityGroups/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/networkSecurityGroups/.bicep/nested_roleAssignments.bicep @@ -58,7 +58,7 @@ resource networkSecurityGroup 'Microsoft.Network/networkSecurityGroups@2021-08-0 name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(networkSecurityGroup.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Network/networkSecurityGroups/readme.md b/modules/Microsoft.Network/networkSecurityGroups/readme.md index c28f2011da..ad06b0a372 100644 --- a/modules/Microsoft.Network/networkSecurityGroups/readme.md +++ b/modules/Microsoft.Network/networkSecurityGroups/readme.md @@ -14,7 +14,7 @@ This template deploys a network security group (NSG) with optional security rule | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | | `Microsoft.Network/networkSecurityGroups` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/networkSecurityGroups) | | `Microsoft.Network/networkSecurityGroups/securityRules` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/networkSecurityGroups/securityRules) | diff --git a/modules/Microsoft.Network/networkWatchers/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/networkWatchers/.bicep/nested_roleAssignments.bicep index 8187cb9f01..f88307da7a 100644 --- a/modules/Microsoft.Network/networkWatchers/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/networkWatchers/.bicep/nested_roleAssignments.bicep @@ -55,7 +55,7 @@ resource networkWatcher 'Microsoft.Network/networkWatchers@2021-08-01' existing name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(networkWatcher.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Network/networkWatchers/readme.md b/modules/Microsoft.Network/networkWatchers/readme.md index 02134db081..b32ee3d924 100644 --- a/modules/Microsoft.Network/networkWatchers/readme.md +++ b/modules/Microsoft.Network/networkWatchers/readme.md @@ -14,7 +14,7 @@ This template deploys a network watcher. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Network/networkWatchers` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/networkWatchers) | | `Microsoft.Network/networkWatchers/connectionMonitors` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/networkWatchers/connectionMonitors) | | `Microsoft.Network/networkWatchers/flowLogs` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/networkWatchers/flowLogs) | diff --git a/modules/Microsoft.Network/privateDnsZones/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/privateDnsZones/.bicep/nested_roleAssignments.bicep index b7b880d931..4486acb11e 100644 --- a/modules/Microsoft.Network/privateDnsZones/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/privateDnsZones/.bicep/nested_roleAssignments.bicep @@ -56,7 +56,7 @@ resource privateDnsZone 'Microsoft.Network/privateDnsZones@2018-09-01' existing name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(privateDnsZone.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Network/privateDnsZones/A/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/privateDnsZones/A/.bicep/nested_roleAssignments.bicep index b04636f694..e5b8ee6a05 100644 --- a/modules/Microsoft.Network/privateDnsZones/A/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/privateDnsZones/A/.bicep/nested_roleAssignments.bicep @@ -56,7 +56,7 @@ resource A 'Microsoft.Network/privateDnsZones/A@2018-09-01' existing = { name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}' } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(A.name, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Network/privateDnsZones/A/readme.md b/modules/Microsoft.Network/privateDnsZones/A/readme.md index 3f9cc9edd5..0eb17e2719 100644 --- a/modules/Microsoft.Network/privateDnsZones/A/readme.md +++ b/modules/Microsoft.Network/privateDnsZones/A/readme.md @@ -12,7 +12,7 @@ This module deploys a Private DNS Zone A record. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Network/privateDnsZones/A` | [2020-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-06-01/privateDnsZones/A) | ## Parameters diff --git a/modules/Microsoft.Network/privateDnsZones/AAAA/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/privateDnsZones/AAAA/.bicep/nested_roleAssignments.bicep index 9dd3b41994..5b82b07b65 100644 --- a/modules/Microsoft.Network/privateDnsZones/AAAA/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/privateDnsZones/AAAA/.bicep/nested_roleAssignments.bicep @@ -56,7 +56,7 @@ resource AAAA 'Microsoft.Network/privateDnsZones/AAAA@2018-09-01' existing = { name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}' } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(AAAA.name, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Network/privateDnsZones/AAAA/readme.md b/modules/Microsoft.Network/privateDnsZones/AAAA/readme.md index 421d37449c..a557636125 100644 --- a/modules/Microsoft.Network/privateDnsZones/AAAA/readme.md +++ b/modules/Microsoft.Network/privateDnsZones/AAAA/readme.md @@ -12,7 +12,7 @@ This module deploys a Private DNS Zone AAAA record. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Network/privateDnsZones/AAAA` | [2020-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-06-01/privateDnsZones/AAAA) | ## Parameters diff --git a/modules/Microsoft.Network/privateDnsZones/CNAME/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/privateDnsZones/CNAME/.bicep/nested_roleAssignments.bicep index fdbbc21f61..959956ad8a 100644 --- a/modules/Microsoft.Network/privateDnsZones/CNAME/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/privateDnsZones/CNAME/.bicep/nested_roleAssignments.bicep @@ -56,7 +56,7 @@ resource CNAME 'Microsoft.Network/privateDnsZones/CNAME@2018-09-01' existing = { name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}' } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(CNAME.name, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Network/privateDnsZones/CNAME/readme.md b/modules/Microsoft.Network/privateDnsZones/CNAME/readme.md index a8ebeab9ee..b09fc2ea2a 100644 --- a/modules/Microsoft.Network/privateDnsZones/CNAME/readme.md +++ b/modules/Microsoft.Network/privateDnsZones/CNAME/readme.md @@ -12,7 +12,7 @@ This module deploys a Private DNS Zone CNAME record. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Network/privateDnsZones/CNAME` | [2020-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-06-01/privateDnsZones/CNAME) | ## Parameters diff --git a/modules/Microsoft.Network/privateDnsZones/MX/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/privateDnsZones/MX/.bicep/nested_roleAssignments.bicep index 0a079d37e4..5e25039889 100644 --- a/modules/Microsoft.Network/privateDnsZones/MX/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/privateDnsZones/MX/.bicep/nested_roleAssignments.bicep @@ -56,7 +56,7 @@ resource MX 'Microsoft.Network/privateDnsZones/MX@2018-09-01' existing = { name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}' } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(MX.name, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Network/privateDnsZones/MX/readme.md b/modules/Microsoft.Network/privateDnsZones/MX/readme.md index 33531c7dc9..c73641e2a9 100644 --- a/modules/Microsoft.Network/privateDnsZones/MX/readme.md +++ b/modules/Microsoft.Network/privateDnsZones/MX/readme.md @@ -12,7 +12,7 @@ This module deploys a Private DNS Zone MX record. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Network/privateDnsZones/MX` | [2020-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-06-01/privateDnsZones/MX) | ## Parameters diff --git a/modules/Microsoft.Network/privateDnsZones/PTR/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/privateDnsZones/PTR/.bicep/nested_roleAssignments.bicep index 285cbd7cfa..57b53d6566 100644 --- a/modules/Microsoft.Network/privateDnsZones/PTR/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/privateDnsZones/PTR/.bicep/nested_roleAssignments.bicep @@ -56,7 +56,7 @@ resource PTR 'Microsoft.Network/privateDnsZones/PTR@2018-09-01' existing = { name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}' } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(PTR.name, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Network/privateDnsZones/PTR/readme.md b/modules/Microsoft.Network/privateDnsZones/PTR/readme.md index 3d35efa92f..66d4f2ce7b 100644 --- a/modules/Microsoft.Network/privateDnsZones/PTR/readme.md +++ b/modules/Microsoft.Network/privateDnsZones/PTR/readme.md @@ -12,7 +12,7 @@ This module deploys a Private DNS Zone PTR record. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Network/privateDnsZones/PTR` | [2020-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-06-01/privateDnsZones/PTR) | ## Parameters diff --git a/modules/Microsoft.Network/privateDnsZones/SOA/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/privateDnsZones/SOA/.bicep/nested_roleAssignments.bicep index 4272916595..3f12595492 100644 --- a/modules/Microsoft.Network/privateDnsZones/SOA/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/privateDnsZones/SOA/.bicep/nested_roleAssignments.bicep @@ -56,7 +56,7 @@ resource SOA 'Microsoft.Network/privateDnsZones/SOA@2018-09-01' existing = { name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}' } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(SOA.name, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Network/privateDnsZones/SOA/readme.md b/modules/Microsoft.Network/privateDnsZones/SOA/readme.md index 4e47bfd89e..f696c39a1d 100644 --- a/modules/Microsoft.Network/privateDnsZones/SOA/readme.md +++ b/modules/Microsoft.Network/privateDnsZones/SOA/readme.md @@ -12,7 +12,7 @@ This module deploys a Private DNS Zone SOA record. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Network/privateDnsZones/SOA` | [2020-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-06-01/privateDnsZones/SOA) | ## Parameters diff --git a/modules/Microsoft.Network/privateDnsZones/SRV/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/privateDnsZones/SRV/.bicep/nested_roleAssignments.bicep index 2f4af9aeff..c37b1b44a1 100644 --- a/modules/Microsoft.Network/privateDnsZones/SRV/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/privateDnsZones/SRV/.bicep/nested_roleAssignments.bicep @@ -56,7 +56,7 @@ resource SRV 'Microsoft.Network/privateDnsZones/SRV@2018-09-01' existing = { name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}' } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(SRV.name, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Network/privateDnsZones/SRV/readme.md b/modules/Microsoft.Network/privateDnsZones/SRV/readme.md index 666950156e..e95323a8e4 100644 --- a/modules/Microsoft.Network/privateDnsZones/SRV/readme.md +++ b/modules/Microsoft.Network/privateDnsZones/SRV/readme.md @@ -12,7 +12,7 @@ This module deploys a Private DNS Zone TXT record. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Network/privateDnsZones/SRV` | [2020-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-06-01/privateDnsZones/SRV) | ## Parameters diff --git a/modules/Microsoft.Network/privateDnsZones/TXT/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/privateDnsZones/TXT/.bicep/nested_roleAssignments.bicep index 22f692aecd..beb45ca0a1 100644 --- a/modules/Microsoft.Network/privateDnsZones/TXT/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/privateDnsZones/TXT/.bicep/nested_roleAssignments.bicep @@ -56,7 +56,7 @@ resource TXT 'Microsoft.Network/privateDnsZones/TXT@2018-09-01' existing = { name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}' } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(TXT.name, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Network/privateDnsZones/TXT/readme.md b/modules/Microsoft.Network/privateDnsZones/TXT/readme.md index c52714202b..1068f4fa4d 100644 --- a/modules/Microsoft.Network/privateDnsZones/TXT/readme.md +++ b/modules/Microsoft.Network/privateDnsZones/TXT/readme.md @@ -12,7 +12,7 @@ This module deploys a Private DNS Zone TXT record. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Network/privateDnsZones/TXT` | [2020-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-06-01/privateDnsZones/TXT) | ## Parameters diff --git a/modules/Microsoft.Network/privateDnsZones/readme.md b/modules/Microsoft.Network/privateDnsZones/readme.md index 0c3f0a5268..b572aa83cc 100644 --- a/modules/Microsoft.Network/privateDnsZones/readme.md +++ b/modules/Microsoft.Network/privateDnsZones/readme.md @@ -14,7 +14,7 @@ This template deploys a private DNS zone. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Network/privateDnsZones` | [2020-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-06-01/privateDnsZones) | | `Microsoft.Network/privateDnsZones/A` | [2020-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-06-01/privateDnsZones/A) | | `Microsoft.Network/privateDnsZones/AAAA` | [2020-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2020-06-01/privateDnsZones/AAAA) | diff --git a/modules/Microsoft.Network/privateEndpoints/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/privateEndpoints/.bicep/nested_roleAssignments.bicep index eb1972b296..5dca736add 100644 --- a/modules/Microsoft.Network/privateEndpoints/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/privateEndpoints/.bicep/nested_roleAssignments.bicep @@ -55,7 +55,7 @@ resource privateEndpoint 'Microsoft.Network/privateEndpoints@2021-08-01' existin name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(privateEndpoint.