diff --git a/.ps-rule/min-suppress.Rule.yaml b/.ps-rule/min-suppress.Rule.yaml
index 80611ec02c..6ddd8dc341 100644
--- a/.ps-rule/min-suppress.Rule.yaml
+++ b/.ps-rule/min-suppress.Rule.yaml
@@ -8,6 +8,7 @@ spec:
rule:
- Azure.Resource.UseTags
- Azure.KeyVault.Logs
+ - Azure.KeyVault.Firewall
- Azure.Policy.ExemptionDescriptors
- Azure.Policy.Descriptors
- Azure.Policy.AssignmentDescriptors
diff --git a/modules/key-vault/vault/.test/accesspolicies/dependencies.bicep b/modules/key-vault/vault/.test/accesspolicies/dependencies.bicep
new file mode 100644
index 0000000000..152b6bd1bb
--- /dev/null
+++ b/modules/key-vault/vault/.test/accesspolicies/dependencies.bicep
@@ -0,0 +1,46 @@
+@description('Optional. The location to deploy to.')
+param location string = resourceGroup().location
+
+@description('Required. The name of the Virtual Network to create.')
+param virtualNetworkName string
+
+@description('Required. The name of the Managed Identity to create.')
+param managedIdentityName string
+
+var addressPrefix = '10.0.0.0/16'
+
+resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = {
+ name: virtualNetworkName
+ location: location
+ properties: {
+ addressSpace: {
+ addressPrefixes: [
+ addressPrefix
+ ]
+ }
+ subnets: [
+ {
+ name: 'defaultSubnet'
+ properties: {
+ addressPrefix: cidrSubnet(addressPrefix, 16, 0)
+ serviceEndpoints: [
+ {
+ service: 'Microsoft.KeyVault'
+ }
+ ]
+ }
+ }
+ ]
+ }
+}
+
+resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
+ name: managedIdentityName
+ location: location
+}
+
+@description('The resource ID of the created Virtual Network Subnet.')
+output subnetResourceId string = virtualNetwork.properties.subnets[0].id
+
+@description('The principal ID of the created Managed Identity.')
+output managedIdentityPrincipalId string = managedIdentity.properties.principalId
diff --git a/modules/key-vault/vault/.test/accesspolicies/main.test.bicep b/modules/key-vault/vault/.test/accesspolicies/main.test.bicep
new file mode 100644
index 0000000000..f51833d1cb
--- /dev/null
+++ b/modules/key-vault/vault/.test/accesspolicies/main.test.bicep
@@ -0,0 +1,124 @@
+targetScope = 'subscription'
+
+// ========== //
+// Parameters //
+// ========== //
+
+@description('Optional. The name of the resource group to deploy for testing purposes.')
+@maxLength(90)
+param resourceGroupName string = 'ms.keyvault.vaults-${serviceShort}-rg'
+
+@description('Optional. The location to deploy resources to.')
+param location string = deployment().location
+
+@description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.')
+param serviceShort string = 'kvvap'
+
+@description('Optional. Enable telemetry via a Globally Unique Identifier (GUID).')
+param enableDefaultTelemetry bool = true
+
+@description('Optional. A token to inject into the name of each resource.')
