From e82c378c5bc0df2dc05ab6b16caf4d3e5055c908 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sat, 14 Oct 2023 22:16:01 +0200 Subject: [PATCH 1/5] Regenerated first 60 files --- .../.test/common/main.test.bicep | 3 + modules/aad/domain-service/README.md | 353 ++++++++++--- modules/aad/domain-service/main.json | 8 +- .../server/.test/common/main.test.bicep | 3 + .../server/.test/min/main.test.bicep | 3 + modules/analysis-services/server/README.md | 225 +++++++-- modules/analysis-services/server/main.json | 8 +- .../service/.test/common/main.test.bicep | 3 + .../service/.test/min/main.test.bicep | 3 + modules/api-management/service/README.md | 474 +++++++++++++++--- .../service/api-version-set/README.md | 43 +- .../service/api-version-set/main.json | 4 +- modules/api-management/service/api/README.md | 229 +++++++-- modules/api-management/service/api/main.json | 8 +- .../service/api/policy/README.md | 62 ++- .../service/api/policy/main.json | 4 +- .../service/authorization-server/README.md | 170 ++++++- .../service/authorization-server/main.json | 4 +- .../api-management/service/backend/README.md | 119 ++++- .../api-management/service/backend/main.json | 4 +- .../api-management/service/cache/README.md | 73 ++- .../api-management/service/cache/main.json | 4 +- .../service/identity-provider/README.md | 137 ++++- .../service/identity-provider/main.json | 4 +- modules/api-management/service/main.json | 64 +-- .../service/named-value/README.md | 83 ++- .../service/named-value/main.json | 4 +- .../api-management/service/policy/README.md | 54 +- .../api-management/service/policy/main.json | 4 +- .../service/portalsetting/README.md | 47 +- .../service/portalsetting/main.json | 4 +- .../api-management/service/product/README.md | 111 +++- .../service/product/api/README.md | 43 +- .../service/product/api/main.json | 4 +- .../service/product/group/README.md | 43 +- .../service/product/group/main.json | 4 +- .../api-management/service/product/main.json | 12 +- .../service/subscription/README.md | 93 +++- .../service/subscription/main.json | 4 +- .../.test/common/main.test.bicep | 3 + .../.test/min/main.test.bicep | 3 + .../configuration-store/README.md | 301 ++++++++--- .../configuration-store/key-value/README.md | 65 ++- .../configuration-store/key-value/main.json | 4 +- .../configuration-store/main.json | 24 +- .../.test/common/main.test.bicep | 3 + .../container-app/.test/min/main.test.bicep | 3 + modules/app/container-app/README.md | 371 +++++++++++--- modules/app/container-app/main.json | 8 +- .../.test/common/main.test.bicep | 3 + .../.test/min/main.test.bicep | 3 + modules/app/managed-environment/README.md | 272 +++++++--- modules/app/managed-environment/main.json | 8 +- .../lock/.test/common/main.test.bicep | 3 + modules/authorization/lock/README.md | 118 +++-- modules/authorization/lock/main.json | 12 +- .../lock/resource-group/README.md | 46 +- .../lock/resource-group/main.json | 4 +- .../authorization/lock/subscription/README.md | 46 +- .../authorization/lock/subscription/main.json | 4 +- .../authorization/policy-assignment/README.md | 266 +++++++--- .../authorization/policy-assignment/main.json | 16 +- .../management-group/README.md | 161 +++++- .../management-group/main.json | 4 +- .../resource-group/README.md | 170 ++++++- .../resource-group/main.json | 4 +- .../policy-assignment/subscription/README.md | 161 +++++- .../policy-assignment/subscription/main.json | 4 +- .../authorization/policy-definition/README.md | 181 +++++-- .../authorization/policy-definition/main.json | 12 +- .../management-group/README.md | 88 +++- .../management-group/main.json | 4 +- .../policy-definition/subscription/README.md | 88 +++- .../policy-definition/subscription/main.json | 4 +- .../authorization/policy-exemption/README.md | 228 ++++++--- .../authorization/policy-exemption/main.json | 16 +- .../management-group/README.md | 116 ++++- .../management-group/main.json | 4 +- .../policy-exemption/resource-group/README.md | 107 +++- .../policy-exemption/resource-group/main.json | 4 +- .../policy-exemption/subscription/README.md | 116 ++++- .../policy-exemption/subscription/main.json | 4 +- .../policy-set-definition/README.md | 178 +++++-- .../policy-set-definition/main.json | 12 +- .../management-group/README.md | 87 +++- .../management-group/main.json | 4 +- .../subscription/README.md | 87 +++- .../subscription/main.json | 4 +- .../authorization/role-assignment/README.md | 201 ++++++-- .../authorization/role-assignment/main.json | 16 +- .../management-group/README.md | 98 +++- .../management-group/main.json | 4 +- .../role-assignment/resource-group/README.md | 98 +++- .../role-assignment/resource-group/main.json | 4 +- .../role-assignment/subscription/README.md | 98 +++- .../role-assignment/subscription/main.json | 4 +- .../authorization/role-definition/README.md | 200 ++++++-- .../authorization/role-definition/main.json | 16 +- .../management-group/README.md | 79 ++- .../management-group/main.json | 4 +- .../role-definition/resource-group/README.md | 97 +++- .../role-definition/resource-group/main.json | 4 +- .../role-definition/subscription/README.md | 97 +++- .../role-definition/subscription/main.json | 4 +- .../.test/common/main.test.bicep | 3 + .../.test/min/main.test.bicep | 3 + .../automation/automation-account/README.md | 380 +++++++++++--- .../automation-account/job-schedule/README.md | 74 ++- .../automation-account/job-schedule/main.json | 4 +- .../automation/automation-account/main.json | 52 +- .../automation-account/module/README.md | 70 ++- .../automation-account/module/main.json | 4 +- .../automation-account/runbook/README.md | 122 ++++- .../automation-account/runbook/main.json | 4 +- .../automation-account/schedule/README.md | 112 ++++- .../automation-account/schedule/main.json | 4 +- .../software-update-configuration/README.md | 324 ++++++++++-- .../software-update-configuration/main.json | 4 +- .../automation-account/variable/README.md | 61 ++- .../automation-account/variable/main.json | 4 +- .../.test/common/main.test.bicep | 3 + .../batch-account/.test/min/main.test.bicep | 3 + modules/batch/batch-account/README.md | 346 ++++++++++--- modules/batch/batch-account/main.json | 16 +- .../.test/common/main.test.bicep | 3 + .../.test/min/main.test.bicep | 3 + modules/cache/redis-enterprise/README.md | 260 +++++++--- .../cache/redis-enterprise/database/README.md | 131 ++++- .../cache/redis-enterprise/database/main.json | 4 +- modules/cache/redis-enterprise/main.json | 24 +- .../cache/redis/.test/common/main.test.bicep | 3 + modules/cache/redis/.test/min/main.test.bicep | 3 + modules/cache/redis/README.md | 369 +++++++++++--- modules/cache/redis/main.json | 20 +- .../cdn/profile/.test/common/main.test.bicep | 3 + modules/cdn/profile/README.md | 222 ++++++-- modules/cdn/profile/afdEndpoint/README.md | 82 ++- .../cdn/profile/afdEndpoint/route/README.md | 146 +++++- modules/cdn/profile/customdomain/README.md | 102 +++- 139 files changed, 7958 insertions(+), 1990 deletions(-) diff --git a/modules/aad/domain-service/.test/common/main.test.bicep b/modules/aad/domain-service/.test/common/main.test.bicep index 45310e5723..bc19dc1260 100644 --- a/modules/aad/domain-service/.test/common/main.test.bicep +++ b/modules/aad/domain-service/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/aad/domain-service/README.md b/modules/aad/domain-service/README.md index fca50dcd19..b668b1ccda 100644 --- a/modules/aad/domain-service/README.md +++ b/modules/aad/domain-service/README.md @@ -4,14 +4,14 @@ This module deploys an Azure Active Directory Domain Services (AADDS). ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -20,81 +20,28 @@ This module deploys an Azure Active Directory Domain Services (AADDS). | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `domainName` | string | The domain name specific to the Azure ADDS service. | - -**Conditional parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `pfxCertificate` | securestring | `''` | The certificate required to configure Secure LDAP. Should be a base64encoded representation of the certificate PFX file. Required if secure LDAP is enabled and must be valid more than 30 days. | -| `pfxCertificatePassword` | securestring | `''` | The password to decrypt the provided Secure LDAP certificate PFX file. Required if secure LDAP is enabled. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `additionalRecipients` | array | `[]` | | The email recipient value to receive alerts. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', AccountLogon, AccountManagement, allLogs, DetailTracking, DirectoryServiceAccess, LogonLogoff, ObjectAccess, PolicyChange, PrivilegeUse, SystemSecurity]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `domainConfigurationType` | string | `'FullySynced'` | `[FullySynced, ResourceTrusting]` | The value is to provide domain configuration type. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `externalAccess` | string | `'Enabled'` | `[Disabled, Enabled]` | The value is to enable the Secure LDAP for external services of Azure ADDS Services. | -| `filteredSync` | string | `'Enabled'` | | The value is to synchronize scoped users and groups. | -| `kerberosArmoring` | string | `'Enabled'` | `[Disabled, Enabled]` | The value is to enable to provide a protected channel between the Kerberos client and the KDC. | -| `kerberosRc4Encryption` | string | `'Enabled'` | `[Disabled, Enabled]` | The value is to enable Kerberos requests that use RC4 encryption. | -| `ldaps` | string | `'Enabled'` | `[Disabled, Enabled]` | A flag to determine whether or not Secure LDAP is enabled or disabled. | -| `location` | string | `[resourceGroup().location]` | | The location to deploy the Azure ADDS Services. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `name` | string | `[parameters('domainName')]` | | The name of the AADDS resource. Defaults to the domain name specific to the Azure ADDS service. | -| `notifyDcAdmins` | string | `'Enabled'` | `[Disabled, Enabled]` | The value is to notify the DC Admins. | -| `notifyGlobalAdmins` | string | `'Enabled'` | `[Disabled, Enabled]` | The value is to notify the Global Admins. | -| `ntlmV1` | string | `'Enabled'` | `[Disabled, Enabled]` | The value is to enable clients making request using NTLM v1. | -| `replicaSets` | array | `[]` | | Additional replica set for the managed domain. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `sku` | string | `'Standard'` | `[Enterprise, Premium, Standard]` | The name of the SKU specific to Azure ADDS Services. | -| `syncNtlmPasswords` | string | `'Enabled'` | `[Disabled, Enabled]` | The value is to enable synchronized users to use NTLM authentication. | -| `syncOnPremPasswords` | string | `'Enabled'` | `[Disabled, Enabled]` | The value is to enable on-premises users to authenticate against managed domain. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `tlsV1` | string | `'Enabled'` | `[Disabled, Enabled]` | The value is to enable clients making request using TLSv1. | +## Usage examples +The following module usage examples are retrieved from the content of the files hosted in the module's `tests` folder. + >**Note**: The name of each example is based on the name of the file from which it is taken. -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The domain name of the Azure Active Directory Domain Services(Azure ADDS). | -| `resourceGroupName` | string | The name of the resource group the Azure Active Directory Domain Services(Azure ADDS) was created in. | -| `resourceId` | string | The resource ID of the Azure Active Directory Domain Services(Azure ADDS). | - -## Cross-referenced modules + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/aad.domain-service:1.0.0`. -## Deployment examples +- [Using only defaults](#example-1-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using only defaults_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with the minimum set of required parameters. -

Example 1: Common

via Bicep module ```bicep -module domainService './aad/domain-service/main.bicep' = { +module domainService 'br:bicep/modules/aad.domain-service:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-aaddscom' params: { // Required parameters @@ -203,6 +150,282 @@ module domainService './aad/domain-service/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`domainName`](#parameter-domainname) | string | The domain name specific to the Azure ADDS service. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`pfxCertificate`](#parameter-pfxcertificate) | securestring | The certificate required to configure Secure LDAP. Should be a base64encoded representation of the certificate PFX file. Required if secure LDAP is enabled and must be valid more than 30 days. | +| [`pfxCertificatePassword`](#parameter-pfxcertificatepassword) | securestring | The password to decrypt the provided Secure LDAP certificate PFX file. Required if secure LDAP is enabled. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`additionalRecipients`](#parameter-additionalrecipients) | array | The email recipient value to receive alerts. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`domainConfigurationType`](#parameter-domainconfigurationtype) | string | The value is to provide domain configuration type. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`externalAccess`](#parameter-externalaccess) | string | The value is to enable the Secure LDAP for external services of Azure ADDS Services. | +| [`filteredSync`](#parameter-filteredsync) | string | The value is to synchronize scoped users and groups. | +| [`kerberosArmoring`](#parameter-kerberosarmoring) | string | The value is to enable to provide a protected channel between the Kerberos client and the KDC. | +| [`kerberosRc4Encryption`](#parameter-kerberosrc4encryption) | string | The value is to enable Kerberos requests that use RC4 encryption. | +| [`ldaps`](#parameter-ldaps) | string | A flag to determine whether or not Secure LDAP is enabled or disabled. | +| [`location`](#parameter-location) | string | The location to deploy the Azure ADDS Services. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`name`](#parameter-name) | string | The name of the AADDS resource. Defaults to the domain name specific to the Azure ADDS service. | +| [`notifyDcAdmins`](#parameter-notifydcadmins) | string | The value is to notify the DC Admins. | +| [`notifyGlobalAdmins`](#parameter-notifyglobaladmins) | string | The value is to notify the Global Admins. | +| [`ntlmV1`](#parameter-ntlmv1) | string | The value is to enable clients making request using NTLM v1. | +| [`replicaSets`](#parameter-replicasets) | array | Additional replica set for the managed domain. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`sku`](#parameter-sku) | string | The name of the SKU specific to Azure ADDS Services. | +| [`syncNtlmPasswords`](#parameter-syncntlmpasswords) | string | The value is to enable synchronized users to use NTLM authentication. | +| [`syncOnPremPasswords`](#parameter-synconprempasswords) | string | The value is to enable on-premises users to authenticate against managed domain. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`tlsV1`](#parameter-tlsv1) | string | The value is to enable clients making request using TLSv1. | + +### Parameter: `additionalRecipients` + +The email recipient value to receive alerts. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', AccountLogon, AccountManagement, allLogs, DetailTracking, DirectoryServiceAccess, LogonLogoff, ObjectAccess, PolicyChange, PrivilegeUse, SystemSecurity]` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `domainConfigurationType` + +The value is to provide domain configuration type. +- Required: No +- Type: string +- Default: `'FullySynced'` +- Allowed: `[FullySynced, ResourceTrusting]` + +### Parameter: `domainName` + +The domain name specific to the Azure ADDS service. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `externalAccess` + +The value is to enable the Secure LDAP for external services of Azure ADDS Services. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `filteredSync` + +The value is to synchronize scoped users and groups. +- Required: No +- Type: string +- Default: `'Enabled'` + +### Parameter: `kerberosArmoring` + +The value is to enable to provide a protected channel between the Kerberos client and the KDC. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `kerberosRc4Encryption` + +The value is to enable Kerberos requests that use RC4 encryption. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `ldaps` + +A flag to determine whether or not Secure LDAP is enabled or disabled. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `location` + +The location to deploy the Azure ADDS Services. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The name of the AADDS resource. Defaults to the domain name specific to the Azure ADDS service. +- Required: No +- Type: string +- Default: `[parameters('domainName')]` + +### Parameter: `notifyDcAdmins` + +The value is to notify the DC Admins. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `notifyGlobalAdmins` + +The value is to notify the Global Admins. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `ntlmV1` + +The value is to enable clients making request using NTLM v1. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `pfxCertificate` + +The certificate required to configure Secure LDAP. Should be a base64encoded representation of the certificate PFX file. Required if secure LDAP is enabled and must be valid more than 30 days. +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `pfxCertificatePassword` + +The password to decrypt the provided Secure LDAP certificate PFX file. Required if secure LDAP is enabled. +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `replicaSets` + +Additional replica set for the managed domain. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `sku` + +The name of the SKU specific to Azure ADDS Services. +- Required: No +- Type: string +- Default: `'Standard'` +- Allowed: `[Enterprise, Premium, Standard]` + +### Parameter: `syncNtlmPasswords` + +The value is to enable synchronized users to use NTLM authentication. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `syncOnPremPasswords` + +The value is to enable on-premises users to authenticate against managed domain. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `tlsV1` + +The value is to enable clients making request using TLSv1. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The domain name of the Azure Active Directory Domain Services(Azure ADDS). | +| `resourceGroupName` | string | The name of the resource group the Azure Active Directory Domain Services(Azure ADDS) was created in. | +| `resourceId` | string | The resource ID of the Azure Active Directory Domain Services(Azure ADDS). | + +## Cross-referenced modules + +_None_ + ## Notes ### Network Security Group (NSG) requirements for AADDS diff --git a/modules/aad/domain-service/main.json b/modules/aad/domain-service/main.json index 3070f9df0a..0f206dd1ce 100644 --- a/modules/aad/domain-service/main.json +++ b/modules/aad/domain-service/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5043907679276521852" + "version": "0.22.6.54827", + "templateHash": "10694057578652449276" }, "name": "Azure Active Directory Domain Services", "description": "This module deploys an Azure Active Directory Domain Services (AADDS).", @@ -410,8 +410,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "4015790044658504688" + "version": "0.22.6.54827", + "templateHash": "4984019978971427023" } }, "parameters": { diff --git a/modules/analysis-services/server/.test/common/main.test.bicep b/modules/analysis-services/server/.test/common/main.test.bicep index 0dcc74191b..8eeb6518dd 100644 --- a/modules/analysis-services/server/.test/common/main.test.bicep +++ b/modules/analysis-services/server/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/analysis-services/server/.test/min/main.test.bicep b/modules/analysis-services/server/.test/min/main.test.bicep index 3c210ec288..3d2c998523 100644 --- a/modules/analysis-services/server/.test/min/main.test.bicep +++ b/modules/analysis-services/server/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using Maximum Parameters' +metadata description = 'This instance deploys the module with the large set of possible parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/analysis-services/server/README.md b/modules/analysis-services/server/README.md index 02f71b089c..979b23fe72 100644 --- a/modules/analysis-services/server/README.md +++ b/modules/analysis-services/server/README.md @@ -5,10 +5,10 @@ This module deploys an Analysis Services Server. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -19,63 +19,30 @@ This module deploys an Analysis Services Server. | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the Azure Analysis Services server to create. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, Engine, Service]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `firewallSettings` | object | `{object}` | | The inbound firewall rules to define on the server. If not specified, firewall is disabled. | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `skuCapacity` | int | `1` | | The total number of query replica scale-out instances. | -| `skuName` | string | `'S0'` | | The SKU name of the Azure Analysis Services server to create. | -| `tags` | object | `{object}` | | Tags of the resource. | - - -## Outputs +## Usage examples -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the analysis service. | -| `resourceGroupName` | string | The resource group the analysis service was deployed into. | -| `resourceId` | string | The resource ID of the analysis service. | +The following module usage examples are retrieved from the content of the files hosted in the module's `tests` folder. + >**Note**: The name of each example is based on the name of the file from which it is taken. -## Cross-referenced modules + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/analysis-services.server:1.0.0`. -## Deployment examples +- [Using only defaults](#example-1-using-only-defaults) +- [Max](#example-2-max) +- [Using Maximum Parameters](#example-3-using-maximum-parameters) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using only defaults_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with the minimum set of required parameters. -

Example 1: Common

via Bicep module ```bicep -module server './analysis-services/server/main.bicep' = { +module server 'br:bicep/modules/analysis-services.server:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-asscom' params: { // Required parameters @@ -169,14 +136,14 @@ module server './analysis-services/server/main.bicep' = {

-

Example 2: Max

+### Example 2: _Max_
via Bicep module ```bicep -module server './analysis-services/server/main.bicep' = { +module server 'br:bicep/modules/analysis-services.server:1.0.0' = { name: '${uniqueString(deployment().name)}-test-assmax' params: { // Required parameters @@ -302,14 +269,17 @@ module server './analysis-services/server/main.bicep' = {