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Network/privateEndpoints/readme.md b/modules/Microsoft.Network/privateEndpoints/readme.md index c335ebe311..e935b6b2ec 100644 --- a/modules/Microsoft.Network/privateEndpoints/readme.md +++ b/modules/Microsoft.Network/privateEndpoints/readme.md @@ -14,7 +14,7 @@ This template deploys a private endpoint for a generic service. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Network/privateEndpoints` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/privateEndpoints) | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/privateEndpoints/privateDnsZoneGroups) | diff --git a/modules/Microsoft.Network/publicIPAddresses/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/publicIPAddresses/.bicep/nested_roleAssignments.bicep index b56c582b02..2f93950631 100644 --- a/modules/Microsoft.Network/publicIPAddresses/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/publicIPAddresses/.bicep/nested_roleAssignments.bicep @@ -59,7 +59,7 @@ resource publicIpAddress 'Microsoft.Network/publicIPAddresses@2021-08-01' existi name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(publicIpAddress.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Network/publicIPAddresses/readme.md b/modules/Microsoft.Network/publicIPAddresses/readme.md index a051415a3a..334af518f3 100644 --- a/modules/Microsoft.Network/publicIPAddresses/readme.md +++ b/modules/Microsoft.Network/publicIPAddresses/readme.md @@ -12,7 +12,7 @@ | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | | `Microsoft.Network/publicIPAddresses` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/publicIPAddresses) | diff --git a/modules/Microsoft.Network/publicIPPrefixes/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/publicIPPrefixes/.bicep/nested_roleAssignments.bicep index d92b4471dc..34fc52f5ce 100644 --- a/modules/Microsoft.Network/publicIPPrefixes/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/publicIPPrefixes/.bicep/nested_roleAssignments.bicep @@ -55,7 +55,7 @@ resource publicIpPrefix 'Microsoft.Network/publicIPPrefixes@2021-08-01' existing name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(publicIpPrefix.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Network/publicIPPrefixes/readme.md b/modules/Microsoft.Network/publicIPPrefixes/readme.md index ee843bc248..32f4b45f6b 100644 --- a/modules/Microsoft.Network/publicIPPrefixes/readme.md +++ b/modules/Microsoft.Network/publicIPPrefixes/readme.md @@ -14,7 +14,7 @@ This template deploys a public IP prefix. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Network/publicIPPrefixes` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/publicIPPrefixes) | ## Parameters diff --git a/modules/Microsoft.Network/routeTables/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/routeTables/.bicep/nested_roleAssignments.bicep index 32190a5465..892d60f659 100644 --- a/modules/Microsoft.Network/routeTables/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/routeTables/.bicep/nested_roleAssignments.bicep @@ -56,7 +56,7 @@ resource routeTable 'Microsoft.Network/routeTables@2021-08-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(routeTable.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Network/routeTables/readme.md b/modules/Microsoft.Network/routeTables/readme.md index f84a7e0e0c..5858932730 100644 --- a/modules/Microsoft.Network/routeTables/readme.md +++ b/modules/Microsoft.Network/routeTables/readme.md @@ -14,7 +14,7 @@ This module deploys a user defined route table. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Network/routeTables` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/routeTables) | ## Parameters diff --git a/modules/Microsoft.Network/trafficmanagerprofiles/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/trafficmanagerprofiles/.bicep/nested_roleAssignments.bicep index 0863d2448b..0132367d3a 100644 --- a/modules/Microsoft.Network/trafficmanagerprofiles/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/trafficmanagerprofiles/.bicep/nested_roleAssignments.bicep @@ -56,7 +56,7 @@ resource trafficmanagerprofile 'Microsoft.Network/trafficmanagerprofiles@2018-08 name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(trafficmanagerprofile.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Network/trafficmanagerprofiles/readme.md b/modules/Microsoft.Network/trafficmanagerprofiles/readme.md index 96d02b54f6..879969e058 100644 --- a/modules/Microsoft.Network/trafficmanagerprofiles/readme.md +++ b/modules/Microsoft.Network/trafficmanagerprofiles/readme.md @@ -14,7 +14,7 @@ This module deploys a traffic manager profile. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | | `Microsoft.Network/trafficmanagerprofiles` | [2018-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2018-08-01/trafficmanagerprofiles) | diff --git a/modules/Microsoft.Network/virtualNetworkGateways/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/virtualNetworkGateways/.bicep/nested_roleAssignments.bicep index 2c2d5db1d2..399fa2318a 100644 --- a/modules/Microsoft.Network/virtualNetworkGateways/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/virtualNetworkGateways/.bicep/nested_roleAssignments.bicep @@ -55,7 +55,7 @@ resource virtualNetworkGateway 'Microsoft.Network/virtualNetworkGateways@2021-08 name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(virtualNetworkGateway.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Network/virtualNetworkGateways/readme.md b/modules/Microsoft.Network/virtualNetworkGateways/readme.md index 2a27576eba..c956bef0a7 100644 --- a/modules/Microsoft.Network/virtualNetworkGateways/readme.md +++ b/modules/Microsoft.Network/virtualNetworkGateways/readme.md @@ -14,7 +14,7 @@ This module deploys a virtual network gateway. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | | `Microsoft.Network/publicIPAddresses` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/publicIPAddresses) | | `Microsoft.Network/virtualNetworkGateways` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/virtualNetworkGateways) | diff --git a/modules/Microsoft.Network/virtualNetworks/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/virtualNetworks/.bicep/nested_roleAssignments.bicep index 0fbd44b4ad..4024ecae5d 100644 --- a/modules/Microsoft.Network/virtualNetworks/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/virtualNetworks/.bicep/nested_roleAssignments.bicep @@ -70,7 +70,7 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2021-08-01' existing name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(virtualNetwork.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Network/virtualNetworks/readme.md b/modules/Microsoft.Network/virtualNetworks/readme.md index 6efb4a96de..7236bcfbc5 100644 --- a/modules/Microsoft.Network/virtualNetworks/readme.md +++ b/modules/Microsoft.Network/virtualNetworks/readme.md @@ -15,7 +15,7 @@ This template deploys a virtual network (vNet). | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | | `Microsoft.Network/virtualNetworks` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/virtualNetworks) | | `Microsoft.Network/virtualNetworks/subnets` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/virtualNetworks/subnets) | diff --git a/modules/Microsoft.Network/virtualNetworks/subnets/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/virtualNetworks/subnets/.bicep/nested_roleAssignments.bicep index c527f13b9e..a249baf951 100644 --- a/modules/Microsoft.Network/virtualNetworks/subnets/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/virtualNetworks/subnets/.bicep/nested_roleAssignments.bicep @@ -70,7 +70,7 @@ resource subnet 'Microsoft.Network/virtualNetworks/subnets@2021-03-01' existing name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}' } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(subnet.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Network/virtualNetworks/subnets/readme.md b/modules/Microsoft.Network/virtualNetworks/subnets/readme.md index eb08e35a0d..5037cf2559 100644 --- a/modules/Microsoft.Network/virtualNetworks/subnets/readme.md +++ b/modules/Microsoft.Network/virtualNetworks/subnets/readme.md @@ -13,7 +13,7 @@ This module deploys a virtual network subnet. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Network/virtualNetworks/subnets` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/virtualNetworks/subnets) | ## Parameters diff --git a/modules/Microsoft.Network/virtualWans/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/virtualWans/.bicep/nested_roleAssignments.bicep index fe41c7b914..161ef56a4b 100644 --- a/modules/Microsoft.Network/virtualWans/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/virtualWans/.bicep/nested_roleAssignments.bicep @@ -55,7 +55,7 @@ resource virtualWan 'Microsoft.Network/virtualWans@2021-08-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(virtualWan.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Network/virtualWans/readme.md b/modules/Microsoft.Network/virtualWans/readme.md index 8ee77ba6f0..78e79fd6af 100644 --- a/modules/Microsoft.Network/virtualWans/readme.md +++ b/modules/Microsoft.Network/virtualWans/readme.md @@ -14,7 +14,7 @@ This template deploys a virtual WAN. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Network/virtualWans` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/virtualWans) | ## Parameters diff --git a/modules/Microsoft.Network/vpnSites/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/vpnSites/.bicep/nested_roleAssignments.bicep index 0370fa4ae0..82a3ef79e0 100644 --- a/modules/Microsoft.Network/vpnSites/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/vpnSites/.bicep/nested_roleAssignments.bicep @@ -26,7 +26,7 @@ resource vpnSite 'Microsoft.Network/vpnSites@2021-08-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(vpnSite.id, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/modules/Microsoft.Network/vpnSites/readme.md b/modules/Microsoft.Network/vpnSites/readme.md index 3cfe6db86c..516c82cd47 100644 --- a/modules/Microsoft.Network/vpnSites/readme.md +++ b/modules/Microsoft.Network/vpnSites/readme.md @@ -14,7 +14,7 @@ This module deploys a VPN Site. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Network/vpnSites` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/vpnSites) | ## Parameters diff --git a/modules/Microsoft.OperationalInsights/workspaces/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.OperationalInsights/workspaces/.bicep/nested_roleAssignments.bicep index 325c6fa8dc..fbd9866d84 100644 --- a/modules/Microsoft.OperationalInsights/workspaces/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.OperationalInsights/workspaces/.bicep/nested_roleAssignments.bicep @@ -60,7 +60,7 @@ resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2021-06 name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(logAnalyticsWorkspace.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.OperationalInsights/workspaces/readme.md b/modules/Microsoft.OperationalInsights/workspaces/readme.md index adcab6e738..f9f1eded0b 100644 --- a/modules/Microsoft.OperationalInsights/workspaces/readme.md +++ b/modules/Microsoft.OperationalInsights/workspaces/readme.md @@ -14,7 +14,7 @@ This template deploys a log analytics workspace. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | | `Microsoft.OperationalInsights/workspaces` | [2021-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.OperationalInsights/2021-06-01/workspaces) | | `Microsoft.OperationalInsights/workspaces/dataSources` | [2020-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.OperationalInsights/2020-08-01/workspaces/dataSources) | diff --git a/modules/Microsoft.RecoveryServices/vaults/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.RecoveryServices/vaults/.bicep/nested_roleAssignments.bicep index a4edf440b5..3a50ca92f5 100644 --- a/modules/Microsoft.RecoveryServices/vaults/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.RecoveryServices/vaults/.bicep/nested_roleAssignments.bicep @@ -60,7 +60,7 @@ resource rsv 'Microsoft.RecoveryServices/vaults@2021-12-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(rsv.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.RecoveryServices/vaults/readme.md b/modules/Microsoft.RecoveryServices/vaults/readme.md index f508a06208..935efe31a8 100644 --- a/modules/Microsoft.RecoveryServices/vaults/readme.md +++ b/modules/Microsoft.RecoveryServices/vaults/readme.md @@ -14,7 +14,7 @@ This module deploys a recovery service vault. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | | `Microsoft.Network/privateEndpoints` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/privateEndpoints) | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/privateEndpoints/privateDnsZoneGroups) | diff --git a/modules/Microsoft.Resources/resourceGroups/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Resources/resourceGroups/.bicep/nested_roleAssignments.bicep index 8a1d612fc4..d598bcbc46 100644 --- a/modules/Microsoft.Resources/resourceGroups/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Resources/resourceGroups/.bicep/nested_roleAssignments.bicep @@ -209,7 +209,7 @@ var builtInRoleNames = { 'Workbook Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b279062a-9be3-42a0-92ae-8b3cf002ec4d') } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(last(split(resourceId, '/')), principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Resources/resourceGroups/readme.md b/modules/Microsoft.Resources/resourceGroups/readme.md index e375f12ed8..e8f262b8ec 100644 --- a/modules/Microsoft.Resources/resourceGroups/readme.md +++ b/modules/Microsoft.Resources/resourceGroups/readme.md @@ -15,7 +15,7 @@ This module deploys a resource group. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Resources/resourceGroups` | [2019-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Resources/2019-05-01/resourceGroups) | ## Parameters diff --git a/modules/Microsoft.ServiceBus/namespaces/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.ServiceBus/namespaces/.bicep/nested_roleAssignments.bicep index 5852e0a802..429e738b17 100644 --- a/modules/Microsoft.ServiceBus/namespaces/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.ServiceBus/namespaces/.bicep/nested_roleAssignments.bicep @@ -56,7 +56,7 @@ resource namespace 'Microsoft.ServiceBus/namespaces@2021-11-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(namespace.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.ServiceBus/namespaces/queues/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.ServiceBus/namespaces/queues/.bicep/nested_roleAssignments.bicep index 883164970b..fc08847f97 100644 --- a/modules/Microsoft.ServiceBus/namespaces/queues/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.ServiceBus/namespaces/queues/.bicep/nested_roleAssignments.bicep @@ -56,7 +56,7 @@ resource queue 'Microsoft.ServiceBus/namespaces/queues@2021-06-01-preview' exist name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}' } -resource roleAssigment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssigment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(queue.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.ServiceBus/namespaces/queues/readme.md b/modules/Microsoft.ServiceBus/namespaces/queues/readme.md index 3fcfd78fa6..2944af039a 100644 --- a/modules/Microsoft.ServiceBus/namespaces/queues/readme.md +++ b/modules/Microsoft.ServiceBus/namespaces/queues/readme.md @@ -13,7 +13,7 @@ This module deploys a queue for a service bus namespace. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.ServiceBus/namespaces/queues` | [2021-06-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2021-06-01-preview/namespaces/queues) | | `Microsoft.ServiceBus/namespaces/queues/authorizationRules` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2017-04-01/namespaces/queues/authorizationRules) | diff --git a/modules/Microsoft.ServiceBus/namespaces/readme.md b/modules/Microsoft.ServiceBus/namespaces/readme.md index 94b66c451b..448d2f4a3e 100644 --- a/modules/Microsoft.ServiceBus/namespaces/readme.md +++ b/modules/Microsoft.ServiceBus/namespaces/readme.md @@ -14,7 +14,7 @@ This module deploys a service bus namespace resource. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | | `Microsoft.Network/privateEndpoints` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/privateEndpoints) | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/privateEndpoints/privateDnsZoneGroups) | diff --git a/modules/Microsoft.ServiceBus/namespaces/topics/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.ServiceBus/namespaces/topics/.bicep/nested_roleAssignments.bicep index ec20a14691..9d999d14af 100644 --- a/modules/Microsoft.ServiceBus/namespaces/topics/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.ServiceBus/namespaces/topics/.bicep/nested_roleAssignments.bicep @@ -56,7 +56,7 @@ resource topic 'Microsoft.ServiceBus/namespaces/topics@2021-06-01-preview' exist name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}' } -resource roleAssigment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssigment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(topic.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.ServiceBus/namespaces/topics/readme.md b/modules/Microsoft.ServiceBus/namespaces/topics/readme.md index 887fb6f6f2..82a44e2f4d 100644 --- a/modules/Microsoft.ServiceBus/namespaces/topics/readme.md +++ b/modules/Microsoft.ServiceBus/namespaces/topics/readme.md @@ -13,7 +13,7 @@ This module deploys a topic for a service bus namespace. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.ServiceBus/namespaces/topics` | [2021-06-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2021-06-01-preview/namespaces/topics) | | `Microsoft.ServiceBus/namespaces/topics/authorizationRules` | [2021-06-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.ServiceBus/2021-06-01-preview/namespaces/topics/authorizationRules) | diff --git a/modules/Microsoft.SignalRService/webPubSub/.bicep/nested_rbac.bicep b/modules/Microsoft.SignalRService/webPubSub/.bicep/nested_rbac.bicep index 94483254f0..2b6c22435a 100644 --- a/modules/Microsoft.SignalRService/webPubSub/.bicep/nested_rbac.bicep +++ b/modules/Microsoft.SignalRService/webPubSub/.bicep/nested_rbac.bicep @@ -57,7 +57,7 @@ resource webPubSub 'Microsoft.SignalRService/webPubSub@2021-10-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(webPubSub.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.SignalRService/webPubSub/readme.md b/modules/Microsoft.SignalRService/webPubSub/readme.md index aa246ab77b..1eb08bf00c 100644 --- a/modules/Microsoft.SignalRService/webPubSub/readme.md +++ b/modules/Microsoft.SignalRService/webPubSub/readme.md @@ -14,7 +14,7 @@ This module deploys a Web PubSub Service resource. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Network/privateEndpoints` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/privateEndpoints) | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/privateEndpoints/privateDnsZoneGroups) | | `Microsoft.SignalRService/webPubSub` | [2021-10-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.SignalRService/2021-10-01/webPubSub) | diff --git a/modules/Microsoft.Sql/managedInstances/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Sql/managedInstances/.bicep/nested_roleAssignments.bicep index 5ce15946ce..fcfee43c43 100644 --- a/modules/Microsoft.Sql/managedInstances/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Sql/managedInstances/.bicep/nested_roleAssignments.bicep @@ -56,7 +56,7 @@ resource managedInstance 'Microsoft.Sql/managedInstances@2020-08-01-preview' exi name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(managedInstance.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Sql/managedInstances/readme.md b/modules/Microsoft.Sql/managedInstances/readme.md index 9b1806cdf6..e036d4bfbd 100644 --- a/modules/Microsoft.Sql/managedInstances/readme.md +++ b/modules/Microsoft.Sql/managedInstances/readme.md @@ -14,7 +14,7 @@ This template deploys a SQL managed instance. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | | `Microsoft.Sql/managedInstances` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-05-01-preview/managedInstances) | | `Microsoft.Sql/managedInstances/administrators` | [2021-02-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Sql/2021-02-01-preview/managedInstances/administrators) | diff --git a/modules/Microsoft.Sql/servers/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Sql/servers/.bicep/nested_roleAssignments.bicep index a3497ab19a..d483a2c7d7 100644 --- a/modules/Microsoft.Sql/servers/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Sql/servers/.bicep/nested_roleAssignments.bicep @@ -57,7 +57,7 @@ resource server 'Microsoft.Sql/servers@2020-02-02-preview' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(server.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Sql/servers/readme.md b/modules/Microsoft.Sql/servers/readme.md index 180febabc6..3713695fe3 100644 --- a/modules/Microsoft.Sql/servers/readme.md +++ b/modules/Microsoft.Sql/servers/readme.md @@ -14,7 +14,7 @@ This module deploys a SQL server. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | | `Microsoft.Network/privateEndpoints` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/privateEndpoints) | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/privateEndpoints/privateDnsZoneGroups) | diff --git a/modules/Microsoft.Storage/storageAccounts/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Storage/storageAccounts/.bicep/nested_roleAssignments.bicep index 371dbb5d5b..213f14a112 100644 --- a/modules/Microsoft.Storage/storageAccounts/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Storage/storageAccounts/.bicep/nested_roleAssignments.bicep @@ -80,7 +80,7 @@ resource storageAccount 'Microsoft.Storage/storageAccounts@2021-09-01' existing name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(storageAccount.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Storage/storageAccounts/blobServices/containers/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Storage/storageAccounts/blobServices/containers/.bicep/nested_roleAssignments.bicep index abebd6f7a3..57c4d02260 100644 --- a/modules/Microsoft.Storage/storageAccounts/blobServices/containers/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Storage/storageAccounts/blobServices/containers/.bicep/nested_roleAssignments.bicep @@ -71,7 +71,7 @@ resource container 'Microsoft.Storage/storageAccounts/blobServices/containers@20 name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}/${split(resourceId, '/')[12]}' } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(container.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Storage/storageAccounts/blobServices/containers/readme.md b/modules/Microsoft.Storage/storageAccounts/blobServices/containers/readme.md index c6c85b4632..8d2af0a6e3 100644 --- a/modules/Microsoft.Storage/storageAccounts/blobServices/containers/readme.md +++ b/modules/Microsoft.Storage/storageAccounts/blobServices/containers/readme.md @@ -12,7 +12,7 @@ This module deploys a blob container | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Storage/storageAccounts/blobServices/containers` | [2021-09-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-09-01/storageAccounts/blobServices/containers) | | `Microsoft.Storage/storageAccounts/blobServices/containers/immutabilityPolicies` | [2021-09-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-09-01/storageAccounts/blobServices/containers/immutabilityPolicies) | diff --git a/modules/Microsoft.Storage/storageAccounts/blobServices/readme.md b/modules/Microsoft.Storage/storageAccounts/blobServices/readme.md index f569ec0a2d..786bd62740 100644 --- a/modules/Microsoft.Storage/storageAccounts/blobServices/readme.md +++ b/modules/Microsoft.Storage/storageAccounts/blobServices/readme.md @@ -12,7 +12,7 @@ This module can be used to deploy a blob service into a storage account. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | | `Microsoft.Storage/storageAccounts/blobServices` | [2021-09-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-09-01/storageAccounts/blobServices) | | `Microsoft.Storage/storageAccounts/blobServices/containers` | [2021-09-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-09-01/storageAccounts/blobServices/containers) | diff --git a/modules/Microsoft.Storage/storageAccounts/fileServices/readme.md b/modules/Microsoft.Storage/storageAccounts/fileServices/readme.md index e20fee265f..3212fd1b85 100644 --- a/modules/Microsoft.Storage/storageAccounts/fileServices/readme.md +++ b/modules/Microsoft.Storage/storageAccounts/fileServices/readme.md @@ -12,7 +12,7 @@ This module can be used to deploy a file share service into a storage account. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | | `Microsoft.Storage/storageAccounts/fileServices` | [2021-09-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-09-01/storageAccounts/fileServices) | | `Microsoft.Storage/storageAccounts/fileServices/shares` | [2021-09-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-09-01/storageAccounts/fileServices/shares) | diff --git a/modules/Microsoft.Storage/storageAccounts/fileServices/shares/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Storage/storageAccounts/fileServices/shares/.bicep/nested_roleAssignments.bicep index c04f53e73a..19266e6a3f 100644 --- a/modules/Microsoft.Storage/storageAccounts/fileServices/shares/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Storage/storageAccounts/fileServices/shares/.bicep/nested_roleAssignments.bicep @@ -80,7 +80,7 @@ resource fileShare 'Microsoft.Storage/storageAccounts/fileServices/shares@2019-0 name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}/${split(resourceId, '/')[12]}' } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(fileShare.