+param namePrefix string = '[[namePrefix]]'
+
+// ============ //
+// Dependencies //
+// ============ //
+
+// General resources
+// =================
+resource resourceGroup 'Microsoft.Resources/resourceGroups@2021-04-01' = {
+ name: resourceGroupName
+ location: location
+}
+
+module nestedDependencies 'dependencies.bicep' = {
+ scope: resourceGroup
+ name: '${uniqueString(deployment().name, location)}-nestedDependencies'
+ params: {
+ managedIdentityName: 'dep-${namePrefix}-msi-${serviceShort}'
+ virtualNetworkName: 'dep-${namePrefix}-vnet-${serviceShort}'
+ }
+}
+
+// Diagnostics
+// ===========
+module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = {
+ scope: resourceGroup
+ name: '${uniqueString(deployment().name, location)}-diagnosticDependencies'
+ params: {
+ storageAccountName: 'dep${namePrefix}diasa${serviceShort}03'
+ logAnalyticsWorkspaceName: 'dep-${namePrefix}-law-${serviceShort}'
+ eventHubNamespaceEventHubName: 'dep-${namePrefix}-evh-${serviceShort}01'
+ eventHubNamespaceName: 'dep-${namePrefix}-evhns-${serviceShort}01'
+ location: location
+ }
+}
+
+// ============== //
+// Test Execution //
+// ============== //
+
+module testDeployment '../../main.bicep' = {
+ scope: resourceGroup
+ name: '${uniqueString(deployment().name, location)}-test-${serviceShort}'
+ params: {
+ enableDefaultTelemetry: enableDefaultTelemetry
+ name: '${namePrefix}${serviceShort}002'
+ diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId
+ diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId
+ diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId
+ diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName
+ enablePurgeProtection: false
+ accessPolicies: [
+ {
+ objectId: nestedDependencies.outputs.managedIdentityPrincipalId
+ permissions: {
+ keys: [
+ 'get'
+ 'list'
+ 'update'
+ ]
+ secrets: [
+ 'get'
+ 'list'
+ ]
+ }
+ tenantId: tenant().tenantId
+ }
+ {
+ objectId: nestedDependencies.outputs.managedIdentityPrincipalId
+ permissions: {
+ certificates: [
+ 'backup'
+ 'create'
+ 'delete'
+ ]
+ secrets: [
+ 'get'
+ 'list'
+ ]
+ }
+ }
+ ]
+ networkAcls: {
+ bypass: 'AzureServices'
+ defaultAction: 'Deny'
+ ipRules: [
+ {
+ value: '40.74.28.0/23'
+ }
+ ]
+ virtualNetworkRules: [
+ {
+ id: nestedDependencies.outputs.subnetResourceId
+ ignoreMissingVnetServiceEndpoint: false
+ }
+ ]
+ }
+ tags: {
+ 'hidden-title': 'This is visible in the resource name'
+ Environment: 'Non-Prod'
+ Role: 'DeploymentValidation'
+ }
+ }
+}
diff --git a/modules/key-vault/vault/.test/common/main.test.bicep b/modules/key-vault/vault/.test/common/main.test.bicep
index 780dfdd843..42499a4e72 100644
--- a/modules/key-vault/vault/.test/common/main.test.bicep
+++ b/modules/key-vault/vault/.test/common/main.test.bicep
@@ -64,42 +64,14 @@ module testDeployment '../../main.bicep' = {
params: {
enableDefaultTelemetry: enableDefaultTelemetry
name: '${namePrefix}${serviceShort}002'
- accessPolicies: [
- {
- objectId: nestedDependencies.outputs.managedIdentityPrincipalId
- permissions: {
- keys: [
- 'get'
- 'list'
- 'update'
- ]
- secrets: [
- 'all'
- ]
- }
- tenantId: tenant().tenantId
- }
- {
- objectId: nestedDependencies.outputs.managedIdentityPrincipalId
- permissions: {
- certificates: [
- 'backup'
- 'create'
- 'delete'
- ]
- secrets: [
- 'all'
- ]
- }
- }
- ]
+
diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId
diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId
diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId
diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName
// Only for testing purposes
enablePurgeProtection: false
- enableRbacAuthorization: false
+ enableRbacAuthorization: true
keys: [
{
attributesExp: 1725109032
diff --git a/modules/key-vault/vault/.test/pe/dependencies.bicep b/modules/key-vault/vault/.test/pe/dependencies.bicep