-

Example 3: Min

+### Example 3: _Using Maximum Parameters_ + +This instance deploys the module with the large set of possible parameters. +
via Bicep module ```bicep -module server './analysis-services/server/main.bicep' = { +module server 'br:bicep/modules/analysis-services.server:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-assmin' params: { // Required parameters @@ -346,3 +316,160 @@ module server './analysis-services/server/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the Azure Analysis Services server to create. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`firewallSettings`](#parameter-firewallsettings) | object | The inbound firewall rules to define on the server. If not specified, firewall is disabled. | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`skuCapacity`](#parameter-skucapacity) | int | The total number of query replica scale-out instances. | +| [`skuName`](#parameter-skuname) | string | The SKU name of the Azure Analysis Services server to create. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, Engine, Service]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `firewallSettings` + +The inbound firewall rules to define on the server. If not specified, firewall is disabled. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The name of the Azure Analysis Services server to create. +- Required: Yes +- Type: string + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `skuCapacity` + +The total number of query replica scale-out instances. +- Required: No +- Type: int +- Default: `1` + +### Parameter: `skuName` + +The SKU name of the Azure Analysis Services server to create. +- Required: No +- Type: string +- Default: `'S0'` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the analysis service. | +| `resourceGroupName` | string | The resource group the analysis service was deployed into. | +| `resourceId` | string | The resource ID of the analysis service. | + +## Cross-referenced modules + +_None_ diff --git a/modules/analysis-services/server/main.json b/modules/analysis-services/server/main.json index c54bb4c44b..9855c786cd 100644 --- a/modules/analysis-services/server/main.json +++ b/modules/analysis-services/server/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1234109873215342159" + "version": "0.22.6.54827", + "templateHash": "5443858044342002150" }, "name": "Analysis Services Servers", "description": "This module deploys an Analysis Services Server.", @@ -268,8 +268,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5938154849701330874" + "version": "0.22.6.54827", + "templateHash": "7231657665941581698" } }, "parameters": { diff --git a/modules/api-management/service/.test/common/main.test.bicep b/modules/api-management/service/.test/common/main.test.bicep index 7431d43d99..0a923c3d3c 100644 --- a/modules/api-management/service/.test/common/main.test.bicep +++ b/modules/api-management/service/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/api-management/service/.test/min/main.test.bicep b/modules/api-management/service/.test/min/main.test.bicep index b45bd98469..7c8a6f9a26 100644 --- a/modules/api-management/service/.test/min/main.test.bicep +++ b/modules/api-management/service/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using Maximum Parameters' +metadata description = 'This instance deploys the module with the large set of possible parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/api-management/service/README.md b/modules/api-management/service/README.md index d9d56c5b77..140a3c756e 100644 --- a/modules/api-management/service/README.md +++ b/modules/api-management/service/README.md @@ -4,14 +4,14 @@ This module deploys an API Management Service. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -34,91 +34,30 @@ This module deploys an API Management Service. | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | | `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the API Management service. | -| `publisherEmail` | string | The email address of the owner of the service. | -| `publisherName` | string | The name of the owner of the service. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `additionalLocations` | array | `[]` | | Additional datacenter locations of the API Management service. | -| `apis` | array | `[]` | | APIs. | -| `apiVersionSets` | array | `[]` | | API Version Sets. | -| `authorizationServers` | secureObject | `{object}` | | Authorization servers. | -| `backends` | array | `[]` | | Backends. | -| `caches` | array | `[]` | | Caches. | -| `certificates` | array | `[]` | | List of Certificates that need to be installed in the API Management service. Max supported certificates that can be installed is 10. | -| `customProperties` | object | `{object}` | | Custom properties of the API Management service. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, GatewayLogs]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `disableGateway` | bool | `False` | | Property only valid for an API Management service deployed in multiple locations. This can be used to disable the gateway in master region. | -| `enableClientCertificate` | bool | `False` | | Property only meant to be used for Consumption SKU Service. This enforces a client certificate to be presented on each request to the gateway. This also enables the ability to authenticate the certificate in the policy on the gateway. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `hostnameConfigurations` | array | `[]` | | Custom hostname configuration of the API Management service. | -| `identityProviders` | array | `[]` | | Identity providers. | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `minApiVersion` | string | `''` | | Limit control plane API calls to API Management service with version equal to or newer than this value. | -| `namedValues` | array | `[]` | | Named values. | -| `newGuidValue` | string | `[newGuid()]` | | Necessary to create a new GUID. | -| `notificationSenderEmail` | string | `'apimgmt-noreply@mail.windowsazure.com'` | | The notification sender email address for the service. | -| `policies` | array | `[]` | | Policies. | -| `portalsettings` | array | `[]` | | Portal settings. | -| `products` | array | `[]` | | Products. | -| `restore` | bool | `False` | | Undelete API Management Service if it was previously soft-deleted. If this flag is specified and set to True all other properties will be ignored. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `sku` | string | `'Developer'` | `[Basic, Consumption, Developer, Premium, Standard]` | The pricing tier of this API Management service. | -| `skuCount` | int | `1` | `[1, 2]` | The instance size of this API Management service. | -| `subnetResourceId` | string | `''` | | The full resource ID of a subnet in a virtual network to deploy the API Management service in. | -| `subscriptions` | array | `[]` | | Subscriptions. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | -| `virtualNetworkType` | string | `'None'` | `[External, Internal, None]` | The type of VPN in which API Management service needs to be configured in. None (Default Value) means the API Management service is not part of any Virtual Network, External means the API Management deployment is set up inside a Virtual Network having an internet Facing Endpoint, and Internal means that API Management deployment is setup inside a Virtual Network having an Intranet Facing Endpoint only. | -| `zones` | array | `[]` | | A list of availability zones denoting where the resource needs to come from. | +## Usage examples +The following module usage examples are retrieved from the content of the files hosted in the module's `tests` folder. + >**Note**: The name of each example is based on the name of the file from which it is taken. -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the API management service. | -| `resourceGroupName` | string | The resource group the API management service was deployed into. | -| `resourceId` | string | The resource ID of the API management service. | -| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | - -## Cross-referenced modules + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/api-management.service:1.0.0`. -## Deployment examples +- [Using only defaults](#example-1-using-only-defaults) +- [Max](#example-2-max) +- [Using Maximum Parameters](#example-3-using-maximum-parameters) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using only defaults_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with the minimum set of required parameters. -

Example 1: Common

via Bicep module ```bicep -module service './api-management/service/main.bicep' = { +module service 'br:bicep/modules/api-management.service:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-apiscom' params: { // Required parameters @@ -252,14 +191,14 @@ module service './api-management/service/main.bicep' = {

-

Example 2: Max

+### Example 2: _Max_
via Bicep module ```bicep -module service './api-management/service/main.bicep' = { +module service 'br:bicep/modules/api-management.service:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-apismax' params: { // Required parameters @@ -601,14 +540,17 @@ module service './api-management/service/main.bicep' = {