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Storage/storageAccounts/fileServices/shares/readme.md b/modules/Microsoft.Storage/storageAccounts/fileServices/shares/readme.md index fcd4a270d0..7577b826ef 100644 --- a/modules/Microsoft.Storage/storageAccounts/fileServices/shares/readme.md +++ b/modules/Microsoft.Storage/storageAccounts/fileServices/shares/readme.md @@ -12,7 +12,7 @@ This module deploys a storage account file share. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Storage/storageAccounts/fileServices/shares` | [2021-09-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-09-01/storageAccounts/fileServices/shares) | ## Parameters diff --git a/modules/Microsoft.Storage/storageAccounts/queueServices/queues/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Storage/storageAccounts/queueServices/queues/.bicep/nested_roleAssignments.bicep index 8c348d0802..56d8cd7daa 100644 --- a/modules/Microsoft.Storage/storageAccounts/queueServices/queues/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Storage/storageAccounts/queueServices/queues/.bicep/nested_roleAssignments.bicep @@ -77,7 +77,7 @@ resource queue 'Microsoft.Storage/storageAccounts/queueServices/queues@2021-09-0 name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}/${split(resourceId, '/')[12]}' } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(queue.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Storage/storageAccounts/queueServices/queues/readme.md b/modules/Microsoft.Storage/storageAccounts/queueServices/queues/readme.md index 181a2ee2e4..fef22e3b1f 100644 --- a/modules/Microsoft.Storage/storageAccounts/queueServices/queues/readme.md +++ b/modules/Microsoft.Storage/storageAccounts/queueServices/queues/readme.md @@ -12,7 +12,7 @@ This module deploys a storage account queue | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Storage/storageAccounts/queueServices/queues` | [2021-09-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-09-01/storageAccounts/queueServices/queues) | ## Parameters diff --git a/modules/Microsoft.Storage/storageAccounts/queueServices/readme.md b/modules/Microsoft.Storage/storageAccounts/queueServices/readme.md index a93653cb27..5186b8e622 100644 --- a/modules/Microsoft.Storage/storageAccounts/queueServices/readme.md +++ b/modules/Microsoft.Storage/storageAccounts/queueServices/readme.md @@ -12,7 +12,7 @@ This module can be used to deploy a file share service into a storage account. | Resource Type | API Version | | :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | | `Microsoft.Storage/storageAccounts/queueServices` | [2021-09-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-09-01/storageAccounts/queueServices) | | `Microsoft.Storage/storageAccounts/queueServices/queues` | [2021-09-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Storage/2021-09-01/storageAccounts/queueServices/queues) | diff --git a/modules/Microsoft.Storage/storageAccounts/readme.md b/modules/Microsoft.Storage/storageAccounts/readme.md index c03e8b62af..7ec7f494e2 100644 --- a/modules/Microsoft.Storage/storageAccounts/readme.md +++ b/modules/Microsoft.Storage/storageAccounts/readme.md @@ -15,7 +15,7 @@ This module is used to deploy a storage account, with the ability to deploy 1 or | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | | `Microsoft.Network/privateEndpoints` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/privateEndpoints) | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/privateEndpoints/privateDnsZoneGroups) | diff --git a/modules/Microsoft.Synapse/privateLinkHubs/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Synapse/privateLinkHubs/.bicep/nested_roleAssignments.bicep index cacd538cdd..201af4745d 100644 --- a/modules/Microsoft.Synapse/privateLinkHubs/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Synapse/privateLinkHubs/.bicep/nested_roleAssignments.bicep @@ -53,7 +53,7 @@ resource privateLinkHub 'Microsoft.Synapse/privateLinkHubs@2021-06-01' existing name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(privateLinkHub.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Synapse/privateLinkHubs/readme.md b/modules/Microsoft.Synapse/privateLinkHubs/readme.md index 854e2cce37..94cfcd4d78 100644 --- a/modules/Microsoft.Synapse/privateLinkHubs/readme.md +++ b/modules/Microsoft.Synapse/privateLinkHubs/readme.md @@ -14,7 +14,7 @@ This module deploys Azure Synapse Analytics (private link hubs). | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Network/privateEndpoints` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/privateEndpoints) | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/privateEndpoints/privateDnsZoneGroups) | | `Microsoft.Synapse/privateLinkHubs` | [2021-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Synapse/2021-06-01/privateLinkHubs) | diff --git a/modules/Microsoft.Synapse/workspaces/.bicep/nested_rbac.bicep b/modules/Microsoft.Synapse/workspaces/.bicep/nested_rbac.bicep index e5427b72bf..5ac365c4a6 100644 --- a/modules/Microsoft.Synapse/workspaces/.bicep/nested_rbac.bicep +++ b/modules/Microsoft.Synapse/workspaces/.bicep/nested_rbac.bicep @@ -22,7 +22,7 @@ resource workspace 'Microsoft.Synapse/workspaces@2021-06-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(workspace.name, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/modules/Microsoft.Synapse/workspaces/readme.md b/modules/Microsoft.Synapse/workspaces/readme.md index b0960812ec..58766a28a3 100644 --- a/modules/Microsoft.Synapse/workspaces/readme.md +++ b/modules/Microsoft.Synapse/workspaces/readme.md @@ -15,7 +15,7 @@ This module deploys a Synapse Workspace. | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | | `Microsoft.KeyVault/vaults/accessPolicies` | [2021-06-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.KeyVault/2021-06-01-preview/vaults/accessPolicies) | | `Microsoft.Network/privateEndpoints` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/privateEndpoints) | diff --git a/modules/Microsoft.VirtualMachineImages/imageTemplates/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.VirtualMachineImages/imageTemplates/.bicep/nested_roleAssignments.bicep index 73d057c289..1ee3c21599 100644 --- a/modules/Microsoft.VirtualMachineImages/imageTemplates/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.VirtualMachineImages/imageTemplates/.bicep/nested_roleAssignments.bicep @@ -53,7 +53,7 @@ resource imageTemplate 'Microsoft.VirtualMachineImages/imageTemplates@2020-02-14 name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(imageTemplate.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.VirtualMachineImages/imageTemplates/readme.md b/modules/Microsoft.VirtualMachineImages/imageTemplates/readme.md index b920f31cc5..d4ef3bc832 100644 --- a/modules/Microsoft.VirtualMachineImages/imageTemplates/readme.md +++ b/modules/Microsoft.VirtualMachineImages/imageTemplates/readme.md @@ -14,7 +14,7 @@ This module deploys an image template that can be consumed by the Azure Image Bu | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.VirtualMachineImages/imageTemplates` | [2020-02-14](https://docs.microsoft.com/en-us/azure/templates/Microsoft.VirtualMachineImages/2020-02-14/imageTemplates) | ## Parameters diff --git a/modules/Microsoft.Web/connections/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Web/connections/.bicep/nested_roleAssignments.bicep index 8dbd2f92b9..5b514694db 100644 --- a/modules/Microsoft.Web/connections/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Web/connections/.bicep/nested_roleAssignments.bicep @@ -55,7 +55,7 @@ resource connection 'Microsoft.Web/connections@2016-06-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(connection.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Web/connections/readme.md b/modules/Microsoft.Web/connections/readme.md index 4f10fedf29..ad49b7e734 100644 --- a/modules/Microsoft.Web/connections/readme.md +++ b/modules/Microsoft.Web/connections/readme.md @@ -14,7 +14,7 @@ This module deploys an Azure API connection. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Web/connections` | [2016-06-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Web/2016-06-01/connections) | ## Parameters diff --git a/modules/Microsoft.Web/hostingEnvironments/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Web/hostingEnvironments/.bicep/nested_roleAssignments.bicep index 0ef2a76c30..6ea168c639 100644 --- a/modules/Microsoft.Web/hostingEnvironments/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Web/hostingEnvironments/.bicep/nested_roleAssignments.bicep @@ -54,7 +54,7 @@ resource appServiceEnvironment 'Microsoft.Web/hostingEnvironments@2021-02-01' ex name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(appServiceEnvironment.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Web/hostingEnvironments/readme.md b/modules/Microsoft.Web/hostingEnvironments/readme.md index d3fc478708..547999b7f2 100644 --- a/modules/Microsoft.Web/hostingEnvironments/readme.md +++ b/modules/Microsoft.Web/hostingEnvironments/readme.md @@ -14,7 +14,7 @@ This module deploys an app service environment. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | | `Microsoft.Web/hostingEnvironments` | [2021-03-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Web/2021-03-01/hostingEnvironments) | diff --git a/modules/Microsoft.Web/serverfarms/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Web/serverfarms/.bicep/nested_roleAssignments.bicep index 987c0ee6b6..c42ae55be7 100644 --- a/modules/Microsoft.Web/serverfarms/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Web/serverfarms/.bicep/nested_roleAssignments.bicep @@ -57,7 +57,7 @@ resource appServicePlan 'Microsoft.Web/serverfarms@2021-02-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(appServicePlan.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Web/serverfarms/readme.md b/modules/Microsoft.Web/serverfarms/readme.md index 0ed2ab2873..d80c44ffa8 100644 --- a/modules/Microsoft.Web/serverfarms/readme.md +++ b/modules/Microsoft.Web/serverfarms/readme.md @@ -14,7 +14,7 @@ This module deploys an app service plan. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | | `Microsoft.Web/serverfarms` | [2021-02-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Web/2021-02-01/serverfarms) | diff --git a/modules/Microsoft.Web/sites/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Web/sites/.bicep/nested_roleAssignments.bicep index b51f6c00e4..cd36bc13e4 100644 --- a/modules/Microsoft.Web/sites/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Web/sites/.bicep/nested_roleAssignments.bicep @@ -55,7 +55,7 @@ resource app 'Microsoft.Web/sites@2020-12-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(app.id, principalId, roleDefinitionIdOrName) properties: { description: description diff --git a/modules/Microsoft.Web/sites/readme.md b/modules/Microsoft.Web/sites/readme.md index ce097f45aa..c0137b97c7 100644 --- a/modules/Microsoft.Web/sites/readme.md +++ b/modules/Microsoft.Web/sites/readme.md @@ -14,7 +14,7 @@ This module deploys a web or function app. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | | `Microsoft.Network/privateEndpoints` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/privateEndpoints) | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/privateEndpoints/privateDnsZoneGroups) | diff --git a/modules/Microsoft.Web/staticSites/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Web/staticSites/.bicep/nested_roleAssignments.bicep index d8c01ae5d9..5445b96b5b 100644 --- a/modules/Microsoft.Web/staticSites/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Web/staticSites/.bicep/nested_roleAssignments.bicep @@ -23,7 +23,7 @@ resource staticSite 'Microsoft.Web/staticSites@2021-02-01' existing = { name: last(split(resourceId, '/')) } -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { +resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [for principalId in principalIds: { name: guid(staticSite.id, principalId, roleDefinitionIdOrName) properties: { roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName diff --git a/modules/Microsoft.Web/staticSites/readme.md b/modules/Microsoft.Web/staticSites/readme.md index 57151fcb36..8e43186f9e 100644 --- a/modules/Microsoft.Web/staticSites/readme.md +++ b/modules/Microsoft.Web/staticSites/readme.md @@ -14,7 +14,7 @@ This module deploys a Static Web App. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | +| `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Network/privateEndpoints` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/privateEndpoints) | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2021-08-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-08-01/privateEndpoints/privateDnsZoneGroups) | | `Microsoft.Web/staticSites` | [2021-03-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Web/2021-03-01/staticSites) | diff --git a/utilities/tools/Get-LinkedModuleList.ps1 b/utilities/tools/Get-LinkedModuleList.ps1 index 221924185e..bdf678f8a8 100644 --- a/utilities/tools/Get-LinkedModuleList.ps1 +++ b/utilities/tools/Get-LinkedModuleList.ps1 @@ -24,7 +24,7 @@ Invoke the function with the default path. Returns an object such as: "Microsoft.Compute/availabilitySets@2021-07-01", "Microsoft.Authorization/locks@2017-04-01", "Microsoft.Compute/availabilitySets@2021-04-01", - "Microsoft.Authorization/roleAssignments@2020-10-01-preview" + "Microsoft.Authorization/roleAssignments@2022-04-01" ] }, (...) From b7507dd1b7c776cf13f3934dbbcffaeeb64efc15 Mon Sep 17 00:00:00 2001 From: MrMCake Date: Mon, 8 Aug 2022 21:35:43 +0200 Subject: [PATCH 5/5] Updated condition version --- .../DomainServices/.bicep/nested_roleAssignments.bicep | 2 +- .../servers/.bicep/nested_roleAssignments.bicep | 2 +- .../service/.bicep/nested_roleAssignments.bicep | 2 +- .../configurationStores/.bicep/nested_roleAssignments.bicep | 2 +- .../automationAccounts/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Cache/redis/.bicep/nested_rbac.bicep | 2 +- .../accounts/.bicep/nested_roleAssignments.bicep | 2 +- .../availabilitySets/.bicep/nested_roleAssignments.bicep | 2 +- .../diskEncryptionSets/.bicep/nested_roleAssignments.bicep | 2 +- .../Microsoft.Compute/disks/.bicep/nested_roleAssignments.bicep | 2 +- .../galleries/.bicep/nested_roleAssignments.bicep | 2 +- .../galleries/images/.bicep/nested_roleAssignments.bicep | 2 +- .../images/.bicep/nested_roleAssignments.bicep | 2 +- .../.bicep/nested_roleAssignments.bicep | 2 +- .../virtualMachineScaleSets/.bicep/nested_roleAssignments.bicep | 2 +- .../virtualMachines/.bicep/nested_roleAssignments.bicep | 2 +- .../registries/.bicep/nested_roleAssignments.bicep | 2 +- .../managedClusters/.bicep/nested_roleAssignments.bicep | 2 +- .../factories/.bicep/nested_roleAssignments.bicep | 2 +- .../backupVaults/.bicep/nested_roleAssignments.bicep | 2 +- .../workspaces/.bicep/nested_roleAssignments.bicep | 2 +- .../applicationgroups/.bicep/nested_roleAssignments.bicep | 2 +- .../hostpools/.bicep/nested_roleAssignments.bicep | 2 +- .../scalingplans/.bicep/nested_roleAssignments.bicep | 2 +- .../workspaces/.bicep/nested_roleAssignments.bicep | 2 +- .../databaseAccounts/.bicep/nested_roleAssignments.bicep | 2 +- .../systemTopics/.bicep/nested_roleAssignments.bicep | 2 +- .../topics/.bicep/nested_roleAssignments.bicep | 2 +- .../namespaces/.bicep/nested_roleAssignments.bicep | 2 +- .../namespaces/eventhubs/.bicep/nested_roleAssignments.bicep | 2 +- .../healthBots/.bicep/nested_roleAssignments.bicep | 2 +- .../actionGroups/.bicep/nested_roleAssignments.bicep | 2 +- .../activityLogAlerts/.bicep/nested_roleAssignments.bicep | 2 +- .../components/.bicep/nested_roleAssignments.bicep | 2 +- .../metricAlerts/.bicep/nested_roleAssignments.bicep | 2 +- .../privateLinkScopes/.bicep/nested_roleAssignments.bicep | 2 +- .../scheduledQueryRules/.bicep/nested_roleAssignments.bicep | 2 +- .../vaults/.bicep/nested_roleAssignments.bicep | 2 +- .../vaults/keys/.bicep/nested_roleAssignments.bicep | 2 +- .../vaults/secrets/.bicep/nested_roleAssignments.bicep | 2 +- .../workflows/.bicep/nested_roleAssignments.bicep | 2 +- .../workspaces/.bicep/nested_roleAssignments.bicep | 2 +- .../userAssignedIdentities/.bicep/nested_roleAssignments.bicep | 2 +- .../netAppAccounts/.bicep/nested_roleAssignments.bicep | 2 +- .../capacityPools/.bicep/nested_roleAssignments.bicep | 2 +- .../capacityPools/volumes/.bicep/nested_roleAssignments.bicep | 2 +- .../applicationGateways/.bicep/nested_roleAssignments.bicep | 2 +- .../.bicep/nested_roleAssignments.bicep | 2 +- .../azureFirewalls/.bicep/nested_roleAssignments.bicep | 2 +- .../bastionHosts/.bicep/nested_roleAssignments.bicep | 2 +- .../ddosProtectionPlans/.bicep/nested_roleAssignments.bicep | 2 +- .../expressRouteCircuits/.bicep/nested_roleAssignments.bicep | 2 +- .../frontDoors/.bicep/nested_roleAssignments.bicep | 2 +- .../ipGroups/.bicep/nested_roleAssignments.bicep | 2 +- .../loadBalancers/.bicep/nested_roleAssignments.bicep | 2 +- .../localNetworkGateways/.bicep/nested_roleAssignments.bicep | 2 +- .../natGateways/.bicep/nested_roleAssignments.bicep | 2 +- .../networkInterfaces/.bicep/nested_roleAssignments.bicep | 2 +- .../networkSecurityGroups/.bicep/nested_roleAssignments.bicep | 2 +- .../networkWatchers/.bicep/nested_roleAssignments.bicep | 2 +- .../privateDnsZones/.bicep/nested_roleAssignments.bicep | 2 +- .../privateDnsZones/A/.bicep/nested_roleAssignments.bicep | 2 +- .../privateDnsZones/AAAA/.bicep/nested_roleAssignments.bicep | 2 +- .../privateDnsZones/CNAME/.bicep/nested_roleAssignments.bicep | 2 +- .../privateDnsZones/MX/.bicep/nested_roleAssignments.bicep | 2 +- .../privateDnsZones/PTR/.bicep/nested_roleAssignments.bicep | 2 +- .../privateDnsZones/SOA/.bicep/nested_roleAssignments.bicep | 2 +- .../privateDnsZones/SRV/.bicep/nested_roleAssignments.bicep | 2 +- .../privateDnsZones/TXT/.bicep/nested_roleAssignments.bicep | 2 +- .../privateEndpoints/.bicep/nested_roleAssignments.bicep | 2 +- .../publicIPAddresses/.bicep/nested_roleAssignments.bicep | 2 +- .../publicIPPrefixes/.bicep/nested_roleAssignments.bicep | 2 +- .../routeTables/.bicep/nested_roleAssignments.bicep | 2 +- .../trafficmanagerprofiles/.bicep/nested_roleAssignments.bicep | 2 +- .../virtualNetworkGateways/.bicep/nested_roleAssignments.bicep | 2 +- .../virtualNetworks/.bicep/nested_roleAssignments.bicep | 2 +- .../virtualNetworks/subnets/.bicep/nested_roleAssignments.bicep | 2 +- .../virtualWans/.bicep/nested_roleAssignments.bicep | 2 +- .../workspaces/.bicep/nested_roleAssignments.bicep | 2 +- .../vaults/.bicep/nested_roleAssignments.bicep | 2 +- .../resourceGroups/.bicep/nested_roleAssignments.bicep | 2 +- .../namespaces/.bicep/nested_roleAssignments.bicep | 2 +- .../namespaces/queues/.bicep/nested_roleAssignments.bicep | 2 +- .../namespaces/topics/.bicep/nested_roleAssignments.bicep | 2 +- .../clusters/.bicep/nested_roleAssignments.bicep | 2 +- .../Microsoft.SignalRService/webPubSub/.bicep/nested_rbac.bicep | 2 +- .../managedInstances/.bicep/nested_roleAssignments.bicep | 2 +- .../Microsoft.Sql/servers/.bicep/nested_roleAssignments.bicep | 2 +- .../storageAccounts/.bicep/nested_roleAssignments.bicep | 2 +- .../blobServices/containers/.bicep/nested_roleAssignments.bicep | 2 +- .../fileServices/shares/.bicep/nested_roleAssignments.bicep | 2 +- .../queueServices/queues/.bicep/nested_roleAssignments.bicep | 2 +- .../privateLinkHubs/.bicep/nested_roleAssignments.bicep | 2 +- .../imageTemplates/.bicep/nested_roleAssignments.bicep | 2 +- .../connections/.bicep/nested_roleAssignments.bicep | 2 +- .../hostingEnvironments/.bicep/nested_roleAssignments.bicep | 2 +- .../serverfarms/.bicep/nested_roleAssignments.bicep | 2 +- modules/Microsoft.Web/sites/.bicep/nested_roleAssignments.bicep | 2 +- 98 files changed, 98 insertions(+), 98 deletions(-) diff --git a/modules/Microsoft.AAD/DomainServices/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.AAD/DomainServices/.bicep/nested_roleAssignments.bicep index 969156b15c..e1c6b972be 100644 --- a/modules/Microsoft.AAD/DomainServices/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.AAD/DomainServices/.bicep/nested_roleAssignments.bicep @@ -78,7 +78,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: AzureADDS diff --git a/modules/Microsoft.AnalysisServices/servers/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.AnalysisServices/servers/.bicep/nested_roleAssignments.bicep index c3821f8b9a..d8d6a2b649 100644 --- a/modules/Microsoft.AnalysisServices/servers/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.AnalysisServices/servers/.bicep/nested_roleAssignments.bicep @@ -61,7 +61,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: server diff --git a/modules/Microsoft.ApiManagement/service/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.ApiManagement/service/.bicep/nested_roleAssignments.bicep index d182b08972..630bfac42a 100644 --- a/modules/Microsoft.ApiManagement/service/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.ApiManagement/service/.bicep/nested_roleAssignments.bicep @@ -64,7 +64,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: service diff --git a/modules/Microsoft.AppConfiguration/configurationStores/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.AppConfiguration/configurationStores/.bicep/nested_roleAssignments.bicep index 89f0f16520..8d6fe27691 100644 --- a/modules/Microsoft.AppConfiguration/configurationStores/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.AppConfiguration/configurationStores/.bicep/nested_roleAssignments.bicep @@ -63,7 +63,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: appConfiguration diff --git a/modules/Microsoft.Automation/automationAccounts/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Automation/automationAccounts/.bicep/nested_roleAssignments.bicep index 0f5c709b48..c5d21e5a35 100644 --- a/modules/Microsoft.Automation/automationAccounts/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Automation/automationAccounts/.bicep/nested_roleAssignments.bicep @@ -65,7 +65,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: automationAccount diff --git a/modules/Microsoft.Cache/redis/.bicep/nested_rbac.bicep b/modules/Microsoft.Cache/redis/.bicep/nested_rbac.bicep index b56c043ed5..64025103b0 100644 --- a/modules/Microsoft.Cache/redis/.bicep/nested_rbac.bicep +++ b/modules/Microsoft.Cache/redis/.bicep/nested_rbac.bicep @@ -62,7 +62,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: redisCache diff --git a/modules/Microsoft.CognitiveServices/accounts/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.CognitiveServices/accounts/.bicep/nested_roleAssignments.bicep index 03b0116304..d0dc97ef7c 100644 --- a/modules/Microsoft.CognitiveServices/accounts/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.CognitiveServices/accounts/.bicep/nested_roleAssignments.bicep @@ -78,7 +78,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: account diff --git a/modules/Microsoft.Compute/availabilitySets/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Compute/availabilitySets/.bicep/nested_roleAssignments.bicep index 196c3ca1b7..deeae1c5b2 100644 --- a/modules/Microsoft.Compute/availabilitySets/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Compute/availabilitySets/.bicep/nested_roleAssignments.bicep @@ -69,7 +69,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: availabilitySet diff --git a/modules/Microsoft.Compute/diskEncryptionSets/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Compute/diskEncryptionSets/.bicep/nested_roleAssignments.bicep index 1bf27de755..5cdc604597 100644 --- a/modules/Microsoft.Compute/diskEncryptionSets/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Compute/diskEncryptionSets/.bicep/nested_roleAssignments.bicep @@ -67,7 +67,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: diskEncryptionSet diff --git a/modules/Microsoft.Compute/disks/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Compute/disks/.bicep/nested_roleAssignments.bicep index 22ce98e76d..c1364b9fa5 100644 --- a/modules/Microsoft.Compute/disks/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Compute/disks/.bicep/nested_roleAssignments.bicep @@ -68,7 +68,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: disk diff --git a/modules/Microsoft.Compute/galleries/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Compute/galleries/.bicep/nested_roleAssignments.bicep index 2c8d5fc71e..a79ea7f988 100644 --- a/modules/Microsoft.Compute/galleries/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Compute/galleries/.bicep/nested_roleAssignments.bicep @@ -63,7 +63,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: gallery diff --git a/modules/Microsoft.Compute/galleries/images/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Compute/galleries/images/.bicep/nested_roleAssignments.bicep index c1b4195dad..ca33748441 100644 --- a/modules/Microsoft.Compute/galleries/images/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Compute/galleries/images/.bicep/nested_roleAssignments.bicep @@ -65,7 +65,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: galleryImage diff --git a/modules/Microsoft.Compute/images/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Compute/images/.bicep/nested_roleAssignments.bicep index b94415bb61..f143080f2a 100644 --- a/modules/Microsoft.Compute/images/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Compute/images/.bicep/nested_roleAssignments.bicep @@ -65,7 +65,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: image diff --git