index 4e44ac0dc4..b9eb57d972 100644
--- a/modules/key-vault/vault/.test/pe/dependencies.bicep
+++ b/modules/key-vault/vault/.test/pe/dependencies.bicep
@@ -20,6 +20,11 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = {
name: 'defaultSubnet'
properties: {
addressPrefix: cidrSubnet(addressPrefix, 16, 0)
+ serviceEndpoints: [
+ {
+ service: 'Microsoft.KeyVault'
+ }
+ ]
}
}
]
diff --git a/modules/key-vault/vault/.test/pe/main.test.bicep b/modules/key-vault/vault/.test/pe/main.test.bicep
index 2583895c37..6230f07e42 100644
--- a/modules/key-vault/vault/.test/pe/main.test.bicep
+++ b/modules/key-vault/vault/.test/pe/main.test.bicep
@@ -39,6 +39,20 @@ module nestedDependencies 'dependencies.bicep' = {
}
}
+// Diagnostics
+// ===========
+module diagnosticDependencies '../../../../.shared/.templates/diagnostic.dependencies.bicep' = {
+ scope: resourceGroup
+ name: '${uniqueString(deployment().name, location)}-diagnosticDependencies'
+ params: {
+ storageAccountName: 'dep${namePrefix}diasa${serviceShort}03'
+ logAnalyticsWorkspaceName: 'dep-${namePrefix}-law-${serviceShort}'
+ eventHubNamespaceEventHubName: 'dep-${namePrefix}-evh-${serviceShort}01'
+ eventHubNamespaceName: 'dep-${namePrefix}-evhns-${serviceShort}01'
+ location: location
+ }
+}
+
// ============== //
// Test Execution //
// ============== //
@@ -49,14 +63,35 @@ module testDeployment '../../main.bicep' = {
params: {
enableDefaultTelemetry: enableDefaultTelemetry
name: '${namePrefix}${serviceShort}001'
+ diagnosticStorageAccountId: diagnosticDependencies.outputs.storageAccountResourceId
+ diagnosticWorkspaceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId
+ diagnosticEventHubAuthorizationRuleId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId
+ diagnosticEventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName
// Only for testing purposes
enablePurgeProtection: false
+ enableRbacAuthorization: true
+ networkAcls: {
+ bypass: 'AzureServices'
+ defaultAction: 'Deny'
+ ipRules: [
+ {
+ value: '40.74.28.0/23'
+ }
+ ]
+ virtualNetworkRules: [
+ {
+ id: nestedDependencies.outputs.subnetResourceId
+ ignoreMissingVnetServiceEndpoint: false
+ }
+ ]
+ }
privateEndpoints: [
{
privateDnsZoneGroup: {
privateDNSResourceIds: [
nestedDependencies.outputs.privateDNSResourceId
]
+ privateEndpointName: 'dep-${namePrefix}-pe-${serviceShort}'
}
service: 'vault'
subnetResourceId: nestedDependencies.outputs.subnetResourceId
diff --git a/modules/key-vault/vault/README.md b/modules/key-vault/vault/README.md
index dd7ed9eca4..4ef8894b70 100644
--- a/modules/key-vault/vault/README.md
+++ b/modules/key-vault/vault/README.md
@@ -47,7 +47,7 @@ This module deploys a Key Vault.
| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. |
| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). |
| `enablePurgeProtection` | bool | `True` | | Provide 'true' to enable Key Vault's purge protection feature. |
-| `enableRbacAuthorization` | bool | `False` | | Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored (warning: this is a preview feature). When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC. |
+| `enableRbacAuthorization` | bool | `True` | | Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. Note that management actions are always authorized with RBAC. |
| `enableSoftDelete` | bool | `True` | | Switch to enable/disable Key Vault's soft delete feature. |
| `enableVaultForDeployment` | bool | `True` | | Specifies if the vault is enabled for deployment by script or compute. |
| `enableVaultForDiskEncryption` | bool | `True` | | Specifies if the azure platform has access to the vault for enabling disk encryption scenarios. |
@@ -402,7 +402,7 @@ The following module usage examples are retrieved from the content of the files
>**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.