-

Example 3: Min

+### Example 3: _Using Maximum Parameters_ + +This instance deploys the module with the large set of possible parameters. +
via Bicep module ```bicep -module service './api-management/service/main.bicep' = { +module service 'br:bicep/modules/api-management.service:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-apismin' params: { // Required parameters @@ -655,6 +597,380 @@ module service './api-management/service/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the API Management service. | +| [`publisherEmail`](#parameter-publisheremail) | string | The email address of the owner of the service. | +| [`publisherName`](#parameter-publishername) | string | The name of the owner of the service. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`additionalLocations`](#parameter-additionallocations) | array | Additional datacenter locations of the API Management service. | +| [`apis`](#parameter-apis) | array | APIs. | +| [`apiVersionSets`](#parameter-apiversionsets) | array | API Version Sets. | +| [`authorizationServers`](#parameter-authorizationservers) | secureObject | Authorization servers. | +| [`backends`](#parameter-backends) | array | Backends. | +| [`caches`](#parameter-caches) | array | Caches. | +| [`certificates`](#parameter-certificates) | array | List of Certificates that need to be installed in the API Management service. Max supported certificates that can be installed is 10. | +| [`customProperties`](#parameter-customproperties) | object | Custom properties of the API Management service. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`disableGateway`](#parameter-disablegateway) | bool | Property only valid for an API Management service deployed in multiple locations. This can be used to disable the gateway in master region. | +| [`enableClientCertificate`](#parameter-enableclientcertificate) | bool | Property only meant to be used for Consumption SKU Service. This enforces a client certificate to be presented on each request to the gateway. This also enables the ability to authenticate the certificate in the policy on the gateway. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`hostnameConfigurations`](#parameter-hostnameconfigurations) | array | Custom hostname configuration of the API Management service. | +| [`identityProviders`](#parameter-identityproviders) | array | Identity providers. | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`minApiVersion`](#parameter-minapiversion) | string | Limit control plane API calls to API Management service with version equal to or newer than this value. | +| [`namedValues`](#parameter-namedvalues) | array | Named values. | +| [`newGuidValue`](#parameter-newguidvalue) | string | Necessary to create a new GUID. | +| [`notificationSenderEmail`](#parameter-notificationsenderemail) | string | The notification sender email address for the service. | +| [`policies`](#parameter-policies) | array | Policies. | +| [`portalsettings`](#parameter-portalsettings) | array | Portal settings. | +| [`products`](#parameter-products) | array | Products. | +| [`restore`](#parameter-restore) | bool | Undelete API Management Service if it was previously soft-deleted. If this flag is specified and set to True all other properties will be ignored. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`sku`](#parameter-sku) | string | The pricing tier of this API Management service. | +| [`skuCount`](#parameter-skucount) | int | The instance size of this API Management service. | +| [`subnetResourceId`](#parameter-subnetresourceid) | string | The full resource ID of a subnet in a virtual network to deploy the API Management service in. | +| [`subscriptions`](#parameter-subscriptions) | array | Subscriptions. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | +| [`virtualNetworkType`](#parameter-virtualnetworktype) | string | The type of VPN in which API Management service needs to be configured in. None (Default Value) means the API Management service is not part of any Virtual Network, External means the API Management deployment is set up inside a Virtual Network having an internet Facing Endpoint, and Internal means that API Management deployment is setup inside a Virtual Network having an Intranet Facing Endpoint only. | +| [`zones`](#parameter-zones) | array | A list of availability zones denoting where the resource needs to come from. | + +### Parameter: `additionalLocations` + +Additional datacenter locations of the API Management service. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `apis` + +APIs. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `apiVersionSets` + +API Version Sets. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `authorizationServers` + +Authorization servers. +- Required: No +- Type: secureObject +- Default: `{object}` + +### Parameter: `backends` + +Backends. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `caches` + +Caches. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `certificates` + +List of Certificates that need to be installed in the API Management service. Max supported certificates that can be installed is 10. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `customProperties` + +Custom properties of the API Management service. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, GatewayLogs]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `disableGateway` + +Property only valid for an API Management service deployed in multiple locations. This can be used to disable the gateway in master region. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableClientCertificate` + +Property only meant to be used for Consumption SKU Service. This enforces a client certificate to be presented on each request to the gateway. This also enables the ability to authenticate the certificate in the policy on the gateway. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `hostnameConfigurations` + +Custom hostname configuration of the API Management service. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `identityProviders` + +Identity providers. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `minApiVersion` + +Limit control plane API calls to API Management service with version equal to or newer than this value. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `name` + +The name of the API Management service. +- Required: Yes +- Type: string + +### Parameter: `namedValues` + +Named values. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `newGuidValue` + +Necessary to create a new GUID. +- Required: No +- Type: string +- Default: `[newGuid()]` + +### Parameter: `notificationSenderEmail` + +The notification sender email address for the service. +- Required: No +- Type: string +- Default: `'apimgmt-noreply@mail.windowsazure.com'` + +### Parameter: `policies` + +Policies. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `portalsettings` + +Portal settings. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `products` + +Products. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `publisherEmail` + +The email address of the owner of the service. +- Required: Yes +- Type: string + +### Parameter: `publisherName` + +The name of the owner of the service. +- Required: Yes +- Type: string + +### Parameter: `restore` + +Undelete API Management Service if it was previously soft-deleted. If this flag is specified and set to True all other properties will be ignored. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `sku` + +The pricing tier of this API Management service. +- Required: No +- Type: string +- Default: `'Developer'` +- Allowed: `[Basic, Consumption, Developer, Premium, Standard]` + +### Parameter: `skuCount` + +The instance size of this API Management service. +- Required: No +- Type: int +- Default: `1` +- Allowed: `[1, 2]` + +### Parameter: `subnetResourceId` + +The full resource ID of a subnet in a virtual network to deploy the API Management service in. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `subscriptions` + +Subscriptions. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `virtualNetworkType` + +The type of VPN in which API Management service needs to be configured in. None (Default Value) means the API Management service is not part of any Virtual Network, External means the API Management deployment is set up inside a Virtual Network having an internet Facing Endpoint, and Internal means that API Management deployment is setup inside a Virtual Network having an Intranet Facing Endpoint only. +- Required: No +- Type: string +- Default: `'None'` +- Allowed: `[External, Internal, None]` + +### Parameter: `zones` + +A list of availability zones denoting where the resource needs to come from. +- Required: No +- Type: array +- Default: `[]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the API management service. | +| `resourceGroupName` | string | The resource group the API management service was deployed into. | +| `resourceId` | string | The resource ID of the API management service. | +| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | + +## Cross-referenced modules + +_None_ + ## Notes ### Parameter Usage: `apiManagementServicePolicy` diff --git a/modules/api-management/service/api-version-set/README.md b/modules/api-management/service/api-version-set/README.md index 675ca80d79..3be54ecd44 100644 --- a/modules/api-management/service/api-version-set/README.md +++ b/modules/api-management/service/api-version-set/README.md @@ -19,22 +19,49 @@ This module deploys an API Management Service API Version Set. **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `apiManagementServiceName` | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | +| [`apiManagementServiceName`](#parameter-apimanagementservicename) | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `name` | string | `'default'` | API Version set name. | -| `properties` | object | `{object}` | API Version set properties. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`name`](#parameter-name) | string | API Version set name. | +| [`properties`](#parameter-properties) | object | API Version set properties. | + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +API Version set name. +- Required: No +- Type: string +- Default: `'default'` + +### Parameter: `properties` + +API Version set properties. +- Required: No +- Type: object +- Default: `{object}` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the API Version set. | | `resourceGroupName` | string | The resource group the API Version set was deployed into. | diff --git a/modules/api-management/service/api-version-set/main.json b/modules/api-management/service/api-version-set/main.json index f09d56ff92..1f27892ce2 100644 --- a/modules/api-management/service/api-version-set/main.json +++ b/modules/api-management/service/api-version-set/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "9352626903654043411" + "version": "0.22.6.54827", + "templateHash": "12233980723609740158" }, "name": "API Management Service API Version Sets", "description": "This module deploys an API Management Service API Version Set.", diff --git a/modules/api-management/service/api/README.md b/modules/api-management/service/api/README.md index 2390fc6a17..a9cd300c66 100644 --- a/modules/api-management/service/api/README.md +++ b/modules/api-management/service/api/README.md @@ -4,12 +4,12 @@ This module deploys an API Management Service API. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -20,47 +20,214 @@ This module deploys an API Management Service API. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `displayName` | string | API name. Must be 1 to 300 characters long. | -| `name` | string | API revision identifier. Must be unique in the current API Management service instance. Non-current revision has ;rev=n as a suffix where n is the revision number. | -| `path` | string | Relative URL uniquely identifying this API and all of its resource paths within the API Management service instance. It is appended to the API endpoint base URL specified during the service instance creation to form a public URL for this API. | +| [`displayName`](#parameter-displayname) | string | API name. Must be 1 to 300 characters long. | +| [`name`](#parameter-name) | string | API revision identifier. Must be unique in the current API Management service instance. Non-current revision has ;rev=n as a suffix where n is the revision number. | +| [`path`](#parameter-path) | string | Relative URL uniquely identifying this API and all of its resource paths within the API Management service instance. It is appended to the API endpoint base URL specified during the service instance creation to form a public URL for this API. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `apiManagementServiceName` | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | +| [`apiManagementServiceName`](#parameter-apimanagementservicename) | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `apiDescription` | string | `''` | | Description of the API. May include HTML formatting tags. | -| `apiRevision` | string | `''` | | Describes the Revision of the API. If no value is provided, default revision 1 is created. | -| `apiRevisionDescription` | string | `''` | | Description of the API Revision. | -| `apiType` | string | `'http'` | `[graphql, http, soap, websocket]` | Type of API to create. * http creates a REST API * soap creates a SOAP pass-through API * websocket creates websocket API * graphql creates GraphQL API. | -| `apiVersion` | string | `''` | | Indicates the Version identifier of the API if the API is versioned. | -| `apiVersionDescription` | string | `''` | | Description of the API Version. | -| `apiVersionSetId` | string | `''` | | Indicates the Version identifier of the API version set. | -| `authenticationSettings` | object | `{object}` | | Collection of authentication settings included into this API. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `format` | string | `'openapi'` | `[openapi, openapi-link, openapi+json, openapi+json-link, swagger-json, swagger-link-json, wadl-link-json, wadl-xml, wsdl, wsdl-link]` | Format of the Content in which the API is getting imported. | -| `isCurrent` | bool | `True` | | Indicates if API revision is current API revision. | -| `policies` | array | `[]` | | Array of Policies to apply to the Service API. | -| `protocols` | array | `[https]` | | Describes on which protocols the operations in this API can be invoked. - HTTP or HTTPS. | -| `serviceUrl` | string | `''` | | Absolute URL of the backend service implementing this API. Cannot be more than 2000 characters long. | -| `sourceApiId` | string | `''` | | API identifier of the source API. | -| `subscriptionKeyParameterNames` | object | `{object}` | | Protocols over which API is made available. | -| `subscriptionRequired` | bool | `False` | | Specifies whether an API or Product subscription is required for accessing the API. | -| `type` | string | `'http'` | `[graphql, http, soap, websocket]` | Type of API. | -| `value` | string | `''` | | Content value when Importing an API. | -| `wsdlSelector` | object | `{object}` | | Criteria to limit import of WSDL to a subset of the document. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`apiDescription`](#parameter-apidescription) | string | Description of the API. May include HTML formatting tags. | +| [`apiRevision`](#parameter-apirevision) | string | Describes the Revision of the API. If no value is provided, default revision 1 is created. | +| [`apiRevisionDescription`](#parameter-apirevisiondescription) | string | Description of the API Revision. | +| [`apiType`](#parameter-apitype) | string | Type of API to create. * http creates a REST API * soap creates a SOAP pass-through API * websocket creates websocket API * graphql creates GraphQL API. | +| [`apiVersion`](#parameter-apiversion) | string | Indicates the Version identifier of the API if the API is versioned. | +| [`apiVersionDescription`](#parameter-apiversiondescription) | string | Description of the API Version. | +| [`apiVersionSetId`](#parameter-apiversionsetid) | string | Indicates the Version identifier of the API version set. | +| [`authenticationSettings`](#parameter-authenticationsettings) | object | Collection of authentication settings included into this API. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`format`](#parameter-format) | string | Format of the Content in which the API is getting imported. | +| [`isCurrent`](#parameter-iscurrent) | bool | Indicates if API revision is current API revision. | +| [`policies`](#parameter-policies) | array | Array of Policies to apply to the Service API. | +| [`protocols`](#parameter-protocols) | array | Describes on which protocols the operations in this API can be invoked. - HTTP or HTTPS. | +| [`serviceUrl`](#parameter-serviceurl) | string | Absolute URL of the backend service implementing this API. Cannot be more than 2000 characters long. | +| [`sourceApiId`](#parameter-sourceapiid) | string | API identifier of the source API. | +| [`subscriptionKeyParameterNames`](#parameter-subscriptionkeyparameternames) | object | Protocols over which API is made available. | +| [`subscriptionRequired`](#parameter-subscriptionrequired) | bool | Specifies whether an API or Product subscription is required for accessing the API. | +| [`type`](#parameter-type) | string | Type of API. | +| [`value`](#parameter-value) | string | Content value when Importing an API. | +| [`wsdlSelector`](#parameter-wsdlselector) | object | Criteria to limit import of WSDL to a subset of the document. | + +### Parameter: `apiDescription` + +Description of the API. May include HTML formatting tags. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `apiRevision` + +Describes the Revision of the API. If no value is provided, default revision 1 is created. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `apiRevisionDescription` + +Description of the API Revision. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `apiType` + +Type of API to create. * http creates a REST API * soap creates a SOAP pass-through API * websocket creates websocket API * graphql creates GraphQL API. +- Required: No +- Type: string +- Default: `'http'` +- Allowed: `[graphql, http, soap, websocket]` + +### Parameter: `apiVersion` + +Indicates the Version identifier of the API if the API is versioned. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `apiVersionDescription` + +Description of the API Version. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `apiVersionSetId` + +Indicates the Version identifier of the API version set. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `authenticationSettings` + +Collection of authentication settings included into this API. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `displayName` + +API name. Must be 1 to 300 characters long. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `format` + +Format of the Content in which the API is getting imported. +- Required: No +- Type: string +- Default: `'openapi'` +- Allowed: `[openapi, openapi-link, openapi+json, openapi+json-link, swagger-json, swagger-link-json, wadl-link-json, wadl-xml, wsdl, wsdl-link]` + +### Parameter: `isCurrent` + +Indicates if API revision is current API revision. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +API revision identifier. Must be unique in the current API Management service instance. Non-current revision has ;rev=n as a suffix where n is the revision number. +- Required: Yes +- Type: string + +### Parameter: `path` + +Relative URL uniquely identifying this API and all of its resource paths within the API Management service instance. It is appended to the API endpoint base URL specified during the service instance creation to form a public URL for this API. +- Required: Yes +- Type: string + +### Parameter: `policies` + +Array of Policies to apply to the Service API. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `protocols` + +Describes on which protocols the operations in this API can be invoked. - HTTP or HTTPS. +- Required: No +- Type: array +- Default: `[https]` + +### Parameter: `serviceUrl` + +Absolute URL of the backend service implementing this API. Cannot be more than 2000 characters long. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `sourceApiId` + +API identifier of the source API. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `subscriptionKeyParameterNames` + +Protocols over which API is made available. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `subscriptionRequired` + +Specifies whether an API or Product subscription is required for accessing the API. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `type` + +Type of API. +- Required: No +- Type: string +- Default: `'http'` +- Allowed: `[graphql, http, soap, websocket]` + +### Parameter: `value` + +Content value when Importing an API. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `wsdlSelector` + +Criteria to limit import of WSDL to a subset of the document. +- Required: No +- Type: object +- Default: `{object}` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the API management service API. | | `resourceGroupName` | string | The resource group the API management service API was deployed to. | diff --git a/modules/api-management/service/api/main.json b/modules/api-management/service/api/main.json index 08c998bf80..f150d2bcb8 100644 --- a/modules/api-management/service/api/main.json +++ b/modules/api-management/service/api/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "9074052005199170712" + "version": "0.22.6.54827", + "templateHash": "17340528539230351720" }, "name": "API Management Service APIs", "description": "This module deploys an API Management Service API.", @@ -284,8 +284,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "5031714372762112092" + "version": "0.22.6.54827", + "templateHash": "14571499926134179860" }, "name": "API Management Service APIs Policies", "description": "This module deploys an API Management Service API Policy.", diff --git a/modules/api-management/service/api/policy/README.md b/modules/api-management/service/api/policy/README.md index 3696e336ba..969678d876 100644 --- a/modules/api-management/service/api/policy/README.md +++ b/modules/api-management/service/api/policy/README.md @@ -19,29 +19,69 @@ This module deploys an API Management Service API Policy. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `value` | string | Contents of the Policy as defined by the format. | +| [`value`](#parameter-value) | string | Contents of the Policy as defined by the format. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `apiManagementServiceName` | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | -| `apiName` | string | The name of the parent API. Required if the template is used in a standalone deployment. | +| [`apiManagementServiceName`](#parameter-apimanagementservicename) | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | +| [`apiName`](#parameter-apiname) | string | The name of the parent API. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `format` | string | `'xml'` | `[rawxml, rawxml-link, xml, xml-link]` | Format of the policyContent. | -| `name` | string | `'policy'` | | The name of the policy. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`format`](#parameter-format) | string | Format of the policyContent. | +| [`name`](#parameter-name) | string | The name of the policy. | + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `apiName` + +The name of the parent API. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `format` + +Format of the policyContent. +- Required: No +- Type: string +- Default: `'xml'` +- Allowed: `[rawxml, rawxml-link, xml, xml-link]` + +### Parameter: `name` + +The name of the policy. +- Required: No +- Type: string +- Default: `'policy'` + +### Parameter: `value` + +Contents of the Policy as defined by the format. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the API policy. | | `resourceGroupName` | string | The resource group the API policy was deployed into. | diff --git a/modules/api-management/service/api/policy/main.json b/modules/api-management/service/api/policy/main.json index 76457b0c2f..02322fa340 100644 --- a/modules/api-management/service/api/policy/main.json +++ b/modules/api-management/service/api/policy/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "5031714372762112092" + "version": "0.22.6.54827", + "templateHash": "14571499926134179860" }, "name": "API Management Service APIs Policies", "description": "This module deploys an API Management Service API Policy.", diff --git a/modules/api-management/service/authorization-server/README.md b/modules/api-management/service/authorization-server/README.md index a875ea1259..f10abac911 100644 --- a/modules/api-management/service/authorization-server/README.md +++ b/modules/api-management/service/authorization-server/README.md @@ -4,12 +4,12 @@ This module deploys an API Management Service Authorization Server. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -19,41 +19,161 @@ This module deploys an API Management Service Authorization Server. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `authorizationEndpoint` | string | OAuth authorization endpoint. See . | -| `clientId` | securestring | Client or app ID registered with this authorization server. | -| `clientSecret` | securestring | Client or app secret registered with this authorization server. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value. | -| `grantTypes` | array | Form of an authorization grant, which the client uses to request the access token. - authorizationCode, implicit, resourceOwnerPassword, clientCredentials. | -| `name` | string | Identifier of the authorization server. | +| [`authorizationEndpoint`](#parameter-authorizationendpoint) | string | OAuth authorization endpoint. See . | +| [`clientId`](#parameter-clientid) | securestring | Client or app ID registered with this authorization server. | +| [`clientSecret`](#parameter-clientsecret) | securestring | Client or app secret registered with this authorization server. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value. | +| [`grantTypes`](#parameter-granttypes) | array | Form of an authorization grant, which the client uses to request the access token. - authorizationCode, implicit, resourceOwnerPassword, clientCredentials. | +| [`name`](#parameter-name) | string | Identifier of the authorization server. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `apiManagementServiceName` | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | +| [`apiManagementServiceName`](#parameter-apimanagementservicename) | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `authorizationMethods` | array | `[GET]` | HTTP verbs supported by the authorization endpoint. GET must be always present. POST is optional. - HEAD, OPTIONS, TRACE, GET, POST, PUT, PATCH, DELETE. | -| `bearerTokenSendingMethods` | array | `[authorizationHeader]` | Specifies the mechanism by which access token is passed to the API. - authorizationHeader or query. | -| `clientAuthenticationMethod` | array | `[Basic]` | Method of authentication supported by the token endpoint of this authorization server. Possible values are Basic and/or Body. When Body is specified, client credentials and other parameters are passed within the request body in the application/x-www-form-urlencoded format. - Basic or Body. | -| `clientRegistrationEndpoint` | string | `''` | Optional reference to a page where client or app registration for this authorization server is performed. Contains absolute URL to entity being referenced. | -| `defaultScope` | string | `''` | Access token scope that is going to be requested by default. Can be overridden at the API level. Should be provided in the form of a string containing space-delimited values. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `resourceOwnerPassword` | string | `''` | Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner password. | -| `resourceOwnerUsername` | string | `''` | Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner username. | -| `serverDescription` | string | `''` | Description of the authorization server. Can contain HTML formatting tags. | -| `supportState` | bool | `False` | If true, authorization server will include state parameter from the authorization request to its response. Client may use state parameter to raise protocol security. | -| `tokenBodyParameters` | array | `[]` | Additional parameters required by the token endpoint of this authorization server represented as an array of JSON objects with name and value string properties, i.e. {"name" : "name value", "value": "a value"}. - TokenBodyParameterContract object. | -| `tokenEndpoint` | string | `''` | OAuth token endpoint. Contains absolute URI to entity being referenced. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`authorizationMethods`](#parameter-authorizationmethods) | array | HTTP verbs supported by the authorization endpoint. GET must be always present. POST is optional. - HEAD, OPTIONS, TRACE, GET, POST, PUT, PATCH, DELETE. | +| [`bearerTokenSendingMethods`](#parameter-bearertokensendingmethods) | array | Specifies the mechanism by which access token is passed to the API. - authorizationHeader or query. | +| [`clientAuthenticationMethod`](#parameter-clientauthenticationmethod) | array | Method of authentication supported by the token endpoint of this authorization server. Possible values are Basic and/or Body. When Body is specified, client credentials and other parameters are passed within the request body in the application/x-www-form-urlencoded format. - Basic or Body. | +| [`clientRegistrationEndpoint`](#parameter-clientregistrationendpoint) | string | Optional reference to a page where client or app registration for this authorization server is performed. Contains absolute URL to entity being referenced. | +| [`defaultScope`](#parameter-defaultscope) | string | Access token scope that is going to be requested by default. Can be overridden at the API level. Should be provided in the form of a string containing space-delimited values. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`resourceOwnerPassword`](#parameter-resourceownerpassword) | string | Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner password. | +| [`resourceOwnerUsername`](#parameter-resourceownerusername) | string | Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner username. | +| [`serverDescription`](#parameter-serverdescription) | string | Description of the authorization server. Can contain HTML formatting tags. | +| [`supportState`](#parameter-supportstate) | bool | If true, authorization server will include state parameter from the authorization request to its response. Client may use state parameter to raise protocol security. | +| [`tokenBodyParameters`](#parameter-tokenbodyparameters) | array | Additional parameters required by the token endpoint of this authorization server represented as an array of JSON objects with name and value string properties, i.e. {"name" : "name value", "value": "a value"}. - TokenBodyParameterContract object. | +| [`tokenEndpoint`](#parameter-tokenendpoint) | string | OAuth token endpoint. Contains absolute URI to entity being referenced. | + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `authorizationEndpoint` + +OAuth authorization endpoint. See . +- Required: Yes +- Type: string + +### Parameter: `authorizationMethods` + +HTTP verbs supported by the authorization endpoint. GET must be always present. POST is optional. - HEAD, OPTIONS, TRACE, GET, POST, PUT, PATCH, DELETE. +- Required: No +- Type: array +- Default: `[GET]` + +### Parameter: `bearerTokenSendingMethods` + +Specifies the mechanism by which access token is passed to the API. - authorizationHeader or query. +- Required: No +- Type: array +- Default: `[authorizationHeader]` + +### Parameter: `clientAuthenticationMethod` + +Method of authentication supported by the token endpoint of this authorization server. Possible values are Basic and/or Body. When Body is specified, client credentials and other parameters are passed within the request body in the application/x-www-form-urlencoded format. - Basic or Body. +- Required: No +- Type: array +- Default: `[Basic]` + +### Parameter: `clientId` + +Client or app ID registered with this authorization server. +- Required: Yes +- Type: securestring + +### Parameter: `clientRegistrationEndpoint` + +Optional reference to a page where client or app registration for this authorization server is performed. Contains absolute URL to entity being referenced. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `clientSecret` + +Client or app secret registered with this authorization server. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value. +- Required: Yes +- Type: securestring + +### Parameter: `defaultScope` + +Access token scope that is going to be requested by default. Can be overridden at the API level. Should be provided in the form of a string containing space-delimited values. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `grantTypes` + +Form of an authorization grant, which the client uses to request the access token. - authorizationCode, implicit, resourceOwnerPassword, clientCredentials. +- Required: Yes +- Type: array + +### Parameter: `name` + +Identifier of the authorization server. +- Required: Yes +- Type: string + +### Parameter: `resourceOwnerPassword` + +Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner password. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `resourceOwnerUsername` + +Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner username. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `serverDescription` + +Description of the authorization server. Can contain HTML formatting tags. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `supportState` + +If true, authorization server will include state parameter from the authorization request to its response. Client may use state parameter to raise protocol security. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tokenBodyParameters` + +Additional parameters required by the token endpoint of this authorization server represented as an array of JSON objects with name and value string properties, i.e. {"name" : "name value", "value": "a value"}. - TokenBodyParameterContract object. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tokenEndpoint` + +OAuth token endpoint. Contains absolute URI to entity being referenced. +- Required: No +- Type: string +- Default: `''` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the API management service authorization server. | | `resourceGroupName` | string | The resource group the API management service authorization server was deployed into. | diff --git a/modules/api-management/service/authorization-server/main.json b/modules/api-management/service/authorization-server/main.json index d956cf25f5..09fc98f3c1 100644 --- a/modules/api-management/service/authorization-server/main.json +++ b/modules/api-management/service/authorization-server/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "8155815469027179886" + "version": "0.22.6.54827", + "templateHash": "7988688467600216709" }, "name": "API Management Service Authorization Servers", "description": "This module deploys an API Management Service Authorization Server.", diff --git a/modules/api-management/service/backend/README.md b/modules/api-management/service/backend/README.md index 90025fec0f..a94b3f65e9 100644 --- a/modules/api-management/service/backend/README.md +++ b/modules/api-management/service/backend/README.md @@ -4,13 +4,13 @@ This module deploys an API Management Service Backend. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -20,35 +20,116 @@ This module deploys an API Management Service Backend. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Backend Name. | -| `url` | string | Runtime URL of the Backend. | +| [`name`](#parameter-name) | string | Backend Name. | +| [`url`](#parameter-url) | string | Runtime URL of the Backend. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `apiManagementServiceName` | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | +| [`apiManagementServiceName`](#parameter-apimanagementservicename) | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `credentials` | object | `{object}` | Backend Credentials Contract Properties. | -| `description` | string | `''` | Backend Description. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `protocol` | string | `'http'` | Backend communication protocol. - http or soap. | -| `proxy` | object | `{object}` | Backend Proxy Contract Properties. | -| `resourceId` | string | `''` | Management Uri of the Resource in External System. This URL can be the Arm Resource ID of Logic Apps, Function Apps or API Apps. | -| `serviceFabricCluster` | object | `{object}` | Backend Service Fabric Cluster Properties. | -| `title` | string | `''` | Backend Title. | -| `tls` | object | `{object}` | Backend TLS Properties. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`credentials`](#parameter-credentials) | object | Backend Credentials Contract Properties. | +| [`description`](#parameter-description) | string | Backend Description. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`protocol`](#parameter-protocol) | string | Backend communication protocol. - http or soap. | +| [`proxy`](#parameter-proxy) | object | Backend Proxy Contract Properties. | +| [`resourceId`](#parameter-resourceid) | string | Management Uri of the Resource in External System. This URL can be the Arm Resource ID of Logic Apps, Function Apps or API Apps. | +| [`serviceFabricCluster`](#parameter-servicefabriccluster) | object | Backend Service Fabric Cluster Properties. | +| [`title`](#parameter-title) | string | Backend Title. | +| [`tls`](#parameter-tls) | object | Backend TLS Properties. | + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `credentials` + +Backend Credentials Contract Properties. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `description` + +Backend Description. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +Backend Name. +- Required: Yes +- Type: string + +### Parameter: `protocol` + +Backend communication protocol. - http or soap. +- Required: No +- Type: string +- Default: `'http'` + +### Parameter: `proxy` + +Backend Proxy Contract Properties. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `resourceId` + +Management Uri of the Resource in External System. This URL can be the Arm Resource ID of Logic Apps, Function Apps or API Apps. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `serviceFabricCluster` + +Backend Service Fabric Cluster Properties. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `title` + +Backend Title. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `tls` + +Backend TLS Properties. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `url` + +Runtime URL of the Backend. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the API management service backend. | | `resourceGroupName` | string | The resource group the API management service backend was deployed into. | diff --git a/modules/api-management/service/backend/main.json b/modules/api-management/service/backend/main.json index 17c351e22a..e10f1c81ee 100644 --- a/modules/api-management/service/backend/main.json +++ b/modules/api-management/service/backend/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "1669725941639871055" + "version": "0.22.6.54827", + "templateHash": "3713166604792624713" }, "name": "API Management Service Backends", "description": "This module deploys an API Management Service Backend.", diff --git a/modules/api-management/service/cache/README.md b/modules/api-management/service/cache/README.md index d6c9712e8e..3bc84b82c2 100644 --- a/modules/api-management/service/cache/README.md +++ b/modules/api-management/service/cache/README.md @@ -4,12 +4,12 @@ This module deploys an API Management Service Cache. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -19,30 +19,75 @@ This module deploys an API Management Service Cache. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `connectionString` | string | Runtime connection string to cache. Can be referenced by a named value like so, {{}}. | -| `name` | string | Identifier of the Cache entity. Cache identifier (should be either 'default' or valid Azure region identifier). | -| `useFromLocation` | string | Location identifier to use cache from (should be either 'default' or valid Azure region identifier). | +| [`connectionString`](#parameter-connectionstring) | string | Runtime connection string to cache. Can be referenced by a named value like so, {{}}. | +| [`name`](#parameter-name) | string | Identifier of the Cache entity. Cache identifier (should be either 'default' or valid Azure region identifier). | +| [`useFromLocation`](#parameter-usefromlocation) | string | Location identifier to use cache from (should be either 'default' or valid Azure region identifier). | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `apiManagementServiceName` | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | +| [`apiManagementServiceName`](#parameter-apimanagementservicename) | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `description` | string | `''` | Cache description. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `resourceId` | string | `''` | Original uri of entity in external system cache points to. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`description`](#parameter-description) | string | Cache description. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`resourceId`](#parameter-resourceid) | string | Original uri of entity in external system cache points to. | + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `connectionString` + +Runtime connection string to cache. Can be referenced by a named value like so, {{}}. +- Required: Yes +- Type: string + +### Parameter: `description` + +Cache description. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +Identifier of the Cache entity. Cache identifier (should be either 'default' or valid Azure region identifier). +- Required: Yes +- Type: string + +### Parameter: `resourceId` + +Original uri of entity in external system cache points to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `useFromLocation` + +Location identifier to use cache from (should be either 'default' or valid Azure region identifier). +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the API management service cache. | | `resourceGroupName` | string | The resource group the API management service cache was deployed into. | diff --git a/modules/api-management/service/cache/main.json b/modules/api-management/service/cache/main.json index 662943675f..80972f2881 100644 --- a/modules/api-management/service/cache/main.json +++ b/modules/api-management/service/cache/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "17031319637382778576" + "version": "0.22.6.54827", + "templateHash": "4933923478377534151" }, "name": "API Management Service Caches", "description": "This module deploys an API Management Service Cache.", diff --git a/modules/api-management/service/identity-provider/README.md b/modules/api-management/service/identity-provider/README.md index ee17802cdf..9246273650 100644 --- a/modules/api-management/service/identity-provider/README.md +++ b/modules/api-management/service/identity-provider/README.md @@ -19,37 +19,134 @@ This module deploys an API Management Service Identity Provider. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Identity provider name. | +| [`name`](#parameter-name) | string | Identity provider name. | **Conditional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `apiManagementServiceName` | string | | The name of the parent API Management service. Required if the template is used in a standalone deployment. | -| `clientId` | string | `''` | Client ID of the Application in the external Identity Provider. Required if identity provider is used. | -| `clientSecret` | securestring | `''` | Client secret of the Application in external Identity Provider, used to authenticate login request. Required if identity provider is used. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`apiManagementServiceName`](#parameter-apimanagementservicename) | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | +| [`clientId`](#parameter-clientid) | string | Client ID of the Application in the external Identity Provider. Required if identity provider is used. | +| [`clientSecret`](#parameter-clientsecret) | securestring | Client secret of the Application in external Identity Provider, used to authenticate login request. Required if identity provider is used. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `allowedTenants` | array | `[]` | | List of Allowed Tenants when configuring Azure Active Directory login. - string. | -| `authority` | string | `''` | | OpenID Connect discovery endpoint hostname for AAD or AAD B2C. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enableIdentityProviders` | bool | `False` | | Used to enable the deployment of the identityProviders child resource. | -| `passwordResetPolicyName` | string | `''` | | Password Reset Policy Name. Only applies to AAD B2C Identity Provider. | -| `profileEditingPolicyName` | string | `''` | | Profile Editing Policy Name. Only applies to AAD B2C Identity Provider. | -| `signInPolicyName` | string | `''` | | Signin Policy Name. Only applies to AAD B2C Identity Provider. | -| `signInTenant` | string | `''` | | The TenantId to use instead of Common when logging into Active Directory. | -| `signUpPolicyName` | string | `''` | | Signup Policy Name. Only applies to AAD B2C Identity Provider. | -| `type` | string | `'aad'` | `[aad, aadB2C, facebook, google, microsoft, twitter]` | Identity Provider Type identifier. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`allowedTenants`](#parameter-allowedtenants) | array | List of Allowed Tenants when configuring Azure Active Directory login. - string. | +| [`authority`](#parameter-authority) | string | OpenID Connect discovery endpoint hostname for AAD or AAD B2C. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enableIdentityProviders`](#parameter-enableidentityproviders) | bool | Used to enable the deployment of the identityProviders child resource. | +| [`passwordResetPolicyName`](#parameter-passwordresetpolicyname) | string | Password Reset Policy Name. Only applies to AAD B2C Identity Provider. | +| [`profileEditingPolicyName`](#parameter-profileeditingpolicyname) | string | Profile Editing Policy Name. Only applies to AAD B2C Identity Provider. | +| [`signInPolicyName`](#parameter-signinpolicyname) | string | Signin Policy Name. Only applies to AAD B2C Identity Provider. | +| [`signInTenant`](#parameter-signintenant) | string | The TenantId to use instead of Common when logging into Active Directory. | +| [`signUpPolicyName`](#parameter-signuppolicyname) | string | Signup Policy Name. Only applies to AAD B2C Identity Provider. | +| [`type`](#parameter-type) | string | Identity Provider Type identifier. | + +### Parameter: `allowedTenants` + +List of Allowed Tenants when configuring Azure Active Directory login. - string. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `authority` + +OpenID Connect discovery endpoint hostname for AAD or AAD B2C. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `clientId` + +Client ID of the Application in the external Identity Provider. Required if identity provider is used. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `clientSecret` + +Client secret of the Application in external Identity Provider, used to authenticate login request. Required if identity provider is used. +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableIdentityProviders` + +Used to enable the deployment of the identityProviders child resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `name` + +Identity provider name. +- Required: Yes +- Type: string + +### Parameter: `passwordResetPolicyName` + +Password Reset Policy Name. Only applies to AAD B2C Identity Provider. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `profileEditingPolicyName` + +Profile Editing Policy Name. Only applies to AAD B2C Identity Provider. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `signInPolicyName` + +Signin Policy Name. Only applies to AAD B2C Identity Provider. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `signInTenant` + +The TenantId to use instead of Common when logging into Active Directory. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `signUpPolicyName` + +Signup Policy Name. Only applies to AAD B2C Identity Provider. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `type` + +Identity Provider Type identifier. +- Required: No +- Type: string +- Default: `'aad'` +- Allowed: `[aad, aadB2C, facebook, google, microsoft, twitter]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the API management service identity provider. | | `resourceGroupName` | string | The resource group the API management service identity provider was deployed into. | diff --git a/modules/api-management/service/identity-provider/main.json b/modules/api-management/service/identity-provider/main.json index 12777acfdc..a5131f7311 100644 --- a/modules/api-management/service/identity-provider/main.json +++ b/modules/api-management/service/identity-provider/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "17041253664250888675" + "version": "0.22.6.54827", + "templateHash": "13822474427587974385" }, "name": "API Management Service Identity Providers", "description": "This module deploys an API Management Service Identity Provider.", diff --git a/modules/api-management/service/main.json b/modules/api-management/service/main.json index e6a0293d07..0eca3efbe5 100644 --- a/modules/api-management/service/main.json +++ b/modules/api-management/service/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "16139014256674828272" + "version": "0.22.6.54827", + "templateHash": "12476936893104821390" }, "name": "API Management Services", "description": "This module deploys an API Management Service.", @@ -501,8 +501,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13643970540915525806" + "version": "0.22.6.54827", + "templateHash": "17340528539230351720" }, "name": "API Management Service APIs", "description": "This module deploys an API Management Service API.", @@ -781,8 +781,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "6059606679416480431" + "version": "0.22.6.54827", + "templateHash": "14571499926134179860" }, "name": "API Management Service APIs Policies", "description": "This module deploys an API Management Service API Policy.", @@ -951,8 +951,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "17009588020697963791" + "version": "0.22.6.54827", + "templateHash": "12233980723609740158" }, "name": "API Management Service API Version Sets", "description": "This module deploys an API Management Service API Version Set.", @@ -1091,8 +1091,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10093092890891107320" + "version": "0.22.6.54827", + "templateHash": "7988688467600216709" }, "name": "API Management Service Authorization Servers", "description": "This module deploys an API Management Service Authorization Server.", @@ -1339,8 +1339,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15587770490550622003" + "version": "0.22.6.54827", + "templateHash": "3713166604792624713" }, "name": "API Management Service Backends", "description": "This module deploys an API Management Service Backend.", @@ -1533,8 +1533,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "12512964555569038583" + "version": "0.22.6.54827", + "templateHash": "4933923478377534151" }, "name": "API Management Service Caches", "description": "This module deploys an API Management Service Cache.", @@ -1684,8 +1684,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5821693072491820871" + "version": "0.22.6.54827", + "templateHash": "13822474427587974385" }, "name": "API Management Service Identity Providers", "description": "This module deploys an API Management Service Identity Provider.", @@ -1900,8 +1900,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3922343729155718081" + "version": "0.22.6.54827", + "templateHash": "3581707708141744852" }, "name": "API Management Service Named Values", "description": "This module deploys an API Management Service Named Value.", @@ -2053,8 +2053,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "869969373482543080" + "version": "0.22.6.54827", + "templateHash": "1124223085084988655" }, "name": "API Management Service Portal Settings", "description": "This module deploys an API Management Service Portal Setting.", @@ -2176,8 +2176,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13858171935263007479" + "version": "0.22.6.54827", + "templateHash": "3650757020022888901" }, "name": "API Management Service Policies", "description": "This module deploys an API Management Service Policy.", @@ -2316,8 +2316,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "6198741217819703348" + "version": "0.22.6.54827", + "templateHash": "2758822676627115160" }, "name": "API Management Service Products", "description": "This module deploys an API Management Service Product.", @@ -2465,8 +2465,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "4854177138271927700" + "version": "0.22.6.54827", + "templateHash": "16488730655399972556" }, "name": "API Management Service Products APIs", "description": "This module deploys an API Management Service Product API.", @@ -2579,8 +2579,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8500094107587576986" + "version": "0.22.6.54827", + "templateHash": "14085709622188800883" }, "name": "API Management Service Products Groups", "description": "This module deploys an API Management Service Product Group.", @@ -2745,8 +2745,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5104726614398406453" + "version": "0.22.6.54827", + "templateHash": "10733141744485121232" }, "name": "API Management Service Subscriptions", "description": "This module deploys an API Management Service Subscription.", @@ -2908,8 +2908,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15706860856976307419" + "version": "0.22.6.54827", + "templateHash": "1194193235287598548" } }, "parameters": { diff --git a/modules/api-management/service/named-value/README.md b/modules/api-management/service/named-value/README.md index 2920b62283..d73832ca82 100644 --- a/modules/api-management/service/named-value/README.md +++ b/modules/api-management/service/named-value/README.md @@ -4,13 +4,13 @@ This module deploys an API Management Service Named Value. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -20,31 +20,84 @@ This module deploys an API Management Service Named Value. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `displayName` | string | Unique name of NamedValue. It may contain only letters, digits, period, dash, and underscore characters. | -| `name` | string | Named value Name. | +| [`displayName`](#parameter-displayname) | string | Unique name of NamedValue. It may contain only letters, digits, period, dash, and underscore characters. | +| [`name`](#parameter-name) | string | Named value Name. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `apiManagementServiceName` | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | +| [`apiManagementServiceName`](#parameter-apimanagementservicename) | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `keyVault` | object | `{object}` | KeyVault location details of the namedValue. | -| `secret` | bool | `False` | Determines whether the value is a secret and should be encrypted or not. Default value is false. | -| `tags` | array | `[]` | Tags that when provided can be used to filter the NamedValue list. - string. | -| `value` | string | `[newGuid()]` | Value of the NamedValue. Can contain policy expressions. It may not be empty or consist only of whitespace. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`keyVault`](#parameter-keyvault) | object | KeyVault location details of the namedValue. | +| [`secret`](#parameter-secret) | bool | Determines whether the value is a secret and should be encrypted or not. Default value is false. | +| [`tags`](#parameter-tags) | array | Tags that when provided can be used to filter the NamedValue list. - string. | +| [`value`](#parameter-value) | string | Value of the NamedValue. Can contain policy expressions. It may not be empty or consist only of whitespace. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value. | + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `displayName` + +Unique name of NamedValue. It may contain only letters, digits, period, dash, and underscore characters. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `keyVault` + +KeyVault location details of the namedValue. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +Named value Name. +- Required: Yes +- Type: string + +### Parameter: `secret` + +Determines whether the value is a secret and should be encrypted or not. Default value is false. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags that when provided can be used to filter the NamedValue list. - string. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `value` + +Value of the NamedValue. Can contain policy expressions. It may not be empty or consist only of whitespace. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value. +- Required: No +- Type: string +- Default: `[newGuid()]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the named value. | | `resourceGroupName` | string | The resource group the named value was deployed into. | diff --git a/modules/api-management/service/named-value/main.json b/modules/api-management/service/named-value/main.json index c75a4a3928..f47f644953 100644 --- a/modules/api-management/service/named-value/main.json +++ b/modules/api-management/service/named-value/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "7537918735725646871" + "version": "0.22.6.54827", + "templateHash": "3581707708141744852" }, "name": "API Management Service Named Values", "description": "This module deploys an API Management Service Named Value.", diff --git a/modules/api-management/service/policy/README.md b/modules/api-management/service/policy/README.md index 1e48186bc5..c9ca730024 100644 --- a/modules/api-management/service/policy/README.md +++ b/modules/api-management/service/policy/README.md @@ -19,28 +19,62 @@ This module deploys an API Management Service Policy. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `value` | string | Contents of the Policy as defined by the format. | +| [`value`](#parameter-value) | string | Contents of the Policy as defined by the format. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `apiManagementServiceName` | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | +| [`apiManagementServiceName`](#parameter-apimanagementservicename) | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `format` | string | `'xml'` | `[rawxml, rawxml-link, xml, xml-link]` | Format of the policyContent. | -| `name` | string | `'policy'` | | The name of the policy. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`format`](#parameter-format) | string | Format of the policyContent. | +| [`name`](#parameter-name) | string | The name of the policy. | + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `format` + +Format of the policyContent. +- Required: No +- Type: string +- Default: `'xml'` +- Allowed: `[rawxml, rawxml-link, xml, xml-link]` + +### Parameter: `name` + +The name of the policy. +- Required: No +- Type: string +- Default: `'policy'` + +### Parameter: `value` + +Contents of the Policy as defined by the format. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the API management service policy. | | `resourceGroupName` | string | The resource group the API management service policy was deployed into. | diff --git a/modules/api-management/service/policy/main.json b/modules/api-management/service/policy/main.json index 65580b17b4..32bd1ce4bc 100644 --- a/modules/api-management/service/policy/main.json +++ b/modules/api-management/service/policy/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "8348924989076719813" + "version": "0.22.6.54827", + "templateHash": "3650757020022888901" }, "name": "API Management Service Policies", "description": "This module deploys an API Management Service Policy.", diff --git a/modules/api-management/service/portalsetting/README.md b/modules/api-management/service/portalsetting/README.md index e9c2e989a7..92c67fce9e 100644 --- a/modules/api-management/service/portalsetting/README.md +++ b/modules/api-management/service/portalsetting/README.md @@ -19,27 +19,54 @@ This module deploys an API Management Service Portal Setting. **Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `name` | string | `[delegation, signin, signup]` | Portal setting name. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Portal setting name. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `apiManagementServiceName` | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | +| [`apiManagementServiceName`](#parameter-apimanagementservicename) | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `properties` | object | `{object}` | Portal setting properties. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`properties`](#parameter-properties) | object | Portal setting properties. | + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +Portal setting name. +- Required: Yes +- Type: string +- Allowed: `[delegation, signin, signup]` + +### Parameter: `properties` + +Portal setting properties. +- Required: No +- Type: object +- Default: `{object}` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the API management service portal setting. | | `resourceGroupName` | string | The resource group the API management service portal setting was deployed into. | diff --git a/modules/api-management/service/portalsetting/main.json b/modules/api-management/service/portalsetting/main.json index 174392d0e0..01f872a8e5 100644 --- a/modules/api-management/service/portalsetting/main.json +++ b/modules/api-management/service/portalsetting/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "11909172258549553650" + "version": "0.22.6.54827", + "templateHash": "1124223085084988655" }, "name": "API Management Service Portal Settings", "description": "This module deploys an API Management Service Portal Setting.", diff --git a/modules/api-management/service/product/README.md b/modules/api-management/service/product/README.md index e5b15b55f4..03ba03cf8b 100644 --- a/modules/api-management/service/product/README.md +++ b/modules/api-management/service/product/README.md @@ -4,12 +4,12 @@ This module deploys an API Management Service Product. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -21,34 +21,109 @@ This module deploys an API Management Service Product. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Product Name. | +| [`name`](#parameter-name) | string | Product Name. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `apiManagementServiceName` | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | +| [`apiManagementServiceName`](#parameter-apimanagementservicename) | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `apis` | array | `[]` | Array of Product APIs. | -| `approvalRequired` | bool | `False` | Whether subscription approval is required. If false, new subscriptions will be approved automatically enabling developers to call the products APIs immediately after subscribing. If true, administrators must manually approve the subscription before the developer can any of the products APIs. Can be present only if subscriptionRequired property is present and has a value of false. | -| `description` | string | `''` | Product description. May include HTML formatting tags. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `groups` | array | `[]` | Array of Product Groups. | -| `state` | string | `'published'` | whether product is published or not. Published products are discoverable by users of developer portal. Non published products are visible only to administrators. Default state of Product is notPublished. - notPublished or published. | -| `subscriptionRequired` | bool | `False` | Whether a product subscription is required for accessing APIs included in this product. If true, the product is referred to as "protected" and a valid subscription key is required for a request to an API included in the product to succeed. If false, the product is referred to as "open" and requests to an API included in the product can be made without a subscription key. If property is omitted when creating a new product it's value is assumed to be true. | -| `subscriptionsLimit` | int | `1` | Whether the number of subscriptions a user can have to this product at the same time. Set to null or omit to allow unlimited per user subscriptions. Can be present only if subscriptionRequired property is present and has a value of false. | -| `terms` | string | `''` | Product terms of use. Developers trying to subscribe to the product will be presented and required to accept these terms before they can complete the subscription process. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`apis`](#parameter-apis) | array | Array of Product APIs. | +| [`approvalRequired`](#parameter-approvalrequired) | bool | Whether subscription approval is required. If false, new subscriptions will be approved automatically enabling developers to call the products APIs immediately after subscribing. If true, administrators must manually approve the subscription before the developer can any of the products APIs. Can be present only if subscriptionRequired property is present and has a value of false. | +| [`description`](#parameter-description) | string | Product description. May include HTML formatting tags. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`groups`](#parameter-groups) | array | Array of Product Groups. | +| [`state`](#parameter-state) | string | whether product is published or not. Published products are discoverable by users of developer portal. Non published products are visible only to administrators. Default state of Product is notPublished. - notPublished or published. | +| [`subscriptionRequired`](#parameter-subscriptionrequired) | bool | Whether a product subscription is required for accessing APIs included in this product. If true, the product is referred to as "protected" and a valid subscription key is required for a request to an API included in the product to succeed. If false, the product is referred to as "open" and requests to an API included in the product can be made without a subscription key. If property is omitted when creating a new product it's value is assumed to be true. | +| [`subscriptionsLimit`](#parameter-subscriptionslimit) | int | Whether the number of subscriptions a user can have to this product at the same time. Set to null or omit to allow unlimited per user subscriptions. Can be present only if subscriptionRequired property is present and has a value of false. | +| [`terms`](#parameter-terms) | string | Product terms of use. Developers trying to subscribe to the product will be presented and required to accept these terms before they can complete the subscription process. | + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `apis` + +Array of Product APIs. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `approvalRequired` + +Whether subscription approval is required. If false, new subscriptions will be approved automatically enabling developers to call the products APIs immediately after subscribing. If true, administrators must manually approve the subscription before the developer can any of the products APIs. Can be present only if subscriptionRequired property is present and has a value of false. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `description` + +Product description. May include HTML formatting tags. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `groups` + +Array of Product Groups. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `name` + +Product Name. +- Required: Yes +- Type: string + +### Parameter: `state` + +whether product is published or not. Published products are discoverable by users of developer portal. Non published products are visible only to administrators. Default state of Product is notPublished. - notPublished or published. +- Required: No +- Type: string +- Default: `'published'` + +### Parameter: `subscriptionRequired` + +Whether a product subscription is required for accessing APIs included in this product. If true, the product is referred to as "protected" and a valid subscription key is required for a request to an API included in the product to succeed. If false, the product is referred to as "open" and requests to an API included in the product can be made without a subscription key. If property is omitted when creating a new product it's value is assumed to be true. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `subscriptionsLimit` + +Whether the number of subscriptions a user can have to this product at the same time. Set to null or omit to allow unlimited per user subscriptions. Can be present only if subscriptionRequired property is present and has a value of false. +- Required: No +- Type: int +- Default: `1` + +### Parameter: `terms` + +Product terms of use. Developers trying to subscribe to the product will be presented and required to accept these terms before they can complete the subscription process. +- Required: No +- Type: string +- Default: `''` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `apiResourceIds` | array | The Resources IDs of the API management service product APIs. | | `groupResourceIds` | array | The Resources IDs of the API management service product groups. | diff --git a/modules/api-management/service/product/api/README.md b/modules/api-management/service/product/api/README.md index fb2a3bcac8..3ae7df516b 100644 --- a/modules/api-management/service/product/api/README.md +++ b/modules/api-management/service/product/api/README.md @@ -19,27 +19,52 @@ This module deploys an API Management Service Product API. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Name of the product API. | +| [`name`](#parameter-name) | string | Name of the product API. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `apiManagementServiceName` | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | -| `productName` | string | The name of the parent Product. Required if the template is used in a standalone deployment. | +| [`apiManagementServiceName`](#parameter-apimanagementservicename) | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | +| [`productName`](#parameter-productname) | string | The name of the parent Product. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +Name of the product API. +- Required: Yes +- Type: string + +### Parameter: `productName` + +The name of the parent Product. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the product API. | | `resourceGroupName` | string | The resource group the product API was deployed into. | diff --git a/modules/api-management/service/product/api/main.json b/modules/api-management/service/product/api/main.json index 157c8181f7..0ecf6ebe3a 100644 --- a/modules/api-management/service/product/api/main.json +++ b/modules/api-management/service/product/api/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13243242177616383868" + "version": "0.22.6.54827", + "templateHash": "16488730655399972556" }, "name": "API Management Service Products APIs", "description": "This module deploys an API Management Service Product API.", diff --git a/modules/api-management/service/product/group/README.md b/modules/api-management/service/product/group/README.md index e58f9a3739..943378da28 100644 --- a/modules/api-management/service/product/group/README.md +++ b/modules/api-management/service/product/group/README.md @@ -19,27 +19,52 @@ This module deploys an API Management Service Product Group. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Name of the product group. | +| [`name`](#parameter-name) | string | Name of the product group. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `apiManagementServiceName` | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | -| `productName` | string | The name of the parent Product. Required if the template is used in a standalone deployment. | +| [`apiManagementServiceName`](#parameter-apimanagementservicename) | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | +| [`productName`](#parameter-productname) | string | The name of the parent Product. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +Name of the product group. +- Required: Yes +- Type: string + +### Parameter: `productName` + +The name of the parent Product. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the product group. | | `resourceGroupName` | string | The resource group the product group was deployed into. | diff --git a/modules/api-management/service/product/group/main.json b/modules/api-management/service/product/group/main.json index de5f8ef5c8..209c9c33d6 100644 --- a/modules/api-management/service/product/group/main.json +++ b/modules/api-management/service/product/group/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "11867976378445976169" + "version": "0.22.6.54827", + "templateHash": "14085709622188800883" }, "name": "API Management Service Products Groups", "description": "This module deploys an API Management Service Product Group.", diff --git a/modules/api-management/service/product/main.json b/modules/api-management/service/product/main.json index 172a816f4f..94a2143e2a 100644 --- a/modules/api-management/service/product/main.json +++ b/modules/api-management/service/product/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "11659142408016307537" + "version": "0.22.6.54827", + "templateHash": "2758822676627115160" }, "name": "API Management Service Products", "description": "This module deploys an API Management Service Product.", @@ -153,8 +153,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13243242177616383868" + "version": "0.22.6.54827", + "templateHash": "16488730655399972556" }, "name": "API Management Service Products APIs", "description": "This module deploys an API Management Service Product API.", @@ -267,8 +267,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "11867976378445976169" + "version": "0.22.6.54827", + "templateHash": "14085709622188800883" }, "name": "API Management Service Products Groups", "description": "This module deploys an API Management Service Product Group.", diff --git a/modules/api-management/service/subscription/README.md b/modules/api-management/service/subscription/README.md index 0195b16bfb..81c7f5c71b 100644 --- a/modules/api-management/service/subscription/README.md +++ b/modules/api-management/service/subscription/README.md @@ -4,12 +4,12 @@ This module deploys an API Management Service Subscription. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -19,32 +19,93 @@ This module deploys an API Management Service Subscription. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Subscription name. | +| [`name`](#parameter-name) | string | Subscription name. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `apiManagementServiceName` | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | +| [`apiManagementServiceName`](#parameter-apimanagementservicename) | string | The name of the parent API Management service. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `allowTracing` | bool | `True` | Determines whether tracing can be enabled. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `ownerId` | string | `''` | User (user ID path) for whom subscription is being created in form /users/{userId}. | -| `primaryKey` | string | `''` | Primary subscription key. If not specified during request key will be generated automatically. | -| `scope` | string | `'/apis'` | Scope type to choose between a product, "allAPIs" or a specific API. Scope like "/products/{productId}" or "/apis" or "/apis/{apiId}". | -| `secondaryKey` | string | `''` | Secondary subscription key. If not specified during request key will be generated automatically. | -| `state` | string | `''` | Initial subscription state. If no value is specified, subscription is created with Submitted state. Possible states are "*" active "?" the subscription is active, "*" suspended "?" the subscription is blocked, and the subscriber cannot call any APIs of the product, * submitted ? the subscription request has been made by the developer, but has not yet been approved or rejected, * rejected ? the subscription request has been denied by an administrator, * cancelled ? the subscription has been cancelled by the developer or administrator, * expired ? the subscription reached its expiration date and was deactivated. - suspended, active, expired, submitted, rejected, cancelled. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`allowTracing`](#parameter-allowtracing) | bool | Determines whether tracing can be enabled. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`ownerId`](#parameter-ownerid) | string | User (user ID path) for whom subscription is being created in form /users/{userId}. | +| [`primaryKey`](#parameter-primarykey) | string | Primary subscription key. If not specified during request key will be generated automatically. | +| [`scope`](#parameter-scope) | string | Scope type to choose between a product, "allAPIs" or a specific API. Scope like "/products/{productId}" or "/apis" or "/apis/{apiId}". | +| [`secondaryKey`](#parameter-secondarykey) | string | Secondary subscription key. If not specified during request key will be generated automatically. | +| [`state`](#parameter-state) | string | Initial subscription state. If no value is specified, subscription is created with Submitted state. Possible states are "*" active "?" the subscription is active, "*" suspended "?" the subscription is blocked, and the subscriber cannot call any APIs of the product, * submitted ? the subscription request has been made by the developer, but has not yet been approved or rejected, * rejected ? the subscription request has been denied by an administrator, * cancelled ? the subscription has been cancelled by the developer or administrator, * expired ? the subscription reached its expiration date and was deactivated. - suspended, active, expired, submitted, rejected, cancelled. | + +### Parameter: `allowTracing` + +Determines whether tracing can be enabled. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +Subscription name. +- Required: Yes +- Type: string + +### Parameter: `ownerId` + +User (user ID path) for whom subscription is being created in form /users/{userId}. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `primaryKey` + +Primary subscription key. If not specified during request key will be generated automatically. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `scope` + +Scope type to choose between a product, "allAPIs" or a specific API. Scope like "/products/{productId}" or "/apis" or "/apis/{apiId}". +- Required: No +- Type: string +- Default: `'/apis'` + +### Parameter: `secondaryKey` + +Secondary subscription key. If not specified during request key will be generated automatically. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `state` + +Initial subscription state. If no value is specified, subscription is created with Submitted state. Possible states are "*" active "?" the subscription is active, "*" suspended "?" the subscription is blocked, and the subscriber cannot call any APIs of the product, * submitted ? the subscription request has been made by the developer, but has not yet been approved or rejected, * rejected ? the subscription request has been denied by an administrator, * cancelled ? the subscription has been cancelled by the developer or administrator, * expired ? the subscription reached its expiration date and was deactivated. - suspended, active, expired, submitted, rejected, cancelled. +- Required: No +- Type: string +- Default: `''` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the API management service subscription. | | `resourceGroupName` | string | The resource group the API management service subscription was deployed into. | diff --git a/modules/api-management/service/subscription/main.json b/modules/api-management/service/subscription/main.json index 2ca7d5862e..faefcb8783 100644 --- a/modules/api-management/service/subscription/main.json +++ b/modules/api-management/service/subscription/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "15277659663277232184" + "version": "0.22.6.54827", + "templateHash": "10733141744485121232" }, "name": "API Management Service Subscriptions", "description": "This module deploys an API Management Service Subscription.", diff --git a/modules/app-configuration/configuration-store/.test/common/main.test.bicep b/modules/app-configuration/configuration-store/.test/common/main.test.bicep index f7bf489277..e359741a94 100644 --- a/modules/app-configuration/configuration-store/.test/common/main.test.bicep +++ b/modules/app-configuration/configuration-store/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/app-configuration/configuration-store/.test/min/main.test.bicep b/modules/app-configuration/configuration-store/.test/min/main.test.bicep index 141cbc3ee0..f1508db465 100644 --- a/modules/app-configuration/configuration-store/.test/min/main.test.bicep +++ b/modules/app-configuration/configuration-store/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using Maximum Parameters' +metadata description = 'This instance deploys the module with the large set of possible parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/app-configuration/configuration-store/README.md b/modules/app-configuration/configuration-store/README.md index c29bc1d5bd..2e9907827d 100644 --- a/modules/app-configuration/configuration-store/README.md +++ b/modules/app-configuration/configuration-store/README.md @@ -4,13 +4,13 @@ This module deploys an App Configuration Store. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -22,75 +22,30 @@ This module deploys an App Configuration Store. | `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) | -## Parameters - -**Required parameters** +## Usage examples -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Azure App Configuration. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `createMode` | string | `'Default'` | `[Default, Recover]` | Indicates whether the configuration store need to be recovered. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, Audit, HttpRequest]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `disableLocalAuth` | bool | `False` | | Disables all authentication methods other than AAD authentication. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enablePurgeProtection` | bool | `False` | | Property specifying whether protection against purge is enabled for this configuration store. | -| `keyValues` | array | `[]` | | All Key / Values to create. | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| `publicNetworkAccess` | string | `''` | `['', Disabled, Enabled]` | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `sku` | string | `'Standard'` | `[Free, Standard]` | Pricing tier of App Configuration. | -| `softDeleteRetentionInDays` | int | `1` | | The amount of time in days that the configuration store will be retained when it is soft deleted. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | - - -## Outputs +The following module usage examples are retrieved from the content of the files hosted in the module's `tests` folder. + >**Note**: The name of each example is based on the name of the file from which it is taken. -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the app configuration. | -| `resourceGroupName` | string | The resource group the app configuration store was deployed into. | -| `resourceId` | string | The resource ID of the app configuration. | -| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -## Cross-referenced modules + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/app-configuration.configuration-store:1.0.0`. -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). +- [Using only defaults](#example-1-using-only-defaults) +- [Using Maximum Parameters](#example-2-using-maximum-parameters) +- [Pe](#example-3-pe) -| Reference | Type | -| :-- | :-- | -| `network/private-endpoint` | Local reference | +### Example 1: _Using only defaults_ -## Deployment examples +This instance deploys the module with the minimum set of required parameters. -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