a/modules/Microsoft.Compute/proximityPlacementGroups/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Compute/proximityPlacementGroups/.bicep/nested_roleAssignments.bicep index 96c33701c3..f0b623e3cc 100644 --- a/modules/Microsoft.Compute/proximityPlacementGroups/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Compute/proximityPlacementGroups/.bicep/nested_roleAssignments.bicep @@ -67,7 +67,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: proximityPlacementGroup diff --git a/modules/Microsoft.Compute/virtualMachineScaleSets/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Compute/virtualMachineScaleSets/.bicep/nested_roleAssignments.bicep index 0a7254416b..3da82a5cd4 100644 --- a/modules/Microsoft.Compute/virtualMachineScaleSets/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Compute/virtualMachineScaleSets/.bicep/nested_roleAssignments.bicep @@ -68,7 +68,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: vmss diff --git a/modules/Microsoft.Compute/virtualMachines/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Compute/virtualMachines/.bicep/nested_roleAssignments.bicep index cfc53c66a5..8d55cc55ef 100644 --- a/modules/Microsoft.Compute/virtualMachines/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Compute/virtualMachines/.bicep/nested_roleAssignments.bicep @@ -69,7 +69,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: virtualMachine diff --git a/modules/Microsoft.ContainerRegistry/registries/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.ContainerRegistry/registries/.bicep/nested_roleAssignments.bicep index f9fb59ebd9..a9b24d3cf9 100644 --- a/modules/Microsoft.ContainerRegistry/registries/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.ContainerRegistry/registries/.bicep/nested_roleAssignments.bicep @@ -70,7 +70,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: registry diff --git a/modules/Microsoft.ContainerService/managedClusters/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.ContainerService/managedClusters/.bicep/nested_roleAssignments.bicep index 4d24fed366..581a566e20 100644 --- a/modules/Microsoft.ContainerService/managedClusters/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.ContainerService/managedClusters/.bicep/nested_roleAssignments.bicep @@ -70,7 +70,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: managedCluster diff --git a/modules/Microsoft.DataFactory/factories/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.DataFactory/factories/.bicep/nested_roleAssignments.bicep index 7fbe277115..ef6e10c9cf 100644 --- a/modules/Microsoft.DataFactory/factories/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.DataFactory/factories/.bicep/nested_roleAssignments.bicep @@ -62,7 +62,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: dataFactory diff --git a/modules/Microsoft.DataProtection/backupVaults/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.DataProtection/backupVaults/.bicep/nested_roleAssignments.bicep index 4270d7a6b0..dd41a228cb 100644 --- a/modules/Microsoft.DataProtection/backupVaults/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.DataProtection/backupVaults/.bicep/nested_roleAssignments.bicep @@ -51,7 +51,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: backupVault diff --git a/modules/Microsoft.Databricks/workspaces/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Databricks/workspaces/.bicep/nested_roleAssignments.bicep index 7e78cd0bd9..fcaa1d5b27 100644 --- a/modules/Microsoft.Databricks/workspaces/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Databricks/workspaces/.bicep/nested_roleAssignments.bicep @@ -63,7 +63,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: workspace diff --git a/modules/Microsoft.DesktopVirtualization/applicationgroups/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.DesktopVirtualization/applicationgroups/.bicep/nested_roleAssignments.bicep index dd92120ee9..294962323b 100644 --- a/modules/Microsoft.DesktopVirtualization/applicationgroups/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.DesktopVirtualization/applicationgroups/.bicep/nested_roleAssignments.bicep @@ -69,7 +69,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: appGroup diff --git a/modules/Microsoft.DesktopVirtualization/hostpools/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.DesktopVirtualization/hostpools/.bicep/nested_roleAssignments.bicep index cba575d90a..070cef82c1 100644 --- a/modules/Microsoft.DesktopVirtualization/hostpools/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.DesktopVirtualization/hostpools/.bicep/nested_roleAssignments.bicep @@ -70,7 +70,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: hostPool diff --git a/modules/Microsoft.DesktopVirtualization/scalingplans/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.DesktopVirtualization/scalingplans/.bicep/nested_roleAssignments.bicep index cba575d90a..070cef82c1 100644 --- a/modules/Microsoft.DesktopVirtualization/scalingplans/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.DesktopVirtualization/scalingplans/.bicep/nested_roleAssignments.bicep @@ -70,7 +70,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: hostPool diff --git a/modules/Microsoft.DesktopVirtualization/workspaces/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.DesktopVirtualization/workspaces/.bicep/nested_roleAssignments.bicep index 0f2b4daee0..065443b08f 100644 --- a/modules/Microsoft.DesktopVirtualization/workspaces/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.DesktopVirtualization/workspaces/.bicep/nested_roleAssignments.bicep @@ -66,7 +66,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: workspace diff --git a/modules/Microsoft.DocumentDB/databaseAccounts/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.DocumentDB/databaseAccounts/.bicep/nested_roleAssignments.bicep index e727a63d76..fa29f1460b 100644 --- a/modules/Microsoft.DocumentDB/databaseAccounts/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.DocumentDB/databaseAccounts/.bicep/nested_roleAssignments.bicep @@ -65,7 +65,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: databaseAccount diff --git a/modules/Microsoft.EventGrid/systemTopics/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.EventGrid/systemTopics/.bicep/nested_roleAssignments.bicep index d24bd83baa..d47210346d 100644 --- a/modules/Microsoft.EventGrid/systemTopics/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.EventGrid/systemTopics/.bicep/nested_roleAssignments.bicep @@ -63,7 +63,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: systemTopic diff --git a/modules/Microsoft.EventGrid/topics/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.EventGrid/topics/.bicep/nested_roleAssignments.bicep index f3b1b157eb..a13e4f50e9 100644 --- a/modules/Microsoft.EventGrid/topics/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.EventGrid/topics/.bicep/nested_roleAssignments.bicep @@ -63,7 +63,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: eventGrid diff --git a/modules/Microsoft.EventHub/namespaces/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.EventHub/namespaces/.bicep/nested_roleAssignments.bicep index ccc1aacfb9..3c44567cd7 100644 --- a/modules/Microsoft.EventHub/namespaces/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.EventHub/namespaces/.bicep/nested_roleAssignments.bicep @@ -66,7 +66,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: eventHubNamespace diff --git a/modules/Microsoft.EventHub/namespaces/eventhubs/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.EventHub/namespaces/eventhubs/.bicep/nested_roleAssignments.bicep index b099cc63a4..a20257cd7a 100644 --- a/modules/Microsoft.EventHub/namespaces/eventhubs/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.EventHub/namespaces/eventhubs/.bicep/nested_roleAssignments.bicep @@ -64,7 +64,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: eventHub diff --git a/modules/Microsoft.HealthBot/healthBots/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.HealthBot/healthBots/.bicep/nested_roleAssignments.bicep index 29b9a1c766..ba386a4846 100644 --- a/modules/Microsoft.HealthBot/healthBots/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.HealthBot/healthBots/.bicep/nested_roleAssignments.bicep @@ -61,7 +61,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: healthBot diff --git a/modules/Microsoft.Insights/actionGroups/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Insights/actionGroups/.bicep/nested_roleAssignments.bicep index 013c118539..03d7272579 100644 --- a/modules/Microsoft.Insights/actionGroups/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Insights/actionGroups/.bicep/nested_roleAssignments.bicep @@ -62,7 +62,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: actionGroup diff --git a/modules/Microsoft.Insights/activityLogAlerts/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Insights/activityLogAlerts/.bicep/nested_roleAssignments.bicep index d0e730fc1a..367ed2d834 100644 --- a/modules/Microsoft.Insights/activityLogAlerts/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Insights/activityLogAlerts/.bicep/nested_roleAssignments.bicep @@ -62,7 +62,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: activityLogAlert diff --git a/modules/Microsoft.Insights/components/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Insights/components/.bicep/nested_roleAssignments.bicep index ee18f0b34b..261a8344ba 100644 --- a/modules/Microsoft.Insights/components/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Insights/components/.bicep/nested_roleAssignments.bicep @@ -65,7 +65,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: appInsights diff --git a/modules/Microsoft.Insights/metricAlerts/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Insights/metricAlerts/.bicep/nested_roleAssignments.bicep index 329678bf38..5bd2ee2cc4 100644 --- a/modules/Microsoft.Insights/metricAlerts/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Insights/metricAlerts/.bicep/nested_roleAssignments.bicep @@ -65,7 +65,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: metricAlert diff --git a/modules/Microsoft.Insights/privateLinkScopes/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Insights/privateLinkScopes/.bicep/nested_roleAssignments.bicep index 78d1fe4e03..d9ca09ce9a 100644 --- a/modules/Microsoft.Insights/privateLinkScopes/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Insights/privateLinkScopes/.bicep/nested_roleAssignments.bicep @@ -61,7 +61,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: privateLinkScope diff --git a/modules/Microsoft.Insights/scheduledQueryRules/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Insights/scheduledQueryRules/.bicep/nested_roleAssignments.bicep index 77b0c6e538..f547d41e3f 100644 --- a/modules/Microsoft.Insights/scheduledQueryRules/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Insights/scheduledQueryRules/.bicep/nested_roleAssignments.bicep @@ -63,7 +63,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: queryAlert diff --git a/modules/Microsoft.KeyVault/vaults/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.KeyVault/vaults/.bicep/nested_roleAssignments.bicep index 19842f70d5..7ba24f995e 100644 --- a/modules/Microsoft.KeyVault/vaults/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.KeyVault/vaults/.bicep/nested_roleAssignments.bicep @@ -70,7 +70,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: keyVault diff --git a/modules/Microsoft.KeyVault/vaults/keys/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.KeyVault/vaults/keys/.bicep/nested_roleAssignments.bicep index 2ffb7a276e..ae461b6c13 100644 --- a/modules/Microsoft.KeyVault/vaults/keys/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.KeyVault/vaults/keys/.bicep/nested_roleAssignments.bicep @@ -69,7 +69,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: key diff --git a/modules/Microsoft.KeyVault/vaults/secrets/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.KeyVault/vaults/secrets/.bicep/nested_roleAssignments.bicep index 21f6896a2a..a7f6722ee6 100644 --- a/modules/Microsoft.KeyVault/vaults/secrets/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.KeyVault/vaults/secrets/.bicep/nested_roleAssignments.bicep @@ -68,7 +68,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: secret diff --git a/modules/Microsoft.Logic/workflows/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Logic/workflows/.bicep/nested_roleAssignments.bicep index 5d2447c68b..0ffc462e10 100644 --- a/modules/Microsoft.Logic/workflows/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Logic/workflows/.bicep/nested_roleAssignments.bicep @@ -64,7 +64,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: logicApp diff --git a/modules/Microsoft.MachineLearningServices/workspaces/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.MachineLearningServices/workspaces/.bicep/nested_roleAssignments.bicep index 64d098f42c..e4dd88e38d 100644 --- a/modules/Microsoft.MachineLearningServices/workspaces/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.MachineLearningServices/workspaces/.bicep/nested_roleAssignments.bicep @@ -62,7 +62,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: workspace diff --git a/modules/Microsoft.ManagedIdentity/userAssignedIdentities/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.ManagedIdentity/userAssignedIdentities/.bicep/nested_roleAssignments.bicep index 694fc671b5..e2d2c4b508 100644 --- a/modules/Microsoft.ManagedIdentity/userAssignedIdentities/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.ManagedIdentity/userAssignedIdentities/.bicep/nested_roleAssignments.bicep @@ -63,7 +63,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: userMsi diff --git a/modules/Microsoft.NetApp/netAppAccounts/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.NetApp/netAppAccounts/.bicep/nested_roleAssignments.bicep index 102a146d4f..c92e122bfa 100644 --- a/modules/Microsoft.NetApp/netAppAccounts/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.NetApp/netAppAccounts/.bicep/nested_roleAssignments.bicep @@ -61,7 +61,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: netAppAccount diff --git a/modules/Microsoft.NetApp/netAppAccounts/capacityPools/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.NetApp/netAppAccounts/capacityPools/.bicep/nested_roleAssignments.bicep index 483ff7f0dc..d98c111e44 100644 --- a/modules/Microsoft.NetApp/netAppAccounts/capacityPools/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.NetApp/netAppAccounts/capacityPools/.bicep/nested_roleAssignments.bicep @@ -61,7 +61,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: capacityPool diff --git a/modules/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/.bicep/nested_roleAssignments.bicep index 8e073df922..b7b0de3688 100644 --- a/modules/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.NetApp/netAppAccounts/capacityPools/volumes/.bicep/nested_roleAssignments.bicep @@ -61,7 +61,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: volume diff --git a/modules/Microsoft.Network/applicationGateways/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/applicationGateways/.bicep/nested_roleAssignments.bicep index ff6672a09e..2a8356a4ca 100644 --- a/modules/Microsoft.Network/applicationGateways/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/applicationGateways/.bicep/nested_roleAssignments.bicep @@ -69,7 +69,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: applicationGateway diff --git a/modules/Microsoft.Network/applicationSecurityGroups/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/applicationSecurityGroups/.bicep/nested_roleAssignments.bicep index be0fc36bd3..d3032f76e7 100644 --- a/modules/Microsoft.Network/applicationSecurityGroups/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/applicationSecurityGroups/.bicep/nested_roleAssignments.bicep @@ -68,7 +68,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: applicationSecurityGroup diff --git a/modules/Microsoft.Network/azureFirewalls/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/azureFirewalls/.bicep/nested_roleAssignments.bicep index a203beebf7..84df6c1d8e 100644 --- a/modules/Microsoft.Network/azureFirewalls/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/azureFirewalls/.bicep/nested_roleAssignments.bicep @@ -68,7 +68,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: azureFirewall diff --git a/modules/Microsoft.Network/bastionHosts/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/bastionHosts/.bicep/nested_roleAssignments.bicep index e7db6b185b..8769fe743b 100644 --- a/modules/Microsoft.Network/bastionHosts/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/bastionHosts/.bicep/nested_roleAssignments.bicep @@ -68,7 +68,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: azureBastion diff --git a/modules/Microsoft.Network/ddosProtectionPlans/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/ddosProtectionPlans/.bicep/nested_roleAssignments.bicep index aff656be52..7fd47decc1 100644 --- a/modules/Microsoft.Network/ddosProtectionPlans/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/ddosProtectionPlans/.bicep/nested_roleAssignments.bicep @@ -63,7 +63,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: ddosProtectionPlan diff --git a/modules/Microsoft.Network/expressRouteCircuits/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/expressRouteCircuits/.bicep/nested_roleAssignments.bicep index 2e4edcf2f9..2348dfcc92 100644 --- a/modules/Microsoft.Network/expressRouteCircuits/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/expressRouteCircuits/.bicep/nested_roleAssignments.bicep @@ -63,7 +63,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: expressRouteCircuits diff --git a/modules/Microsoft.Network/frontDoors/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/frontDoors/.bicep/nested_roleAssignments.bicep index 21a41aed1c..cbbe19c387 100644 --- a/modules/Microsoft.Network/frontDoors/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/frontDoors/.bicep/nested_roleAssignments.bicep @@ -64,7 +64,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: frontDoor diff --git a/modules/Microsoft.Network/ipGroups/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/ipGroups/.bicep/nested_roleAssignments.bicep index 16185b0609..b1db321a8b 100644 --- a/modules/Microsoft.Network/ipGroups/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/ipGroups/.bicep/nested_roleAssignments.bicep @@ -63,7 +63,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: ipGroup diff --git a/modules/Microsoft.Network/loadBalancers/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/loadBalancers/.bicep/nested_roleAssignments.bicep index 9bf6c48a12..875cd22b67 100644 --- a/modules/Microsoft.Network/loadBalancers/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/loadBalancers/.bicep/nested_roleAssignments.bicep @@ -67,7 +67,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: loadBalancer diff --git a/modules/Microsoft.Network/localNetworkGateways/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/localNetworkGateways/.bicep/nested_roleAssignments.bicep index 20131a9936..895a5cff7d 100644 --- a/modules/Microsoft.Network/localNetworkGateways/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/localNetworkGateways/.bicep/nested_roleAssignments.bicep @@ -63,7 +63,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: localNetworkGateway diff --git a/modules/Microsoft.Network/natGateways/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/natGateways/.bicep/nested_roleAssignments.bicep index bb246d25b0..56304b18e7 100644 --- a/modules/Microsoft.Network/natGateways/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/natGateways/.bicep/nested_roleAssignments.bicep @@ -63,7 +63,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: natGateway diff --git a/modules/Microsoft.Network/networkInterfaces/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/networkInterfaces/.bicep/nested_roleAssignments.bicep index 9e8d4ebb17..773119e50e 100644 --- a/modules/Microsoft.Network/networkInterfaces/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/networkInterfaces/.bicep/nested_roleAssignments.bicep @@ -71,7 +71,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: networkInterface diff --git a/modules/Microsoft.Network/networkSecurityGroups/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/networkSecurityGroups/.bicep/nested_roleAssignments.bicep index 3c0eba8076..ffc14057cd 100644 --- a/modules/Microsoft.Network/networkSecurityGroups/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/networkSecurityGroups/.bicep/nested_roleAssignments.bicep @@ -66,7 +66,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: networkSecurityGroup diff --git a/modules/Microsoft.Network/networkWatchers/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/networkWatchers/.bicep/nested_roleAssignments.bicep index f88307da7a..6375bcaee3 100644 --- a/modules/Microsoft.Network/networkWatchers/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/networkWatchers/.bicep/nested_roleAssignments.bicep @@ -63,7 +63,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: networkWatcher diff --git a/modules/Microsoft.Network/privateDnsZones/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/privateDnsZones/.bicep/nested_roleAssignments.bicep index 4486acb11e..1a94a5cbc9 100644 --- a/modules/Microsoft.Network/privateDnsZones/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/privateDnsZones/.bicep/nested_roleAssignments.bicep @@ -64,7 +64,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: privateDnsZone diff --git a/modules/Microsoft.Network/privateDnsZones/A/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/privateDnsZones/A/.bicep/nested_roleAssignments.bicep index e5b8ee6a05..50f4d1bc5f 100644 --- a/modules/Microsoft.Network/privateDnsZones/A/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/privateDnsZones/A/.bicep/nested_roleAssignments.bicep @@ -64,7 +64,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: A diff --git a/modules/Microsoft.Network/privateDnsZones/AAAA/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/privateDnsZones/AAAA/.bicep/nested_roleAssignments.bicep index 5b82b07b65..4ee1ab1ae2 100644 --- a/modules/Microsoft.Network/privateDnsZones/AAAA/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/privateDnsZones/AAAA/.bicep/nested_roleAssignments.bicep @@ -64,7 +64,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: AAAA diff --git a/modules/Microsoft.Network/privateDnsZones/CNAME/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/privateDnsZones/CNAME/.bicep/nested_roleAssignments.bicep index 959956ad8a..a06a5c2636 100644 --- a/modules/Microsoft.Network/privateDnsZones/CNAME/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/privateDnsZones/CNAME/.bicep/nested_roleAssignments.bicep @@ -64,7 +64,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: CNAME diff --git a/modules/Microsoft.Network/privateDnsZones/MX/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/privateDnsZones/MX/.bicep/nested_roleAssignments.bicep index 5e25039889..38aee42b24 100644 --- a/modules/Microsoft.Network/privateDnsZones/MX/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/privateDnsZones/MX/.bicep/nested_roleAssignments.bicep @@ -64,7 +64,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: MX diff --git a/modules/Microsoft.Network/privateDnsZones/PTR/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/privateDnsZones/PTR/.bicep/nested_roleAssignments.bicep index 57b53d6566..32c5b4bef0 100644 --- a/modules/Microsoft.Network/privateDnsZones/PTR/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/privateDnsZones/PTR/.bicep/nested_roleAssignments.bicep @@ -64,7 +64,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: PTR diff --git a/modules/Microsoft.Network/privateDnsZones/SOA/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/privateDnsZones/SOA/.bicep/nested_roleAssignments.bicep index 3f12595492..1152c56553 100644 --- a/modules/Microsoft.Network/privateDnsZones/SOA/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/privateDnsZones/SOA/.bicep/nested_roleAssignments.bicep @@ -64,7 +64,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: SOA diff --git a/modules/Microsoft.Network/privateDnsZones/SRV/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/privateDnsZones/SRV/.bicep/nested_roleAssignments.bicep index c37b1b44a1..e3e496c81f 100644 --- a/modules/Microsoft.Network/privateDnsZones/SRV/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/privateDnsZones/SRV/.bicep/nested_roleAssignments.bicep @@ -64,7 +64,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: SRV diff --git a/modules/Microsoft.Network/privateDnsZones/TXT/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/privateDnsZones/TXT/.bicep/nested_roleAssignments.bicep index beb45ca0a1..6f823b468a 100644 --- a/modules/Microsoft.Network/privateDnsZones/TXT/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/privateDnsZones/TXT/.bicep/nested_roleAssignments.bicep @@ -64,7 +64,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: TXT diff --git a/modules/Microsoft.Network/privateEndpoints/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/privateEndpoints/.bicep/nested_roleAssignments.bicep index 5dca736add..0c710028f7 100644 --- a/modules/Microsoft.Network/privateEndpoints/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/privateEndpoints/.bicep/nested_roleAssignments.bicep @@ -63,7 +63,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: privateEndpoint diff --git a/modules/Microsoft.Network/publicIPAddresses/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/publicIPAddresses/.bicep/nested_roleAssignments.bicep index 2f93950631..1a78bebb5f 100644 --- a/modules/Microsoft.Network/publicIPAddresses/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/publicIPAddresses/.bicep/nested_roleAssignments.bicep @@ -67,7 +67,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: publicIpAddress diff --git a/modules/Microsoft.Network/publicIPPrefixes/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/publicIPPrefixes/.bicep/nested_roleAssignments.bicep index 34fc52f5ce..8f688f7d11 100644 --- a/modules/Microsoft.Network/publicIPPrefixes/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/publicIPPrefixes/.bicep/nested_roleAssignments.bicep @@ -63,7 +63,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: publicIpPrefix diff --git a/modules/Microsoft.Network/routeTables/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/routeTables/.bicep/nested_roleAssignments.bicep index 892d60f659..aa889b473d 100644 --- a/modules/Microsoft.Network/routeTables/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/routeTables/.bicep/nested_roleAssignments.bicep @@ -64,7 +64,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: routeTable diff --git a/modules/Microsoft.Network/trafficmanagerprofiles/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/trafficmanagerprofiles/.bicep/nested_roleAssignments.bicep index 0132367d3a..edfb5b19f5 100644 --- a/modules/Microsoft.Network/trafficmanagerprofiles/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/trafficmanagerprofiles/.bicep/nested_roleAssignments.bicep @@ -64,7 +64,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: trafficmanagerprofile diff --git a/modules/Microsoft.Network/virtualNetworkGateways/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/virtualNetworkGateways/.bicep/nested_roleAssignments.bicep index 399fa2318a..972012d855 100644 --- a/modules/Microsoft.Network/virtualNetworkGateways/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/virtualNetworkGateways/.bicep/nested_roleAssignments.bicep @@ -63,7 +63,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: virtualNetworkGateway diff --git a/modules/Microsoft.Network/virtualNetworks/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/virtualNetworks/.bicep/nested_roleAssignments.bicep index 4024ecae5d..b0b9188b4c 100644 --- a/modules/Microsoft.Network/virtualNetworks/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/virtualNetworks/.bicep/nested_roleAssignments.bicep @@ -78,7 +78,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: virtualNetwork diff --git a/modules/Microsoft.Network/virtualNetworks/subnets/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/virtualNetworks/subnets/.bicep/nested_roleAssignments.bicep index a249baf951..c70a83de31 100644 --- a/modules/Microsoft.Network/virtualNetworks/subnets/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/virtualNetworks/subnets/.bicep/nested_roleAssignments.bicep @@ -78,7 +78,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: subnet diff --git a/modules/Microsoft.Network/virtualWans/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Network/virtualWans/.bicep/nested_roleAssignments.bicep index 161ef56a4b..49253ba6fd 100644 --- a/modules/Microsoft.Network/virtualWans/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Network/virtualWans/.bicep/nested_roleAssignments.bicep @@ -63,7 +63,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: virtualWan diff --git a/modules/Microsoft.OperationalInsights/workspaces/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.OperationalInsights/workspaces/.bicep/nested_roleAssignments.bicep index fbd9866d84..5906dac0ca 100644 --- a/modules/Microsoft.OperationalInsights/workspaces/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.OperationalInsights/workspaces/.bicep/nested_roleAssignments.bicep @@ -68,7 +68,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: logAnalyticsWorkspace diff --git a/modules/Microsoft.RecoveryServices/vaults/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.RecoveryServices/vaults/.bicep/nested_roleAssignments.bicep index 3a50ca92f5..afff6bddb3 100644 --- a/modules/Microsoft.RecoveryServices/vaults/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.RecoveryServices/vaults/.bicep/nested_roleAssignments.bicep @@ -68,7 +68,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: rsv diff --git a/modules/Microsoft.Resources/resourceGroups/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Resources/resourceGroups/.bicep/nested_roleAssignments.bicep index d598bcbc46..f6649ed020 100644 --- a/modules/Microsoft.Resources/resourceGroups/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Resources/resourceGroups/.bicep/nested_roleAssignments.bicep @@ -217,7 +217,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } }] diff --git a/modules/Microsoft.ServiceBus/namespaces/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.ServiceBus/namespaces/.bicep/nested_roleAssignments.bicep index 429e738b17..8e95107c34 100644 --- a/modules/Microsoft.ServiceBus/namespaces/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.ServiceBus/namespaces/.bicep/nested_roleAssignments.bicep @@ -64,7 +64,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: namespace diff --git a/modules/Microsoft.ServiceBus/namespaces/queues/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.ServiceBus/namespaces/queues/.bicep/nested_roleAssignments.bicep index fc08847f97..d1eaf5eb68 100644 --- a/modules/Microsoft.ServiceBus/namespaces/queues/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.ServiceBus/namespaces/queues/.bicep/nested_roleAssignments.bicep @@ -64,7 +64,7 @@ resource roleAssigment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [f principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: queue diff --git a/modules/Microsoft.ServiceBus/namespaces/topics/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.ServiceBus/namespaces/topics/.bicep/nested_roleAssignments.bicep index 9d999d14af..2fdcf6fdc7 100644 --- a/modules/Microsoft.ServiceBus/namespaces/topics/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.ServiceBus/namespaces/topics/.bicep/nested_roleAssignments.bicep @@ -64,7 +64,7 @@ resource roleAssigment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [f principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: topic diff --git a/modules/Microsoft.ServiceFabric/clusters/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.ServiceFabric/clusters/.bicep/nested_roleAssignments.bicep index df8b34c820..2af9f0665e 100644 --- a/modules/Microsoft.ServiceFabric/clusters/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.ServiceFabric/clusters/.bicep/nested_roleAssignments.bicep @@ -61,7 +61,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: serviceFabricCluster diff --git a/modules/Microsoft.SignalRService/webPubSub/.bicep/nested_rbac.bicep b/modules/Microsoft.SignalRService/webPubSub/.bicep/nested_rbac.bicep index 2b6c22435a..b15faf6bd7 100644 --- a/modules/Microsoft.SignalRService/webPubSub/.bicep/nested_rbac.bicep +++ b/modules/Microsoft.SignalRService/webPubSub/.bicep/nested_rbac.bicep @@ -65,7 +65,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: webPubSub diff --git a/modules/Microsoft.Sql/managedInstances/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Sql/managedInstances/.bicep/nested_roleAssignments.bicep index fcfee43c43..2ec22ee3f4 100644 --- a/modules/Microsoft.Sql/managedInstances/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Sql/managedInstances/.bicep/nested_roleAssignments.bicep @@ -64,7 +64,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: managedInstance diff --git a/modules/Microsoft.Sql/servers/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Sql/servers/.bicep/nested_roleAssignments.bicep index d483a2c7d7..d8276458a4 100644 --- a/modules/Microsoft.Sql/servers/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Sql/servers/.bicep/nested_roleAssignments.bicep @@ -65,7 +65,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: server diff --git a/modules/Microsoft.Storage/storageAccounts/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Storage/storageAccounts/.bicep/nested_roleAssignments.bicep index 213f14a112..c1a40edb20 100644 --- a/modules/Microsoft.Storage/storageAccounts/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Storage/storageAccounts/.bicep/nested_roleAssignments.bicep @@ -88,7 +88,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: storageAccount diff --git a/modules/Microsoft.Storage/storageAccounts/blobServices/containers/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Storage/storageAccounts/blobServices/containers/.bicep/nested_roleAssignments.bicep index 57c4d02260..6277b39c07 100644 --- a/modules/Microsoft.Storage/storageAccounts/blobServices/containers/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Storage/storageAccounts/blobServices/containers/.bicep/nested_roleAssignments.bicep @@ -79,7 +79,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: container diff --git a/modules/Microsoft.Storage/storageAccounts/fileServices/shares/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Storage/storageAccounts/fileServices/shares/.bicep/nested_roleAssignments.bicep index 19266e6a3f..6dfc280477 100644 --- a/modules/Microsoft.Storage/storageAccounts/fileServices/shares/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Storage/storageAccounts/fileServices/shares/.bicep/nested_roleAssignments.bicep @@ -88,7 +88,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: fileShare diff --git a/modules/Microsoft.Storage/storageAccounts/queueServices/queues/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Storage/storageAccounts/queueServices/queues/.bicep/nested_roleAssignments.bicep index 56d8cd7daa..a70afd19cb 100644 --- a/modules/Microsoft.Storage/storageAccounts/queueServices/queues/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Storage/storageAccounts/queueServices/queues/.bicep/nested_roleAssignments.bicep @@ -85,7 +85,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: queue diff --git a/modules/Microsoft.Synapse/privateLinkHubs/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Synapse/privateLinkHubs/.bicep/nested_roleAssignments.bicep index 201af4745d..d8144f3bc7 100644 --- a/modules/Microsoft.Synapse/privateLinkHubs/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Synapse/privateLinkHubs/.bicep/nested_roleAssignments.bicep @@ -61,7 +61,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: privateLinkHub diff --git a/modules/Microsoft.VirtualMachineImages/imageTemplates/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.VirtualMachineImages/imageTemplates/.bicep/nested_roleAssignments.bicep index 1ee3c21599..17d5424769 100644 --- a/modules/Microsoft.VirtualMachineImages/imageTemplates/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.VirtualMachineImages/imageTemplates/.bicep/nested_roleAssignments.bicep @@ -61,7 +61,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: imageTemplate diff --git a/modules/Microsoft.Web/connections/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Web/connections/.bicep/nested_roleAssignments.bicep index 5b514694db..0c67e56c45 100644 --- a/modules/Microsoft.Web/connections/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Web/connections/.bicep/nested_roleAssignments.bicep @@ -63,7 +63,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: connection diff --git a/modules/Microsoft.Web/hostingEnvironments/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Web/hostingEnvironments/.bicep/nested_roleAssignments.bicep index 6ea168c639..d645ca5958 100644 --- a/modules/Microsoft.Web/hostingEnvironments/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Web/hostingEnvironments/.bicep/nested_roleAssignments.bicep @@ -62,7 +62,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: appServiceEnvironment diff --git a/modules/Microsoft.Web/serverfarms/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Web/serverfarms/.bicep/nested_roleAssignments.bicep index c42ae55be7..6fd1e427e0 100644 --- a/modules/Microsoft.Web/serverfarms/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Web/serverfarms/.bicep/nested_roleAssignments.bicep @@ -65,7 +65,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: appServicePlan diff --git a/modules/Microsoft.Web/sites/.bicep/nested_roleAssignments.bicep b/modules/Microsoft.Web/sites/.bicep/nested_roleAssignments.bicep index cd36bc13e4..260bbb2a25 100644 --- a/modules/Microsoft.Web/sites/.bicep/nested_roleAssignments.bicep +++ b/modules/Microsoft.Web/sites/.bicep/nested_roleAssignments.bicep @@ -63,7 +63,7 @@ resource roleAssignment 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ principalId: principalId principalType: !empty(principalType) ? any(principalType) : null condition: !empty(condition) ? condition : null - conditionVersion: !empty(conditionVersion) ? conditionVersion : null + conditionVersion: !empty(conditionVersion) && !empty(condition) ? conditionVersion : null delegatedManagedIdentityResourceId: !empty(delegatedManagedIdentityResourceId) ? delegatedManagedIdentityResourceId : null } scope: app