-
Example 1: Common
+Example 1: Accesspolicies
@@ -410,9 +410,11 @@ The following module usage examples are retrieved from the content of the files
```bicep
module vault './key-vault/vault/main.bicep' = {
- name: '${uniqueString(deployment().name, location)}-test-kvvcom'
+ name: '${uniqueString(deployment().name, location)}-test-kvvap'
params: {
- name: 'kvvcom002'
+ // Required parameters
+ name: 'kvvap002'
+ // Non-required parameters
accessPolicies: [
{
objectId: ''
@@ -423,7 +425,8 @@ module vault './key-vault/vault/main.bicep' = {
'update'
]
secrets: [
- 'all'
+ 'get'
+ 'list'
]
}
tenantId: ''
@@ -437,7 +440,8 @@ module vault './key-vault/vault/main.bicep' = {
'delete'
]
secrets: [
- 'all'
+ 'get'
+ 'list'
]
}
}
@@ -448,7 +452,147 @@ module vault './key-vault/vault/main.bicep' = {
diagnosticWorkspaceId: ''
enableDefaultTelemetry: ''
enablePurgeProtection: false
- enableRbacAuthorization: false
+ networkAcls: {
+ bypass: 'AzureServices'
+ defaultAction: 'Deny'
+ ipRules: [
+ {
+ value: '40.74.28.0/23'
+ }
+ ]
+ virtualNetworkRules: [
+ {
+ id: ''
+ ignoreMissingVnetServiceEndpoint: false
+ }
+ ]
+ }
+ tags: {
+ Environment: 'Non-Prod'
+ 'hidden-title': 'This is visible in the resource name'
+ Role: 'DeploymentValidation'
+ }
+ }
+}
+```
+
+
+
+
+
+
+via JSON Parameter file
+
+```json
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ // Required parameters
+ "name": {
+ "value": "kvvap002"
+ },
+ // Non-required parameters
+ "accessPolicies": {
+ "value": [
+ {
+ "objectId": "",
+ "permissions": {
+ "keys": [
+ "get",
+ "list",
+ "update"
+ ],
+ "secrets": [
+ "get",
+ "list"
+ ]
+ },
+ "tenantId": ""
+ },
+ {
+ "objectId": "",
+ "permissions": {
+ "certificates": [
+ "backup",
+ "create",
+ "delete"
+ ],
+ "secrets": [
+ "get",
+ "list"
+ ]
+ }
+ }
+ ]
+ },
+ "diagnosticEventHubAuthorizationRuleId": {
+ "value": ""
+ },
+ "diagnosticEventHubName": {
+ "value": ""
+ },
+ "diagnosticStorageAccountId": {
+ "value": ""
+ },
+ "diagnosticWorkspaceId": {
+ "value": ""
+ },
+ "enableDefaultTelemetry": {
+ "value": ""
+ },
+ "enablePurgeProtection": {
+ "value": false
+ },
+ "networkAcls": {
+ "value": {
+ "bypass": "AzureServices",
+ "defaultAction": "Deny",
+ "ipRules": [
+ {
+ "value": "40.74.28.0/23"
+ }
+ ],
+ "virtualNetworkRules": [
+ {
+ "id": "",
+ "ignoreMissingVnetServiceEndpoint": false
+ }
+ ]
+ }
+ },
+ "tags": {
+ "value": {
+ "Environment": "Non-Prod",
+ "hidden-title": "This is visible in the resource name",
+ "Role": "DeploymentValidation"
+ }
+ }
+ }
+}
+```
+
+
+
+
+
Example 2: Common
+
+
+
+via Bicep module
+
+```bicep
+module vault './key-vault/vault/main.bicep' = {
+ name: '${uniqueString(deployment().name, location)}-test-kvvcom'
+ params: {
+ name: 'kvvcom002'
+ diagnosticEventHubAuthorizationRuleId: ''
+ diagnosticEventHubName: ''
+ diagnosticStorageAccountId: ''
+ diagnosticWorkspaceId: ''
+ enableDefaultTelemetry: ''
+ enablePurgeProtection: false
+ enableRbacAuthorization: true
keys: [
{
attributesExp: 1725109032
@@ -574,37 +718,6 @@ module vault './key-vault/vault/main.bicep' = {
"name": {
"value": "kvvcom002"
},
- "accessPolicies": {
- "value": [
- {
- "objectId": "",
- "permissions": {
- "keys": [
- "get",
- "list",
- "update"
- ],
- "secrets": [
- "all"
- ]
- },
- "tenantId": ""
- },
- {
- "objectId": "",
- "permissions": {
- "certificates": [
- "backup",
- "create",
- "delete"
- ],
- "secrets": [
- "all"
- ]
- }
- }
- ]
- },
"diagnosticEventHubAuthorizationRuleId": {
"value": ""
},
@@ -624,7 +737,7 @@ module vault './key-vault/vault/main.bicep' = {
"value": false
},
"enableRbacAuthorization": {
- "value": false
+ "value": true
},
"keys": {
"value": [
@@ -755,7 +868,7 @@ module vault './key-vault/vault/main.bicep' = {
-