via Bicep module ```bicep -module configurationStore './app-configuration/configuration-store/main.bicep' = { +module configurationStore 'br:bicep/modules/app-configuration.configuration-store:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-acccom' params: { // Required parameters @@ -234,14 +189,17 @@ module configurationStore './app-configuration/configuration-store/main.bicep' =

-

Example 2: Min

+### Example 2: _Using Maximum Parameters_ + +This instance deploys the module with the large set of possible parameters. +
via Bicep module ```bicep -module configurationStore './app-configuration/configuration-store/main.bicep' = { +module configurationStore 'br:bicep/modules/app-configuration.configuration-store:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-accmin' params: { // Required parameters @@ -279,14 +237,14 @@ module configurationStore './app-configuration/configuration-store/main.bicep' =

-

Example 3: Pe

+### Example 3: _Pe_
via Bicep module ```bicep -module configurationStore './app-configuration/configuration-store/main.bicep' = { +module configurationStore 'br:bicep/modules/app-configuration.configuration-store:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-accpe' params: { // Required parameters @@ -385,3 +343,220 @@ module configurationStore './app-configuration/configuration-store/main.bicep' =

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the Azure App Configuration. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`createMode`](#parameter-createmode) | string | Indicates whether the configuration store need to be recovered. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`disableLocalAuth`](#parameter-disablelocalauth) | bool | Disables all authentication methods other than AAD authentication. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enablePurgeProtection`](#parameter-enablepurgeprotection) | bool | Property specifying whether protection against purge is enabled for this configuration store. | +| [`keyValues`](#parameter-keyvalues) | array | All Key / Values to create. | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`sku`](#parameter-sku) | string | Pricing tier of App Configuration. | +| [`softDeleteRetentionInDays`](#parameter-softdeleteretentionindays) | int | The amount of time in days that the configuration store will be retained when it is soft deleted. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | + +### Parameter: `createMode` + +Indicates whether the configuration store need to be recovered. +- Required: No +- Type: string +- Default: `'Default'` +- Allowed: `[Default, Recover]` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, Audit, HttpRequest]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `disableLocalAuth` + +Disables all authentication methods other than AAD authentication. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enablePurgeProtection` + +Property specifying whether protection against purge is enabled for this configuration store. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `keyValues` + +All Key / Values to create. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Name of the Azure App Configuration. +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints` + +Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `publicNetworkAccess` + +Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Disabled, Enabled]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `sku` + +Pricing tier of App Configuration. +- Required: No +- Type: string +- Default: `'Standard'` +- Allowed: `[Free, Standard]` + +### Parameter: `softDeleteRetentionInDays` + +The amount of time in days that the configuration store will be retained when it is soft deleted. +- Required: No +- Type: int +- Default: `1` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the app configuration. | +| `resourceGroupName` | string | The resource group the app configuration store was deployed into. | +| `resourceId` | string | The resource ID of the app configuration. | +| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | + +## Cross-referenced modules + +_None_ diff --git a/modules/app-configuration/configuration-store/key-value/README.md b/modules/app-configuration/configuration-store/key-value/README.md index 4d8a0cc029..7aba86936e 100644 --- a/modules/app-configuration/configuration-store/key-value/README.md +++ b/modules/app-configuration/configuration-store/key-value/README.md @@ -4,12 +4,12 @@ This module deploys an App Configuration Store Key Value. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -19,29 +19,68 @@ This module deploys an App Configuration Store Key Value. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Name of the key. | -| `value` | string | Name of the value. | +| [`name`](#parameter-name) | string | Name of the key. | +| [`value`](#parameter-value) | string | Name of the value. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `appConfigurationName` | string | The name of the parent app configuration store. Required if the template is used in a standalone deployment. | +| [`appConfigurationName`](#parameter-appconfigurationname) | string | The name of the parent app configuration store. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `contentType` | string | `''` | The content type of the key-values value. Providing a proper content-type can enable transformations of values when they are retrieved by applications. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `tags` | object | `{object}` | Tags of the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`contentType`](#parameter-contenttype) | string | The content type of the key-values value. Providing a proper content-type can enable transformations of values when they are retrieved by applications. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`tags`](#parameter-tags) | object | Tags of the resource. | + +### Parameter: `appConfigurationName` + +The name of the parent app configuration store. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `contentType` + +The content type of the key-values value. Providing a proper content-type can enable transformations of values when they are retrieved by applications. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +Name of the key. +- Required: Yes +- Type: string + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `value` + +Name of the value. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the key values. | | `resourceGroupName` | string | The resource group the batch account was deployed into. | diff --git a/modules/app-configuration/configuration-store/key-value/main.json b/modules/app-configuration/configuration-store/key-value/main.json index 69e7caf120..bd6ba98307 100644 --- a/modules/app-configuration/configuration-store/key-value/main.json +++ b/modules/app-configuration/configuration-store/key-value/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "18125120019454222929" + "version": "0.22.6.54827", + "templateHash": "16698134952769248111" }, "name": "App Configuration Stores Key Values", "description": "This module deploys an App Configuration Store Key Value.", diff --git a/modules/app-configuration/configuration-store/main.json b/modules/app-configuration/configuration-store/main.json index 1442aabb14..9864464e86 100644 --- a/modules/app-configuration/configuration-store/main.json +++ b/modules/app-configuration/configuration-store/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "11782317267764138408" + "version": "0.22.6.54827", + "templateHash": "10110269901043104603" }, "name": "App Configuration Stores", "description": "This module deploys an App Configuration Store.", @@ -334,8 +334,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "12355291254193028960" + "version": "0.22.6.54827", + "templateHash": "16698134952769248111" }, "name": "App Configuration Stores Key Values", "description": "This module deploys an App Configuration Store Key Value.", @@ -471,8 +471,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3406373389314015592" + "version": "0.22.6.54827", + "templateHash": "17212866457936326905" } }, "parameters": { @@ -633,8 +633,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14580007913383558904" + "version": "0.22.6.54827", + "templateHash": "2884140170473394983" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -833,8 +833,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2469208411936339153" + "version": "0.22.6.54827", + "templateHash": "5610247137574346230" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -971,8 +971,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.22.6.54827", + "templateHash": "14351187799927334028" } }, "parameters": { diff --git a/modules/app/container-app/.test/common/main.test.bicep b/modules/app/container-app/.test/common/main.test.bicep index 3f215031b9..2dc156fd4e 100644 --- a/modules/app/container-app/.test/common/main.test.bicep +++ b/modules/app/container-app/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/app/container-app/.test/min/main.test.bicep b/modules/app/container-app/.test/min/main.test.bicep index 66ba9c9e91..ae238c70c6 100644 --- a/modules/app/container-app/.test/min/main.test.bicep +++ b/modules/app/container-app/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using Maximum Parameters' +metadata description = 'This instance deploys the module with the large set of possible parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/app/container-app/README.md b/modules/app/container-app/README.md index 941fff342b..84b6f9d314 100644 --- a/modules/app/container-app/README.md +++ b/modules/app/container-app/README.md @@ -5,10 +5,10 @@ This module deploys a Container App. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -18,80 +18,29 @@ This module deploys a Container App. | `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `containers` | array | List of container definitions for the Container App. | -| `environmentId` | string | Resource ID of environment. | -| `name` | string | Name of the Container App. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `activeRevisionsMode` | string | `'Single'` | `[Multiple, Single]` | ActiveRevisionsMode controls how active revisions are handled for the Container app. | -| `customDomains` | array | `[]` | | Custom domain bindings for Container App hostnames. | -| `dapr` | object | `{object}` | | Dapr configuration for the Container App. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `exposedPort` | int | `0` | | Exposed Port in containers for TCP traffic from ingress. | -| `ingressAllowInsecure` | bool | `True` | | Bool indicating if HTTP connections to is allowed. If set to false HTTP connections are automatically redirected to HTTPS connections. | -| `ingressExternal` | bool | `True` | | Bool indicating if app exposes an external http endpoint. | -| `ingressTargetPort` | int | `80` | | Target Port in containers for traffic from ingress. | -| `ingressTransport` | string | `'auto'` | `[auto, http, http2, tcp]` | Ingress transport protocol. | -| `initContainersTemplate` | array | `[]` | | List of specialized containers that run before app containers. | -| `ipSecurityRestrictions` | array | `[]` | | Rules to restrict incoming IP address. | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `maxInactiveRevisions` | int | `0` | | Max inactive revisions a Container App can have. | -| `registries` | array | `[]` | | Collection of private container registry credentials for containers used by the Container app. | -| `revisionSuffix` | string | `''` | | User friendly suffix that is appended to the revision name. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute. | -| `scaleMaxReplicas` | int | `1` | | Maximum number of container replicas. Defaults to 10 if not set. | -| `scaleMinReplicas` | int | `0` | | Minimum number of container replicas. | -| `scaleRules` | array | `[]` | | Scaling rules. | -| `secrets` | secureObject | `{object}` | | The secrets of the Container App. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `trafficLabel` | string | `'label-1'` | | Associates a traffic label with a revision. Label name should be consist of lower case alphanumeric characters or dashes. | -| `trafficLatestRevision` | bool | `True` | | Indicates that the traffic weight belongs to a latest stable revision. | -| `trafficRevisionName` | string | `''` | | Name of a revision. | -| `trafficWeight` | int | `100` | | Traffic weight assigned to a revision. | -| `userAssignedIdentities` | object | `{object}` | | The set of user assigned identities associated with the resource, the userAssignedIdentities dictionary keys will be ARM resource IDs and The dictionary values can be empty objects ({}) in requests. | -| `volumes` | array | `[]` | | List of volume definitions for the Container App. | -| `workloadProfileType` | string | `''` | | Workload profile type to pin for container app execution. | - +## Usage examples -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the Container App. | -| `resourceGroupName` | string | The name of the resource group the Container App was deployed into. | -| `resourceId` | string | The resource ID of the Container App. | +The following module usage examples are retrieved from the content of the files hosted in the module's `tests` folder. + >**Note**: The name of each example is based on the name of the file from which it is taken. -## Cross-referenced modules + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/app.container-app:1.0.0`. -## Deployment examples +- [Using only defaults](#example-1-using-only-defaults) +- [Using Maximum Parameters](#example-2-using-maximum-parameters) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using only defaults_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with the minimum set of required parameters. -