Example 2: Min
+Example 3: Min
@@ -804,7 +917,7 @@ module vault './key-vault/vault/main.bicep' = {
-
Example 3: Pe
+Example 4: Pe
@@ -817,14 +930,35 @@ module vault './key-vault/vault/main.bicep' = {
// Required parameters
name: 'kvvpe001'
// Non-required parameters
+ diagnosticEventHubAuthorizationRuleId: ''
+ diagnosticEventHubName: ''
+ diagnosticStorageAccountId: ''
+ diagnosticWorkspaceId: ''
enableDefaultTelemetry: ''
enablePurgeProtection: false
+ enableRbacAuthorization: true
+ networkAcls: {
+ bypass: 'AzureServices'
+ defaultAction: 'Deny'
+ ipRules: [
+ {
+ value: '40.74.28.0/23'
+ }
+ ]
+ virtualNetworkRules: [
+ {
+ id: ''
+ ignoreMissingVnetServiceEndpoint: false
+ }
+ ]
+ }
privateEndpoints: [
{
privateDnsZoneGroup: {
privateDNSResourceIds: [
''
]
+ privateEndpointName: 'dep-pe-kvvpe'
}
service: 'vault'
subnetResourceId: ''
@@ -861,19 +995,52 @@ module vault './key-vault/vault/main.bicep' = {
"value": "kvvpe001"
},
// Non-required parameters
+ "diagnosticEventHubAuthorizationRuleId": {
+ "value": ""
+ },
+ "diagnosticEventHubName": {
+ "value": ""
+ },
+ "diagnosticStorageAccountId": {
+ "value": ""
+ },
+ "diagnosticWorkspaceId": {
+ "value": ""
+ },
"enableDefaultTelemetry": {
"value": ""
},
"enablePurgeProtection": {
"value": false
},
+ "enableRbacAuthorization": {
+ "value": true
+ },
+ "networkAcls": {
+ "value": {
+ "bypass": "AzureServices",
+ "defaultAction": "Deny",
+ "ipRules": [
+ {
+ "value": "40.74.28.0/23"
+ }
+ ],
+ "virtualNetworkRules": [
+ {
+ "id": "",
+ "ignoreMissingVnetServiceEndpoint": false
+ }
+ ]
+ }
+ },
"privateEndpoints": {
"value": [
{
"privateDnsZoneGroup": {
"privateDNSResourceIds": [
""
- ]
+ ],
+ "privateEndpointName": "dep-pe-kvvpe"
},
"service": "vault",
"subnetResourceId": "",
diff --git a/modules/key-vault/vault/main.bicep b/modules/key-vault/vault/main.bicep
index 20eb584fd3..08892f54ee 100644
--- a/modules/key-vault/vault/main.bicep
+++ b/modules/key-vault/vault/main.bicep
@@ -37,8 +37,8 @@ param enableSoftDelete bool = true
@description('Optional. softDelete data retention days. It accepts >=7 and <=90.')
param softDeleteRetentionInDays int = 90
-@description('Optional. Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored (warning: this is a preview feature). When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC.')
-param enableRbacAuthorization bool = false
+@description('Optional. Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. Note that management actions are always authorized with RBAC.')
+param enableRbacAuthorization bool = true
@description('Optional. The vault\'s create mode to indicate whether the vault need to be recovered or not. - recover or default.')
param createMode string = 'default'
diff --git a/modules/key-vault/vault/main.json b/modules/key-vault/vault/main.json
index 561b11ccfe..e2d5cace78 100644
--- a/modules/key-vault/vault/main.json
+++ b/modules/key-vault/vault/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "2793046889488207368"
+ "version": "0.21.1.54444",
+ "templateHash": "7677613016975773230"
},
"name": "Key Vaults",
"description": "This module deploys a Key Vault.",
@@ -84,9 +84,9 @@
},
"enableRbacAuthorization": {
"type": "bool",
- "defaultValue": false,
+ "defaultValue": true,
"metadata": {
- "description": "Optional. Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored (warning: this is a preview feature). When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. If null or not specified, the vault is created with the default value of false. Note that management actions are always authorized with RBAC."
+ "description": "Optional. Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. Note that management actions are always authorized with RBAC."