Example 1: Common

via Bicep module ```bicep -module containerApp './app/container-app/main.bicep' = { +module containerApp 'br:bicep/modules/app.container-app:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-mcappcom' params: { // Required parameters @@ -233,14 +182,17 @@ module containerApp './app/container-app/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using Maximum Parameters_ + +This instance deploys the module with the large set of possible parameters. +
via Bicep module ```bicep -module containerApp './app/container-app/main.bicep' = { +module containerApp 'br:bicep/modules/app.container-app:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-mcappmin' params: { // Required parameters @@ -317,3 +269,294 @@ module containerApp './app/container-app/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`containers`](#parameter-containers) | array | List of container definitions for the Container App. | +| [`environmentId`](#parameter-environmentid) | string | Resource ID of environment. | +| [`name`](#parameter-name) | string | Name of the Container App. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`activeRevisionsMode`](#parameter-activerevisionsmode) | string | ActiveRevisionsMode controls how active revisions are handled for the Container app. | +| [`customDomains`](#parameter-customdomains) | array | Custom domain bindings for Container App hostnames. | +| [`dapr`](#parameter-dapr) | object | Dapr configuration for the Container App. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`exposedPort`](#parameter-exposedport) | int | Exposed Port in containers for TCP traffic from ingress. | +| [`ingressAllowInsecure`](#parameter-ingressallowinsecure) | bool | Bool indicating if HTTP connections to is allowed. If set to false HTTP connections are automatically redirected to HTTPS connections. | +| [`ingressExternal`](#parameter-ingressexternal) | bool | Bool indicating if app exposes an external http endpoint. | +| [`ingressTargetPort`](#parameter-ingresstargetport) | int | Target Port in containers for traffic from ingress. | +| [`ingressTransport`](#parameter-ingresstransport) | string | Ingress transport protocol. | +| [`initContainersTemplate`](#parameter-initcontainerstemplate) | array | List of specialized containers that run before app containers. | +| [`ipSecurityRestrictions`](#parameter-ipsecurityrestrictions) | array | Rules to restrict incoming IP address. | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`maxInactiveRevisions`](#parameter-maxinactiverevisions) | int | Max inactive revisions a Container App can have. | +| [`registries`](#parameter-registries) | array | Collection of private container registry credentials for containers used by the Container app. | +| [`revisionSuffix`](#parameter-revisionsuffix) | string | User friendly suffix that is appended to the revision name. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute. | +| [`scaleMaxReplicas`](#parameter-scalemaxreplicas) | int | Maximum number of container replicas. Defaults to 10 if not set. | +| [`scaleMinReplicas`](#parameter-scaleminreplicas) | int | Minimum number of container replicas. | +| [`scaleRules`](#parameter-scalerules) | array | Scaling rules. | +| [`secrets`](#parameter-secrets) | secureObject | The secrets of the Container App. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`trafficLabel`](#parameter-trafficlabel) | string | Associates a traffic label with a revision. Label name should be consist of lower case alphanumeric characters or dashes. | +| [`trafficLatestRevision`](#parameter-trafficlatestrevision) | bool | Indicates that the traffic weight belongs to a latest stable revision. | +| [`trafficRevisionName`](#parameter-trafficrevisionname) | string | Name of a revision. | +| [`trafficWeight`](#parameter-trafficweight) | int | Traffic weight assigned to a revision. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The set of user assigned identities associated with the resource, the userAssignedIdentities dictionary keys will be ARM resource IDs and The dictionary values can be empty objects ({}) in requests. | +| [`volumes`](#parameter-volumes) | array | List of volume definitions for the Container App. | +| [`workloadProfileType`](#parameter-workloadprofiletype) | string | Workload profile type to pin for container app execution. | + +### Parameter: `activeRevisionsMode` + +ActiveRevisionsMode controls how active revisions are handled for the Container app. +- Required: No +- Type: string +- Default: `'Single'` +- Allowed: `[Multiple, Single]` + +### Parameter: `containers` + +List of container definitions for the Container App. +- Required: Yes +- Type: array + +### Parameter: `customDomains` + +Custom domain bindings for Container App hostnames. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `dapr` + +Dapr configuration for the Container App. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `environmentId` + +Resource ID of environment. +- Required: Yes +- Type: string + +### Parameter: `exposedPort` + +Exposed Port in containers for TCP traffic from ingress. +- Required: No +- Type: int +- Default: `0` + +### Parameter: `ingressAllowInsecure` + +Bool indicating if HTTP connections to is allowed. If set to false HTTP connections are automatically redirected to HTTPS connections. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `ingressExternal` + +Bool indicating if app exposes an external http endpoint. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `ingressTargetPort` + +Target Port in containers for traffic from ingress. +- Required: No +- Type: int +- Default: `80` + +### Parameter: `ingressTransport` + +Ingress transport protocol. +- Required: No +- Type: string +- Default: `'auto'` +- Allowed: `[auto, http, http2, tcp]` + +### Parameter: `initContainersTemplate` + +List of specialized containers that run before app containers. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `ipSecurityRestrictions` + +Rules to restrict incoming IP address. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `maxInactiveRevisions` + +Max inactive revisions a Container App can have. +- Required: No +- Type: int +- Default: `0` + +### Parameter: `name` + +Name of the Container App. +- Required: Yes +- Type: string + +### Parameter: `registries` + +Collection of private container registry credentials for containers used by the Container app. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `revisionSuffix` + +User friendly suffix that is appended to the revision name. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `scaleMaxReplicas` + +Maximum number of container replicas. Defaults to 10 if not set. +- Required: No +- Type: int +- Default: `1` + +### Parameter: `scaleMinReplicas` + +Minimum number of container replicas. +- Required: No +- Type: int +- Default: `0` + +### Parameter: `scaleRules` + +Scaling rules. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `secrets` + +The secrets of the Container App. +- Required: No +- Type: secureObject +- Default: `{object}` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `trafficLabel` + +Associates a traffic label with a revision. Label name should be consist of lower case alphanumeric characters or dashes. +- Required: No +- Type: string +- Default: `'label-1'` + +### Parameter: `trafficLatestRevision` + +Indicates that the traffic weight belongs to a latest stable revision. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `trafficRevisionName` + +Name of a revision. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `trafficWeight` + +Traffic weight assigned to a revision. +- Required: No +- Type: int +- Default: `100` + +### Parameter: `userAssignedIdentities` + +The set of user assigned identities associated with the resource, the userAssignedIdentities dictionary keys will be ARM resource IDs and The dictionary values can be empty objects ({}) in requests. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `volumes` + +List of volume definitions for the Container App. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `workloadProfileType` + +Workload profile type to pin for container app execution. +- Required: No +- Type: string +- Default: `''` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the Container App. | +| `resourceGroupName` | string | The name of the resource group the Container App was deployed into. | +| `resourceId` | string | The resource ID of the Container App. | + +## Cross-referenced modules + +_None_ diff --git a/modules/app/container-app/main.json b/modules/app/container-app/main.json index e2de42de12..1d501046a4 100644 --- a/modules/app/container-app/main.json +++ b/modules/app/container-app/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "16754480041180669063" + "version": "0.22.6.54827", + "templateHash": "2221038631504030167" }, "name": "Container Apps", "description": "This module deploys a Container App.", @@ -371,8 +371,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9188415638960634445" + "version": "0.22.6.54827", + "templateHash": "6133741258710054291" } }, "parameters": { diff --git a/modules/app/managed-environment/.test/common/main.test.bicep b/modules/app/managed-environment/.test/common/main.test.bicep index 076aa920a4..8954fe15d5 100644 --- a/modules/app/managed-environment/.test/common/main.test.bicep +++ b/modules/app/managed-environment/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/app/managed-environment/.test/min/main.test.bicep b/modules/app/managed-environment/.test/min/main.test.bicep index 6692258b4d..2aebf604c6 100644 --- a/modules/app/managed-environment/.test/min/main.test.bicep +++ b/modules/app/managed-environment/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using Maximum Parameters' +metadata description = 'This instance deploys the module with the large set of possible parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/app/managed-environment/README.md b/modules/app/managed-environment/README.md index e432404e3a..f12da955fd 100644 --- a/modules/app/managed-environment/README.md +++ b/modules/app/managed-environment/README.md @@ -5,10 +5,10 @@ This module deploys an App Managed Environment (also known as a Container App En ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -18,73 +18,29 @@ This module deploys an App Managed Environment (also known as a Container App En | `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `logAnalyticsWorkspaceResourceId` | string | Existing Log Analytics Workspace resource ID. Note: This value is not required as per the resource type. However, not providing it currently causes an issue that is tracked [here](https://github.com/Azure/bicep/issues/9990). | -| `name` | string | Name of the Container Apps Managed Environment. | - -**Conditional parameters** +## Usage examples -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `infrastructureSubnetId` | string | `''` | Resource ID of a subnet for infrastructure components. This is used to deploy the environment into a virtual network. Must not overlap with any other provided IP ranges. Required if "internal" is set to true. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `certificatePassword` | securestring | `''` | | Password of the certificate used by the custom domain. | -| `certificateValue` | securestring | `''` | | Certificate to use for the custom domain. PFX or PEM. | -| `daprAIConnectionString` | securestring | `''` | | Application Insights connection string used by Dapr to export Service to Service communication telemetry. | -| `daprAIInstrumentationKey` | securestring | `''` | | Azure Monitor instrumentation key used by Dapr to export Service to Service communication telemetry. | -| `dnsSuffix` | string | `''` | | DNS suffix for the environment domain. | -| `dockerBridgeCidr` | string | `''` | | CIDR notation IP range assigned to the Docker bridge, network. It must not overlap with any other provided IP ranges and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform. | -| `enableDefaultTelemetry` | bool | | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `internal` | bool | `False` | | Boolean indicating the environment only has an internal load balancer. These environments do not have a public static IP resource. If set to true, then "infrastructureSubnetId" must be provided. | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `logsDestination` | string | `'log-analytics'` | | Logs destination. | -| `platformReservedCidr` | string | `''` | | IP range in CIDR notation that can be reserved for environment infrastructure IP addresses. It must not overlap with any other provided IP ranges and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform. | -| `platformReservedDnsIP` | string | `''` | | An IP address from the IP range defined by "platformReservedCidr" that will be reserved for the internal DNS server. It must not be the first address in the range and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `skuName` | string | `'Consumption'` | `[Consumption, Premium]` | Managed environment SKU. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `workloadProfiles` | array | `[]` | | Workload profiles configured for the Managed Environment. | -| `zoneRedundant` | bool | `False` | | Whether or not this Managed Environment is zone-redundant. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the Managed Environment. | -| `resourceGroupName` | string | The name of the resource group the Managed Environment was deployed into. | -| `resourceId` | string | The resource ID of the Managed Environment. | +The following module usage examples are retrieved from the content of the files hosted in the module's `tests` folder. + >**Note**: The name of each example is based on the name of the file from which it is taken. -## Cross-referenced modules + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/app.managed-environment:1.0.0`. -## Deployment examples +- [Using only defaults](#example-1-using-only-defaults) +- [Using Maximum Parameters](#example-2-using-maximum-parameters) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using only defaults_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with the minimum set of required parameters. -

Example 1: Common

via Bicep module ```bicep -module managedEnvironment './app/managed-environment/main.bicep' = { +module managedEnvironment 'br:bicep/modules/app.managed-environment:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-amecom' params: { // Required parameters @@ -168,14 +124,17 @@ module managedEnvironment './app/managed-environment/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using Maximum Parameters_ + +This instance deploys the module with the large set of possible parameters. +
via Bicep module ```bicep -module managedEnvironment './app/managed-environment/main.bicep' = { +module managedEnvironment 'br:bicep/modules/app.managed-environment:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-amemin' params: { // Required parameters @@ -214,3 +173,202 @@ module managedEnvironment './app/managed-environment/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`logAnalyticsWorkspaceResourceId`](#parameter-loganalyticsworkspaceresourceid) | string | Existing Log Analytics Workspace resource ID. Note: This value is not required as per the resource type. However, not providing it currently causes an issue that is tracked [here](https://github.com/Azure/bicep/issues/9990). | +| [`name`](#parameter-name) | string | Name of the Container Apps Managed Environment. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`infrastructureSubnetId`](#parameter-infrastructuresubnetid) | string | Resource ID of a subnet for infrastructure components. This is used to deploy the environment into a virtual network. Must not overlap with any other provided IP ranges. Required if "internal" is set to true. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`certificatePassword`](#parameter-certificatepassword) | securestring | Password of the certificate used by the custom domain. | +| [`certificateValue`](#parameter-certificatevalue) | securestring | Certificate to use for the custom domain. PFX or PEM. | +| [`daprAIConnectionString`](#parameter-dapraiconnectionstring) | securestring | Application Insights connection string used by Dapr to export Service to Service communication telemetry. | +| [`daprAIInstrumentationKey`](#parameter-dapraiinstrumentationkey) | securestring | Azure Monitor instrumentation key used by Dapr to export Service to Service communication telemetry. | +| [`dnsSuffix`](#parameter-dnssuffix) | string | DNS suffix for the environment domain. | +| [`dockerBridgeCidr`](#parameter-dockerbridgecidr) | string | CIDR notation IP range assigned to the Docker bridge, network. It must not overlap with any other provided IP ranges and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`internal`](#parameter-internal) | bool | Boolean indicating the environment only has an internal load balancer. These environments do not have a public static IP resource. If set to true, then "infrastructureSubnetId" must be provided. | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`logsDestination`](#parameter-logsdestination) | string | Logs destination. | +| [`platformReservedCidr`](#parameter-platformreservedcidr) | string | IP range in CIDR notation that can be reserved for environment infrastructure IP addresses. It must not overlap with any other provided IP ranges and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform. | +| [`platformReservedDnsIP`](#parameter-platformreserveddnsip) | string | An IP address from the IP range defined by "platformReservedCidr" that will be reserved for the internal DNS server. It must not be the first address in the range and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`skuName`](#parameter-skuname) | string | Managed environment SKU. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`workloadProfiles`](#parameter-workloadprofiles) | array | Workload profiles configured for the Managed Environment. | +| [`zoneRedundant`](#parameter-zoneredundant) | bool | Whether or not this Managed Environment is zone-redundant. | + +### Parameter: `certificatePassword` + +Password of the certificate used by the custom domain. +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `certificateValue` + +Certificate to use for the custom domain. PFX or PEM. +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `daprAIConnectionString` + +Application Insights connection string used by Dapr to export Service to Service communication telemetry. +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `daprAIInstrumentationKey` + +Azure Monitor instrumentation key used by Dapr to export Service to Service communication telemetry. +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `dnsSuffix` + +DNS suffix for the environment domain. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `dockerBridgeCidr` + +CIDR notation IP range assigned to the Docker bridge, network. It must not overlap with any other provided IP ranges and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: Yes +- Type: bool + +### Parameter: `infrastructureSubnetId` + +Resource ID of a subnet for infrastructure components. This is used to deploy the environment into a virtual network. Must not overlap with any other provided IP ranges. Required if "internal" is set to true. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `internal` + +Boolean indicating the environment only has an internal load balancer. These environments do not have a public static IP resource. If set to true, then "infrastructureSubnetId" must be provided. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `logAnalyticsWorkspaceResourceId` + +Existing Log Analytics Workspace resource ID. Note: This value is not required as per the resource type. However, not providing it currently causes an issue that is tracked [here](https://github.com/Azure/bicep/issues/9990). +- Required: Yes +- Type: string + +### Parameter: `logsDestination` + +Logs destination. +- Required: No +- Type: string +- Default: `'log-analytics'` + +### Parameter: `name` + +Name of the Container Apps Managed Environment. +- Required: Yes +- Type: string + +### Parameter: `platformReservedCidr` + +IP range in CIDR notation that can be reserved for environment infrastructure IP addresses. It must not overlap with any other provided IP ranges and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `platformReservedDnsIP` + +An IP address from the IP range defined by "platformReservedCidr" that will be reserved for the internal DNS server. It must not be the first address in the range and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `skuName` + +Managed environment SKU. +- Required: No +- Type: string +- Default: `'Consumption'` +- Allowed: `[Consumption, Premium]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `workloadProfiles` + +Workload profiles configured for the Managed Environment. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `zoneRedundant` + +Whether or not this Managed Environment is zone-redundant. +- Required: No +- Type: bool +- Default: `False` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the Managed Environment. | +| `resourceGroupName` | string | The name of the resource group the Managed Environment was deployed into. | +| `resourceId` | string | The resource ID of the Managed Environment. | + +## Cross-referenced modules + +_None_ diff --git a/modules/app/managed-environment/main.json b/modules/app/managed-environment/main.json index a958ca3a6e..71407f0d6d 100644 --- a/modules/app/managed-environment/main.json +++ b/modules/app/managed-environment/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14963884189492658840" + "version": "0.22.6.54827", + "templateHash": "3480452524372003572" }, "name": "App ManagedEnvironments", "description": "This module deploys an App Managed Environment (also known as a Container App Environment).", @@ -264,8 +264,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10028072894056989627" + "version": "0.22.6.54827", + "templateHash": "18101859194273235473" } }, "parameters": { diff --git a/modules/authorization/lock/.test/common/main.test.bicep b/modules/authorization/lock/.test/common/main.test.bicep index 197c3e06aa..dc1cf363cb 100644 --- a/modules/authorization/lock/.test/common/main.test.bicep +++ b/modules/authorization/lock/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/authorization/lock/README.md b/modules/authorization/lock/README.md index 1555dae44e..2cc23f129d 100644 --- a/modules/authorization/lock/README.md +++ b/modules/authorization/lock/README.md @@ -5,10 +5,10 @@ This module deploys an Authorization Lock at a Subscription or Resource Group sc ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -16,52 +16,28 @@ This module deploys an Authorization Lock at a Subscription or Resource Group sc | :-- | :-- | | `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `level` | string | `[CanNotDelete, ReadOnly]` | Set lock level. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[deployment().location]` | Location for all resources. | -| `notes` | string | `[if(equals(parameters('level'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]` | The decription attached to the lock. | -| `resourceGroupName` | string | `''` | Name of the Resource Group to assign the lock to. If Resource Group name is provided, and Subscription ID is provided, the module deploys at resource group level, therefore assigns the provided lock to the resource group. | -| `subscriptionId` | string | `[subscription().id]` | Subscription ID of the subscription to assign the lock to. If not provided, will use the current scope for deployment. If no resource group name is provided, the module deploys at subscription level, therefore assigns the provided locks to the subscription. | +## Usage examples +The following module usage examples are retrieved from the content of the files hosted in the module's `tests` folder. + >**Note**: The name of each example is based on the name of the file from which it is taken. -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the lock. | -| `resourceId` | string | The resource ID of the lock. | -| `scope` | string | The scope this lock applies to. | - -## Cross-referenced modules + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -_None_ + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/authorization.lock:1.0.0`. -## Deployment examples +- [Using only defaults](#example-1-using-only-defaults) -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. +### Example 1: _Using only defaults_ - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. +This instance deploys the module with the minimum set of required parameters. -

Example 1: Common

via Bicep module ```bicep -module lock './authorization/lock/main.bicep' = { +module lock 'br:bicep/modules/authorization.lock:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-alcom' params: { // Required parameters @@ -106,3 +82,77 @@ module lock './authorization/lock/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`level`](#parameter-level) | string | Set lock level. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`notes`](#parameter-notes) | string | The decription attached to the lock. | +| [`resourceGroupName`](#parameter-resourcegroupname) | string | Name of the Resource Group to assign the lock to. If Resource Group name is provided, and Subscription ID is provided, the module deploys at resource group level, therefore assigns the provided lock to the resource group. | +| [`subscriptionId`](#parameter-subscriptionid) | string | Subscription ID of the subscription to assign the lock to. If not provided, will use the current scope for deployment. If no resource group name is provided, the module deploys at subscription level, therefore assigns the provided locks to the subscription. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `level` + +Set lock level. +- Required: Yes +- Type: string +- Allowed: `[CanNotDelete, ReadOnly]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `notes` + +The decription attached to the lock. +- Required: No +- Type: string +- Default: `[if(equals(parameters('level'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]` + +### Parameter: `resourceGroupName` + +Name of the Resource Group to assign the lock to. If Resource Group name is provided, and Subscription ID is provided, the module deploys at resource group level, therefore assigns the provided lock to the resource group. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `subscriptionId` + +Subscription ID of the subscription to assign the lock to. If not provided, will use the current scope for deployment. If no resource group name is provided, the module deploys at subscription level, therefore assigns the provided locks to the subscription. +- Required: No +- Type: string +- Default: `[subscription().id]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The name of the lock. | +| `resourceId` | string | The resource ID of the lock. | +| `scope` | string | The scope this lock applies to. | + +## Cross-referenced modules + +_None_ diff --git a/modules/authorization/lock/main.json b/modules/authorization/lock/main.json index a6018e68bc..927dc1ae2c 100644 --- a/modules/authorization/lock/main.json +++ b/modules/authorization/lock/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15010949072500473441" + "version": "0.22.6.54827", + "templateHash": "15385346851879884120" }, "name": "Authorization Locks (All scopes)", "description": "This module deploys an Authorization Lock at a Subscription or Resource Group scope.", @@ -109,8 +109,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15362884032350876286" + "version": "0.22.6.54827", + "templateHash": "876321567657394219" }, "name": "Authorization Locks (Subscription scope)", "description": "This module deploys an Authorization Lock at a Subscription scope.", @@ -239,8 +239,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10420976827552614779" + "version": "0.22.6.54827", + "templateHash": "8961143332409950444" }, "name": "Authorization Locks (Resource Group scope)", "description": "This module deploys an Authorization Lock at a Resource Group scope.", diff --git a/modules/authorization/lock/resource-group/README.md b/modules/authorization/lock/resource-group/README.md index 146e48ed25..9fff1df214 100644 --- a/modules/authorization/lock/resource-group/README.md +++ b/modules/authorization/lock/resource-group/README.md @@ -19,22 +19,50 @@ This module deploys an Authorization Lock at a Resource Group scope. **Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `level` | string | `[CanNotDelete, ReadOnly]` | Set lock level. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`level`](#parameter-level) | string | Set lock level. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `name` | string | `[format('{0}-lock', parameters('level'))]` | The name of the lock. | -| `notes` | string | `[if(equals(parameters('level'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]` | The decription attached to the lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`name`](#parameter-name) | string | The name of the lock. | +| [`notes`](#parameter-notes) | string | The decription attached to the lock. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `level` + +Set lock level. +- Required: Yes +- Type: string +- Allowed: `[CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The name of the lock. +- Required: No +- Type: string +- Default: `[format('{0}-lock', parameters('level'))]` + +### Parameter: `notes` + +The decription attached to the lock. +- Required: No +- Type: string +- Default: `[if(equals(parameters('level'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the lock. | | `resourceGroupName` | string | The name of the resource group name the lock was applied to. | diff --git a/modules/authorization/lock/resource-group/main.json b/modules/authorization/lock/resource-group/main.json index 25b2ec1b99..903530da93 100644 --- a/modules/authorization/lock/resource-group/main.json +++ b/modules/authorization/lock/resource-group/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "7885747985110001606" + "version": "0.22.6.54827", + "templateHash": "8961143332409950444" }, "name": "Authorization Locks (Resource Group scope)", "description": "This module deploys an Authorization Lock at a Resource Group scope.", diff --git a/modules/authorization/lock/subscription/README.md b/modules/authorization/lock/subscription/README.md index 35fe0fd8ca..56454213bb 100644 --- a/modules/authorization/lock/subscription/README.md +++ b/modules/authorization/lock/subscription/README.md @@ -19,22 +19,50 @@ This module deploys an Authorization Lock at a Subscription scope. **Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `level` | string | `[CanNotDelete, ReadOnly]` | Set lock level. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`level`](#parameter-level) | string | Set lock level. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `name` | string | `[format('{0}-lock', parameters('level'))]` | The name of the lock. | -| `notes` | string | `[if(equals(parameters('level'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]` | The decription attached to the lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`name`](#parameter-name) | string | The name of the lock. | +| [`notes`](#parameter-notes) | string | The decription attached to the lock. | + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `level` + +Set lock level. +- Required: Yes +- Type: string +- Allowed: `[CanNotDelete, ReadOnly]` + +### Parameter: `name` + +The name of the lock. +- Required: No +- Type: string +- Default: `[format('{0}-lock', parameters('level'))]` + +### Parameter: `notes` + +The decription attached to the lock. +- Required: No +- Type: string +- Default: `[if(equals(parameters('level'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the lock. | | `resourceId` | string | The resource ID of the lock. | diff --git a/modules/authorization/lock/subscription/main.json b/modules/authorization/lock/subscription/main.json index 5664616784..19ec31903c 100644 --- a/modules/authorization/lock/subscription/main.json +++ b/modules/authorization/lock/subscription/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "10927394621764774821" + "version": "0.22.6.54827", + "templateHash": "876321567657394219" }, "name": "Authorization Locks (Subscription scope)", "description": "This module deploys an Authorization Lock at a Subscription scope.", diff --git a/modules/authorization/policy-assignment/README.md b/modules/authorization/policy-assignment/README.md index ff0ddb908a..ca9b521a61 100644 --- a/modules/authorization/policy-assignment/README.md +++ b/modules/authorization/policy-assignment/README.md @@ -4,80 +4,44 @@ This module deploys a Policy Assignment at a Management Group, Subscription or R ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/policyAssignments` | [2022-06-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-06-01/policyAssignments) | | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Specifies the name of the policy assignment. Maximum length is 24 characters for management group scope, 64 characters for subscription and resource group scopes. | -| `policyDefinitionId` | string | Specifies the ID of the policy definition or policy set definition being assigned. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `description` | string | `''` | | This message will be part of response in case of policy violation. | -| `displayName` | string | `''` | | The display name of the policy assignment. Maximum length is 128 characters. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enforcementMode` | string | `'Default'` | `[Default, DoNotEnforce]` | The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce. | -| `identity` | string | `'SystemAssigned'` | `[None, SystemAssigned, UserAssigned]` | The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. | -| `location` | string | `[deployment().location]` | | Location for all resources. | -| `managementGroupId` | string | `[managementGroup().name]` | | The Target Scope for the Policy. The name of the management group for the policy assignment. If not provided, will use the current scope for deployment. | -| `metadata` | object | `{object}` | | The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | -| `nonComplianceMessages` | array | `[]` | | The messages that describe why a resource is non-compliant with the policy. | -| `notScopes` | array | `[]` | | The policy excluded scopes. | -| `overrides` | array | `[]` | | The policy property value override. Allows changing the effect of a policy definition without modifying the underlying policy definition or using a parameterized effect in the policy definition. | -| `parameters` | object | `{object}` | | Parameters for the policy assignment if needed. | -| `resourceGroupName` | string | `''` | | The Target Scope for the Policy. The name of the resource group for the policy assignment. | -| `resourceSelectors` | array | `[]` | | The resource selector list to filter policies by resource properties. Facilitates safe deployment practices (SDP) by enabling gradual roll out policy assignments based on factors like resource location, resource type, or whether a resource has a location. | -| `roleDefinitionIds` | array | `[]` | | The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. | -| `subscriptionId` | string | `''` | | The Target Scope for the Policy. The subscription ID of the subscription for the policy assignment. | -| `userAssignedIdentityId` | string | `''` | | The Resource ID for the user assigned identity to assign to the policy assignment. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | Policy Assignment Name. | -| `principalId` | string | Policy Assignment principal ID. | -| `resourceId` | string | Policy Assignment resource ID. | - -## Cross-referenced modules - -_None_ - -## Deployment examples +## Usage examples -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. +The following module usage examples are retrieved from the content of the files hosted in the module's `tests` folder. >**Note**: The name of each example is based on the name of the file from which it is taken. >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -

Example 1: Mg.Common

+ >**Note**: To reference the module, please use the following syntax `br:bicep/modules/authorization.policy-assignment:1.0.0`. + +- [Mg.Common](#example-1-mgcommon) +- [Mg.Min](#example-2-mgmin) +- [Rg.Common](#example-3-rgcommon) +- [Rg.Min](#example-4-rgmin) +- [Sub.Common](#example-5-subcommon) +- [Sub.Min](#example-6-submin) + +### Example 1: _Mg.Common_
via Bicep module ```bicep -module policyAssignment './authorization/policy-assignment/main.bicep' = { +module policyAssignment 'br:bicep/modules/authorization.policy-assignment:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-apamgcom' params: { // Required parameters @@ -273,14 +237,14 @@ module policyAssignment './authorization/policy-assignment/main.bicep' = {

-

Example 2: Mg.Min

+### Example 2: _Mg.Min_
via Bicep module ```bicep -module policyAssignment './authorization/policy-assignment/main.bicep' = { +module policyAssignment 'br:bicep/modules/authorization.policy-assignment:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apamgmin' params: { // Required parameters @@ -330,14 +294,14 @@ module policyAssignment './authorization/policy-assignment/main.bicep' = {

-

Example 3: Rg.Common

+### Example 3: _Rg.Common_
via Bicep module ```bicep -module policyAssignment './authorization/policy-assignment/main.bicep' = { +module policyAssignment 'br:bicep/modules/authorization.policy-assignment:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apargcom' params: { // Required parameters @@ -541,14 +505,14 @@ module policyAssignment './authorization/policy-assignment/main.bicep' = {

-

Example 4: Rg.Min

+### Example 4: _Rg.Min_
via Bicep module ```bicep -module policyAssignment './authorization/policy-assignment/main.bicep' = { +module policyAssignment 'br:bicep/modules/authorization.policy-assignment:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apargmin' params: { // Required parameters @@ -602,14 +566,14 @@ module policyAssignment './authorization/policy-assignment/main.bicep' = {

-

Example 5: Sub.Common

+### Example 5: _Sub.Common_
via Bicep module ```bicep -module policyAssignment './authorization/policy-assignment/main.bicep' = { +module policyAssignment 'br:bicep/modules/authorization.policy-assignment:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apasubcom' params: { // Required parameters @@ -809,14 +773,14 @@ module policyAssignment './authorization/policy-assignment/main.bicep' = {