}
},
"createMode": {
@@ -369,8 +369,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "7542638391604115549"
+ "version": "0.21.1.54444",
+ "templateHash": "10458348557666655329"
},
"name": "Key Vault Access Policies",
"description": "This module deploys a Key Vault Access Policy.",
@@ -504,8 +504,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "3581368535918618501"
+ "version": "0.21.1.54444",
+ "templateHash": "4314059595515029873"
},
"name": "Key Vault Secrets",
"description": "This module deploys a Key Vault Secret.",
@@ -644,8 +644,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "4251680927905962776"
+ "version": "0.21.1.54444",
+ "templateHash": "15814620610091788537"
}
},
"parameters": {
@@ -839,8 +839,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "7510105499462799965"
+ "version": "0.21.1.54444",
+ "templateHash": "13427300513937033652"
},
"name": "Key Vault Keys",
"description": "This module deploys a Key Vault Key.",
@@ -1025,8 +1025,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "3968881335142586299"
+ "version": "0.21.1.54444",
+ "templateHash": "8510219443070850278"
}
},
"parameters": {
@@ -1226,8 +1226,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "13560297539192628062"
+ "version": "0.21.1.54444",
+ "templateHash": "17036874096652764314"
},
"name": "Private Endpoints",
"description": "This module deploys a Private Endpoint.",
@@ -1426,8 +1426,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "17831763001460207830"
+ "version": "0.21.1.54444",
+ "templateHash": "2469208411936339153"
},
"name": "Private Endpoint Private DNS Zone Groups",
"description": "This module deploys a Private Endpoint Private DNS Zone Group.",
@@ -1564,8 +1564,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "11548486149222715894"
+ "version": "0.21.1.54444",
+ "templateHash": "13032708393704093995"
}
},
"parameters": {
@@ -1778,8 +1778,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "18089760146236492183"
+ "version": "0.21.1.54444",
+ "templateHash": "12411629325302614699"
}
},
"parameters": {
@@ -1941,4 +1941,4 @@
"value": "[reference(resourceId('Microsoft.KeyVault/vaults', parameters('name')), '2022-07-01', 'full').location]"
}
}
-}
\ No newline at end of file
+}
diff --git a/modules/network/private-endpoint/main.bicep b/modules/network/private-endpoint/main.bicep
index c43e6c55ef..c47ebca698 100644
--- a/modules/network/private-endpoint/main.bicep
+++ b/modules/network/private-endpoint/main.bicep
@@ -93,7 +93,7 @@ resource privateEndpoint 'Microsoft.Network/privateEndpoints@2023-04-01' = {
}
module privateEndpoint_privateDnsZoneGroup 'private-dns-zone-group/main.bicep' = if (!empty(privateDnsZoneGroup)) {
- name: '${uniqueString(deployment().name, location)}-PrivateEndpoint-PrivateDnsZoneGroup'
+ name: '${uniqueString(deployment().name)}-PE-PrivateDnsZoneGroup'
params: {
privateDNSResourceIds: privateDnsZoneGroup.privateDNSResourceIds
privateEndpointName: privateEndpoint.name
diff --git a/modules/network/private-endpoint/main.json b/modules/network/private-endpoint/main.json
index ab7eacf336..ec5e636ac3 100644
--- a/modules/network/private-endpoint/main.json
+++ b/modules/network/private-endpoint/main.json
@@ -4,8 +4,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "13560297539192628062"
+ "version": "0.21.1.54444",
+ "templateHash": "14580007913383558904"
},
"name": "Private Endpoints",
"description": "This module deploys a Private Endpoint.",
@@ -181,7 +181,7 @@
"condition": "[not(empty(parameters('privateDnsZoneGroup')))]",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2022-09-01",
- "name": "[format('{0}-PrivateEndpoint-PrivateDnsZoneGroup', uniqueString(deployment().name, parameters('location')))]",
+ "name": "[format('{0}-PE-PrivateDnsZoneGroup', uniqueString(deployment().name))]",
"properties": {
"expressionEvaluationOptions": {
"scope": "inner"
@@ -204,8 +204,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "17831763001460207830"
+ "version": "0.21.1.54444",
+ "templateHash": "2469208411936339153"
},
"name": "Private Endpoint Private DNS Zone Groups",
"description": "This module deploys a Private Endpoint Private DNS Zone Group.",
@@ -342,8 +342,8 @@
"metadata": {
"_generator": {
"name": "bicep",
- "version": "0.20.4.51522",
- "templateHash": "11548486149222715894"
+ "version": "0.21.1.54444",
+ "templateHash": "13032708393704093995"
}
},
"parameters": {