-

Example 6: Sub.Min

+### Example 6: _Sub.Min_
via Bicep module ```bicep -module policyAssignment './authorization/policy-assignment/main.bicep' = { +module policyAssignment 'br:bicep/modules/authorization.policy-assignment:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apasubmin' params: { // Required parameters @@ -875,6 +839,184 @@ module policyAssignment './authorization/policy-assignment/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Specifies the name of the policy assignment. Maximum length is 24 characters for management group scope, 64 characters for subscription and resource group scopes. | +| [`policyDefinitionId`](#parameter-policydefinitionid) | string | Specifies the ID of the policy definition or policy set definition being assigned. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`description`](#parameter-description) | string | This message will be part of response in case of policy violation. | +| [`displayName`](#parameter-displayname) | string | The display name of the policy assignment. Maximum length is 128 characters. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enforcementMode`](#parameter-enforcementmode) | string | The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce. | +| [`identity`](#parameter-identity) | string | The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`managementGroupId`](#parameter-managementgroupid) | string | The Target Scope for the Policy. The name of the management group for the policy assignment. If not provided, will use the current scope for deployment. | +| [`metadata`](#parameter-metadata) | object | The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | +| [`nonComplianceMessages`](#parameter-noncompliancemessages) | array | The messages that describe why a resource is non-compliant with the policy. | +| [`notScopes`](#parameter-notscopes) | array | The policy excluded scopes. | +| [`overrides`](#parameter-overrides) | array | The policy property value override. Allows changing the effect of a policy definition without modifying the underlying policy definition or using a parameterized effect in the policy definition. | +| [`parameters`](#parameter-parameters) | object | Parameters for the policy assignment if needed. | +| [`resourceGroupName`](#parameter-resourcegroupname) | string | The Target Scope for the Policy. The name of the resource group for the policy assignment. | +| [`resourceSelectors`](#parameter-resourceselectors) | array | The resource selector list to filter policies by resource properties. Facilitates safe deployment practices (SDP) by enabling gradual roll out policy assignments based on factors like resource location, resource type, or whether a resource has a location. | +| [`roleDefinitionIds`](#parameter-roledefinitionids) | array | The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. | +| [`subscriptionId`](#parameter-subscriptionid) | string | The Target Scope for the Policy. The subscription ID of the subscription for the policy assignment. | +| [`userAssignedIdentityId`](#parameter-userassignedidentityid) | string | The Resource ID for the user assigned identity to assign to the policy assignment. | + +### Parameter: `description` + +This message will be part of response in case of policy violation. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `displayName` + +The display name of the policy assignment. Maximum length is 128 characters. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enforcementMode` + +The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce. +- Required: No +- Type: string +- Default: `'Default'` +- Allowed: `[Default, DoNotEnforce]` + +### Parameter: `identity` + +The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. +- Required: No +- Type: string +- Default: `'SystemAssigned'` +- Allowed: `[None, SystemAssigned, UserAssigned]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `managementGroupId` + +The Target Scope for the Policy. The name of the management group for the policy assignment. If not provided, will use the current scope for deployment. +- Required: No +- Type: string +- Default: `[managementGroup().name]` + +### Parameter: `metadata` + +The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +Specifies the name of the policy assignment. Maximum length is 24 characters for management group scope, 64 characters for subscription and resource group scopes. +- Required: Yes +- Type: string + +### Parameter: `nonComplianceMessages` + +The messages that describe why a resource is non-compliant with the policy. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `notScopes` + +The policy excluded scopes. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `overrides` + +The policy property value override. Allows changing the effect of a policy definition without modifying the underlying policy definition or using a parameterized effect in the policy definition. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `parameters` + +Parameters for the policy assignment if needed. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `policyDefinitionId` + +Specifies the ID of the policy definition or policy set definition being assigned. +- Required: Yes +- Type: string + +### Parameter: `resourceGroupName` + +The Target Scope for the Policy. The name of the resource group for the policy assignment. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `resourceSelectors` + +The resource selector list to filter policies by resource properties. Facilitates safe deployment practices (SDP) by enabling gradual roll out policy assignments based on factors like resource location, resource type, or whether a resource has a location. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `roleDefinitionIds` + +The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `subscriptionId` + +The Target Scope for the Policy. The subscription ID of the subscription for the policy assignment. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `userAssignedIdentityId` + +The Resource ID for the user assigned identity to assign to the policy assignment. +- Required: No +- Type: string +- Default: `''` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | Policy Assignment Name. | +| `principalId` | string | Policy Assignment principal ID. | +| `resourceId` | string | Policy Assignment resource ID. | + +## Cross-referenced modules + +_None_ + ## Notes ### Module Usage Guidance diff --git a/modules/authorization/policy-assignment/main.json b/modules/authorization/policy-assignment/main.json index 66bced0521..4b15a7c3ee 100644 --- a/modules/authorization/policy-assignment/main.json +++ b/modules/authorization/policy-assignment/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13477192333915886863" + "version": "0.22.6.54827", + "templateHash": "10579624444479342334" }, "name": "Policy Assignments (All scopes)", "description": "This module deploys a Policy Assignment at a Management Group, Subscription or Resource Group scope.", @@ -226,8 +226,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15108071880274736880" + "version": "0.22.6.54827", + "templateHash": "14811948404877688716" }, "name": "Policy Assignments (Management Group scope)", "description": "This module deploys a Policy Assignment at a Management Group scope.", @@ -506,8 +506,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15303635224407962753" + "version": "0.22.6.54827", + "templateHash": "1296030047986147440" }, "name": "Policy Assignments (Subscription scope)", "description": "This module deploys a Policy Assignment at a Subscription scope.", @@ -786,8 +786,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "17736185251366823136" + "version": "0.22.6.54827", + "templateHash": "15032410491892224041" }, "name": "Policy Assignments (Resource Group scope)", "description": "This module deploys a Policy Assignment at a Resource Group scope.", diff --git a/modules/authorization/policy-assignment/management-group/README.md b/modules/authorization/policy-assignment/management-group/README.md index 086b1d38ea..5bdeb7fe3c 100644 --- a/modules/authorization/policy-assignment/management-group/README.md +++ b/modules/authorization/policy-assignment/management-group/README.md @@ -20,35 +20,154 @@ This module deploys a Policy Assignment at a Management Group scope. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Specifies the name of the policy assignment. Maximum length is 24 characters for management group scope. | -| `policyDefinitionId` | string | Specifies the ID of the policy definition or policy set definition being assigned. | +| [`name`](#parameter-name) | string | Specifies the name of the policy assignment. Maximum length is 24 characters for management group scope. | +| [`policyDefinitionId`](#parameter-policydefinitionid) | string | Specifies the ID of the policy definition or policy set definition being assigned. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `description` | string | `''` | | This message will be part of response in case of policy violation. | -| `displayName` | string | `''` | | The display name of the policy assignment. Maximum length is 128 characters. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enforcementMode` | string | `'Default'` | `[Default, DoNotEnforce]` | The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce. | -| `identity` | string | `'SystemAssigned'` | `[None, SystemAssigned, UserAssigned]` | The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. | -| `location` | string | `[deployment().location]` | | Location for all resources. | -| `managementGroupId` | string | `[managementGroup().name]` | | The Target Scope for the Policy. The name of the management group for the policy assignment. If not provided, will use the current scope for deployment. | -| `metadata` | object | `{object}` | | The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | -| `nonComplianceMessages` | array | `[]` | | The messages that describe why a resource is non-compliant with the policy. | -| `notScopes` | array | `[]` | | The policy excluded scopes. | -| `overrides` | array | `[]` | | The policy property value override. Allows changing the effect of a policy definition without modifying the underlying policy definition or using a parameterized effect in the policy definition. | -| `parameters` | object | `{object}` | | Parameters for the policy assignment if needed. | -| `resourceSelectors` | array | `[]` | | The resource selector list to filter policies by resource properties. Facilitates safe deployment practices (SDP) by enabling gradual roll out policy assignments based on factors like resource location, resource type, or whether a resource has a location. | -| `roleDefinitionIds` | array | `[]` | | The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. | -| `userAssignedIdentityId` | string | `''` | | The Resource ID for the user assigned identity to assign to the policy assignment. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`description`](#parameter-description) | string | This message will be part of response in case of policy violation. | +| [`displayName`](#parameter-displayname) | string | The display name of the policy assignment. Maximum length is 128 characters. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enforcementMode`](#parameter-enforcementmode) | string | The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce. | +| [`identity`](#parameter-identity) | string | The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`managementGroupId`](#parameter-managementgroupid) | string | The Target Scope for the Policy. The name of the management group for the policy assignment. If not provided, will use the current scope for deployment. | +| [`metadata`](#parameter-metadata) | object | The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | +| [`nonComplianceMessages`](#parameter-noncompliancemessages) | array | The messages that describe why a resource is non-compliant with the policy. | +| [`notScopes`](#parameter-notscopes) | array | The policy excluded scopes. | +| [`overrides`](#parameter-overrides) | array | The policy property value override. Allows changing the effect of a policy definition without modifying the underlying policy definition or using a parameterized effect in the policy definition. | +| [`parameters`](#parameter-parameters) | object | Parameters for the policy assignment if needed. | +| [`resourceSelectors`](#parameter-resourceselectors) | array | The resource selector list to filter policies by resource properties. Facilitates safe deployment practices (SDP) by enabling gradual roll out policy assignments based on factors like resource location, resource type, or whether a resource has a location. | +| [`roleDefinitionIds`](#parameter-roledefinitionids) | array | The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. | +| [`userAssignedIdentityId`](#parameter-userassignedidentityid) | string | The Resource ID for the user assigned identity to assign to the policy assignment. | + +### Parameter: `description` + +This message will be part of response in case of policy violation. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `displayName` + +The display name of the policy assignment. Maximum length is 128 characters. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enforcementMode` + +The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce. +- Required: No +- Type: string +- Default: `'Default'` +- Allowed: `[Default, DoNotEnforce]` + +### Parameter: `identity` + +The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. +- Required: No +- Type: string +- Default: `'SystemAssigned'` +- Allowed: `[None, SystemAssigned, UserAssigned]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `managementGroupId` + +The Target Scope for the Policy. The name of the management group for the policy assignment. If not provided, will use the current scope for deployment. +- Required: No +- Type: string +- Default: `[managementGroup().name]` + +### Parameter: `metadata` + +The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +Specifies the name of the policy assignment. Maximum length is 24 characters for management group scope. +- Required: Yes +- Type: string + +### Parameter: `nonComplianceMessages` + +The messages that describe why a resource is non-compliant with the policy. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `notScopes` + +The policy excluded scopes. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `overrides` + +The policy property value override. Allows changing the effect of a policy definition without modifying the underlying policy definition or using a parameterized effect in the policy definition. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `parameters` + +Parameters for the policy assignment if needed. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `policyDefinitionId` + +Specifies the ID of the policy definition or policy set definition being assigned. +- Required: Yes +- Type: string + +### Parameter: `resourceSelectors` + +The resource selector list to filter policies by resource properties. Facilitates safe deployment practices (SDP) by enabling gradual roll out policy assignments based on factors like resource location, resource type, or whether a resource has a location. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `roleDefinitionIds` + +The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `userAssignedIdentityId` + +The Resource ID for the user assigned identity to assign to the policy assignment. +- Required: No +- Type: string +- Default: `''` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | Policy Assignment Name. | diff --git a/modules/authorization/policy-assignment/management-group/main.json b/modules/authorization/policy-assignment/management-group/main.json index 1f346ad116..5041a99c35 100644 --- a/modules/authorization/policy-assignment/management-group/main.json +++ b/modules/authorization/policy-assignment/management-group/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "8902545451587564927" + "version": "0.22.6.54827", + "templateHash": "14811948404877688716" }, "name": "Policy Assignments (Management Group scope)", "description": "This module deploys a Policy Assignment at a Management Group scope.", diff --git a/modules/authorization/policy-assignment/resource-group/README.md b/modules/authorization/policy-assignment/resource-group/README.md index 6ed90b07ac..fa03fd32ea 100644 --- a/modules/authorization/policy-assignment/resource-group/README.md +++ b/modules/authorization/policy-assignment/resource-group/README.md @@ -20,36 +20,162 @@ This module deploys a Policy Assignment at a Resource Group scope. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Specifies the name of the policy assignment. Maximum length is 64 characters for resource group scope. | -| `policyDefinitionId` | string | Specifies the ID of the policy definition or policy set definition being assigned. | +| [`name`](#parameter-name) | string | Specifies the name of the policy assignment. Maximum length is 64 characters for resource group scope. | +| [`policyDefinitionId`](#parameter-policydefinitionid) | string | Specifies the ID of the policy definition or policy set definition being assigned. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `description` | string | `''` | | This message will be part of response in case of policy violation. | -| `displayName` | string | `''` | | The display name of the policy assignment. Maximum length is 128 characters. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enforcementMode` | string | `'Default'` | `[Default, DoNotEnforce]` | The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce. | -| `identity` | string | `'SystemAssigned'` | `[None, SystemAssigned, UserAssigned]` | The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `metadata` | object | `{object}` | | The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | -| `nonComplianceMessages` | array | `[]` | | The messages that describe why a resource is non-compliant with the policy. | -| `notScopes` | array | `[]` | | The policy excluded scopes. | -| `overrides` | array | `[]` | | The policy property value override. Allows changing the effect of a policy definition without modifying the underlying policy definition or using a parameterized effect in the policy definition. | -| `parameters` | object | `{object}` | | Parameters for the policy assignment if needed. | -| `resourceGroupName` | string | `[resourceGroup().name]` | | The Target Scope for the Policy. The name of the resource group for the policy assignment. If not provided, will use the current scope for deployment. | -| `resourceSelectors` | array | `[]` | | The resource selector list to filter policies by resource properties. Facilitates safe deployment practices (SDP) by enabling gradual roll out policy assignments based on factors like resource location, resource type, or whether a resource has a location. | -| `roleDefinitionIds` | array | `[]` | | The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. | -| `subscriptionId` | string | `[subscription().subscriptionId]` | | The Target Scope for the Policy. The subscription ID of the subscription for the policy assignment. If not provided, will use the current scope for deployment. | -| `userAssignedIdentityId` | string | `''` | | The Resource ID for the user assigned identity to assign to the policy assignment. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`description`](#parameter-description) | string | This message will be part of response in case of policy violation. | +| [`displayName`](#parameter-displayname) | string | The display name of the policy assignment. Maximum length is 128 characters. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enforcementMode`](#parameter-enforcementmode) | string | The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce. | +| [`identity`](#parameter-identity) | string | The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`metadata`](#parameter-metadata) | object | The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | +| [`nonComplianceMessages`](#parameter-noncompliancemessages) | array | The messages that describe why a resource is non-compliant with the policy. | +| [`notScopes`](#parameter-notscopes) | array | The policy excluded scopes. | +| [`overrides`](#parameter-overrides) | array | The policy property value override. Allows changing the effect of a policy definition without modifying the underlying policy definition or using a parameterized effect in the policy definition. | +| [`parameters`](#parameter-parameters) | object | Parameters for the policy assignment if needed. | +| [`resourceGroupName`](#parameter-resourcegroupname) | string | The Target Scope for the Policy. The name of the resource group for the policy assignment. If not provided, will use the current scope for deployment. | +| [`resourceSelectors`](#parameter-resourceselectors) | array | The resource selector list to filter policies by resource properties. Facilitates safe deployment practices (SDP) by enabling gradual roll out policy assignments based on factors like resource location, resource type, or whether a resource has a location. | +| [`roleDefinitionIds`](#parameter-roledefinitionids) | array | The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. | +| [`subscriptionId`](#parameter-subscriptionid) | string | The Target Scope for the Policy. The subscription ID of the subscription for the policy assignment. If not provided, will use the current scope for deployment. | +| [`userAssignedIdentityId`](#parameter-userassignedidentityid) | string | The Resource ID for the user assigned identity to assign to the policy assignment. | + +### Parameter: `description` + +This message will be part of response in case of policy violation. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `displayName` + +The display name of the policy assignment. Maximum length is 128 characters. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enforcementMode` + +The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce. +- Required: No +- Type: string +- Default: `'Default'` +- Allowed: `[Default, DoNotEnforce]` + +### Parameter: `identity` + +The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. +- Required: No +- Type: string +- Default: `'SystemAssigned'` +- Allowed: `[None, SystemAssigned, UserAssigned]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `metadata` + +The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +Specifies the name of the policy assignment. Maximum length is 64 characters for resource group scope. +- Required: Yes +- Type: string + +### Parameter: `nonComplianceMessages` + +The messages that describe why a resource is non-compliant with the policy. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `notScopes` + +The policy excluded scopes. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `overrides` + +The policy property value override. Allows changing the effect of a policy definition without modifying the underlying policy definition or using a parameterized effect in the policy definition. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `parameters` + +Parameters for the policy assignment if needed. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `policyDefinitionId` + +Specifies the ID of the policy definition or policy set definition being assigned. +- Required: Yes +- Type: string + +### Parameter: `resourceGroupName` + +The Target Scope for the Policy. The name of the resource group for the policy assignment. If not provided, will use the current scope for deployment. +- Required: No +- Type: string +- Default: `[resourceGroup().name]` + +### Parameter: `resourceSelectors` + +The resource selector list to filter policies by resource properties. Facilitates safe deployment practices (SDP) by enabling gradual roll out policy assignments based on factors like resource location, resource type, or whether a resource has a location. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `roleDefinitionIds` + +The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `subscriptionId` + +The Target Scope for the Policy. The subscription ID of the subscription for the policy assignment. If not provided, will use the current scope for deployment. +- Required: No +- Type: string +- Default: `[subscription().subscriptionId]` + +### Parameter: `userAssignedIdentityId` + +The Resource ID for the user assigned identity to assign to the policy assignment. +- Required: No +- Type: string +- Default: `''` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | Policy Assignment Name. | diff --git a/modules/authorization/policy-assignment/resource-group/main.json b/modules/authorization/policy-assignment/resource-group/main.json index 91b95356eb..65912a4b91 100644 --- a/modules/authorization/policy-assignment/resource-group/main.json +++ b/modules/authorization/policy-assignment/resource-group/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "18205418867751406787" + "version": "0.22.6.54827", + "templateHash": "15032410491892224041" }, "name": "Policy Assignments (Resource Group scope)", "description": "This module deploys a Policy Assignment at a Resource Group scope.", diff --git a/modules/authorization/policy-assignment/subscription/README.md b/modules/authorization/policy-assignment/subscription/README.md index 26810db431..c861c6e6c7 100644 --- a/modules/authorization/policy-assignment/subscription/README.md +++ b/modules/authorization/policy-assignment/subscription/README.md @@ -20,35 +20,154 @@ This module deploys a Policy Assignment at a Subscription scope. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Specifies the name of the policy assignment. Maximum length is 64 characters for subscription scope. | -| `policyDefinitionId` | string | Specifies the ID of the policy definition or policy set definition being assigned. | +| [`name`](#parameter-name) | string | Specifies the name of the policy assignment. Maximum length is 64 characters for subscription scope. | +| [`policyDefinitionId`](#parameter-policydefinitionid) | string | Specifies the ID of the policy definition or policy set definition being assigned. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `description` | string | `''` | | This message will be part of response in case of policy violation. | -| `displayName` | string | `''` | | The display name of the policy assignment. Maximum length is 128 characters. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enforcementMode` | string | `'Default'` | `[Default, DoNotEnforce]` | The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce. | -| `identity` | string | `'SystemAssigned'` | `[None, SystemAssigned, UserAssigned]` | The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. | -| `location` | string | `[deployment().location]` | | Location for all resources. | -| `metadata` | object | `{object}` | | The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | -| `nonComplianceMessages` | array | `[]` | | The messages that describe why a resource is non-compliant with the policy. | -| `notScopes` | array | `[]` | | The policy excluded scopes. | -| `overrides` | array | `[]` | | The policy property value override. Allows changing the effect of a policy definition without modifying the underlying policy definition or using a parameterized effect in the policy definition. | -| `parameters` | object | `{object}` | | Parameters for the policy assignment if needed. | -| `resourceSelectors` | array | `[]` | | The resource selector list to filter policies by resource properties. Facilitates safe deployment practices (SDP) by enabling gradual roll out policy assignments based on factors like resource location, resource type, or whether a resource has a location. | -| `roleDefinitionIds` | array | `[]` | | The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. | -| `subscriptionId` | string | `[subscription().subscriptionId]` | | The Target Scope for the Policy. The subscription ID of the subscription for the policy assignment. If not provided, will use the current scope for deployment. | -| `userAssignedIdentityId` | string | `''` | | The Resource ID for the user assigned identity to assign to the policy assignment. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`description`](#parameter-description) | string | This message will be part of response in case of policy violation. | +| [`displayName`](#parameter-displayname) | string | The display name of the policy assignment. Maximum length is 128 characters. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enforcementMode`](#parameter-enforcementmode) | string | The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce. | +| [`identity`](#parameter-identity) | string | The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`metadata`](#parameter-metadata) | object | The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | +| [`nonComplianceMessages`](#parameter-noncompliancemessages) | array | The messages that describe why a resource is non-compliant with the policy. | +| [`notScopes`](#parameter-notscopes) | array | The policy excluded scopes. | +| [`overrides`](#parameter-overrides) | array | The policy property value override. Allows changing the effect of a policy definition without modifying the underlying policy definition or using a parameterized effect in the policy definition. | +| [`parameters`](#parameter-parameters) | object | Parameters for the policy assignment if needed. | +| [`resourceSelectors`](#parameter-resourceselectors) | array | The resource selector list to filter policies by resource properties. Facilitates safe deployment practices (SDP) by enabling gradual roll out policy assignments based on factors like resource location, resource type, or whether a resource has a location. | +| [`roleDefinitionIds`](#parameter-roledefinitionids) | array | The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. | +| [`subscriptionId`](#parameter-subscriptionid) | string | The Target Scope for the Policy. The subscription ID of the subscription for the policy assignment. If not provided, will use the current scope for deployment. | +| [`userAssignedIdentityId`](#parameter-userassignedidentityid) | string | The Resource ID for the user assigned identity to assign to the policy assignment. | + +### Parameter: `description` + +This message will be part of response in case of policy violation. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `displayName` + +The display name of the policy assignment. Maximum length is 128 characters. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enforcementMode` + +The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce. +- Required: No +- Type: string +- Default: `'Default'` +- Allowed: `[Default, DoNotEnforce]` + +### Parameter: `identity` + +The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. +- Required: No +- Type: string +- Default: `'SystemAssigned'` +- Allowed: `[None, SystemAssigned, UserAssigned]` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `metadata` + +The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +Specifies the name of the policy assignment. Maximum length is 64 characters for subscription scope. +- Required: Yes +- Type: string + +### Parameter: `nonComplianceMessages` + +The messages that describe why a resource is non-compliant with the policy. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `notScopes` + +The policy excluded scopes. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `overrides` + +The policy property value override. Allows changing the effect of a policy definition without modifying the underlying policy definition or using a parameterized effect in the policy definition. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `parameters` + +Parameters for the policy assignment if needed. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `policyDefinitionId` + +Specifies the ID of the policy definition or policy set definition being assigned. +- Required: Yes +- Type: string + +### Parameter: `resourceSelectors` + +The resource selector list to filter policies by resource properties. Facilitates safe deployment practices (SDP) by enabling gradual roll out policy assignments based on factors like resource location, resource type, or whether a resource has a location. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `roleDefinitionIds` + +The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `subscriptionId` + +The Target Scope for the Policy. The subscription ID of the subscription for the policy assignment. If not provided, will use the current scope for deployment. +- Required: No +- Type: string +- Default: `[subscription().subscriptionId]` + +### Parameter: `userAssignedIdentityId` + +The Resource ID for the user assigned identity to assign to the policy assignment. +- Required: No +- Type: string +- Default: `''` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | Policy Assignment Name. | diff --git a/modules/authorization/policy-assignment/subscription/main.json b/modules/authorization/policy-assignment/subscription/main.json index 24a4662eca..5d6deb533a 100644 --- a/modules/authorization/policy-assignment/subscription/main.json +++ b/modules/authorization/policy-assignment/subscription/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13568773713405945676" + "version": "0.22.6.54827", + "templateHash": "1296030047986147440" }, "name": "Policy Assignments (Subscription scope)", "description": "This module deploys a Policy Assignment at a Subscription scope.", diff --git a/modules/authorization/policy-definition/README.md b/modules/authorization/policy-definition/README.md index eea97f4ec3..fd75694735 100644 --- a/modules/authorization/policy-definition/README.md +++ b/modules/authorization/policy-definition/README.md @@ -4,70 +4,41 @@ This module deploys a Policy Definition at a Management Group or Subscription sc ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/policyDefinitions` | [2021-06-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-06-01/policyDefinitions) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Specifies the name of the policy definition. Maximum length is 64 characters for management group scope and subscription scope. | -| `policyRule` | object | The Policy Rule details for the Policy Definition. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `description` | string | `''` | | The policy definition description. | -| `displayName` | string | `''` | | The display name of the policy definition. Maximum length is 128 characters. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[deployment().location]` | | Location deployment metadata. | -| `managementGroupId` | string | `[managementGroup().name]` | | The group ID of the Management Group (Scope). If not provided, will use the current scope for deployment. | -| `metadata` | object | `{object}` | | The policy Definition metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | -| `mode` | string | `'All'` | `[All, Indexed, Microsoft.ContainerService.Data, Microsoft.KeyVault.Data, Microsoft.Kubernetes.Data, Microsoft.Network.Data]` | The policy definition mode. Default is All, Some examples are All, Indexed, Microsoft.KeyVault.Data. | -| `parameters` | object | `{object}` | | The policy definition parameters that can be used in policy definition references. | -| `subscriptionId` | string | `''` | | The subscription ID of the subscription (Scope). Cannot be used with managementGroupId. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Policy Definition Name. | -| `resourceId` | string | Policy Definition resource ID. | -| `roleDefinitionIds` | array | Policy Definition Role Definition IDs. | - -## Cross-referenced modules - -_None_ +## Usage examples -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. +The following module usage examples are retrieved from the content of the files hosted in the module's `tests` folder. >**Note**: The name of each example is based on the name of the file from which it is taken. >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -

Example 1: Mg.Common

+ >**Note**: To reference the module, please use the following syntax `br:bicep/modules/authorization.policy-definition:1.0.0`. + +- [Mg.Common](#example-1-mgcommon) +- [Mg.Min](#example-2-mgmin) +- [Sub.Common](#example-3-subcommon) +- [Sub.Min](#example-4-submin) + +### Example 1: _Mg.Common_
via Bicep module ```bicep -module policyDefinition './authorization/policy-definition/main.bicep' = { +module policyDefinition 'br:bicep/modules/authorization.policy-definition:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apdmgcom' params: { // Required parameters @@ -215,14 +186,14 @@ module policyDefinition './authorization/policy-definition/main.bicep' = {

-

Example 2: Mg.Min

+### Example 2: _Mg.Min_
via Bicep module ```bicep -module policyDefinition './authorization/policy-definition/main.bicep' = { +module policyDefinition 'br:bicep/modules/authorization.policy-definition:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apdmgmin' params: { // Required parameters @@ -308,14 +279,14 @@ module policyDefinition './authorization/policy-definition/main.bicep' = {

-

Example 3: Sub.Common

+### Example 3: _Sub.Common_
via Bicep module ```bicep -module policyDefinition './authorization/policy-definition/main.bicep' = { +module policyDefinition 'br:bicep/modules/authorization.policy-definition:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apdsubcom' params: { // Required parameters @@ -463,14 +434,14 @@ module policyDefinition './authorization/policy-definition/main.bicep' = {

-

Example 4: Sub.Min

+### Example 4: _Sub.Min_
via Bicep module ```bicep -module policyDefinition './authorization/policy-definition/main.bicep' = { +module policyDefinition 'br:bicep/modules/authorization.policy-definition:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apdsubmin' params: { // Required parameters @@ -557,6 +528,118 @@ module policyDefinition './authorization/policy-definition/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Specifies the name of the policy definition. Maximum length is 64 characters for management group scope and subscription scope. | +| [`policyRule`](#parameter-policyrule) | object | The Policy Rule details for the Policy Definition. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`description`](#parameter-description) | string | The policy definition description. | +| [`displayName`](#parameter-displayname) | string | The display name of the policy definition. Maximum length is 128 characters. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`managementGroupId`](#parameter-managementgroupid) | string | The group ID of the Management Group (Scope). If not provided, will use the current scope for deployment. | +| [`metadata`](#parameter-metadata) | object | The policy Definition metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | +| [`mode`](#parameter-mode) | string | The policy definition mode. Default is All, Some examples are All, Indexed, Microsoft.KeyVault.Data. | +| [`parameters`](#parameter-parameters) | object | The policy definition parameters that can be used in policy definition references. | +| [`subscriptionId`](#parameter-subscriptionid) | string | The subscription ID of the subscription (Scope). Cannot be used with managementGroupId. | + +### Parameter: `description` + +The policy definition description. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `displayName` + +The display name of the policy definition. Maximum length is 128 characters. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `managementGroupId` + +The group ID of the Management Group (Scope). If not provided, will use the current scope for deployment. +- Required: No +- Type: string +- Default: `[managementGroup().name]` + +### Parameter: `metadata` + +The policy Definition metadata. Metadata is an open ended object and is typically a collection of key-value pairs. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `mode` + +The policy definition mode. Default is All, Some examples are All, Indexed, Microsoft.KeyVault.Data. +- Required: No +- Type: string +- Default: `'All'` +- Allowed: `[All, Indexed, Microsoft.ContainerService.Data, Microsoft.KeyVault.Data, Microsoft.Kubernetes.Data, Microsoft.Network.Data]` + +### Parameter: `name` + +Specifies the name of the policy definition. Maximum length is 64 characters for management group scope and subscription scope. +- Required: Yes +- Type: string + +### Parameter: `parameters` + +The policy definition parameters that can be used in policy definition references. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `policyRule` + +The Policy Rule details for the Policy Definition. +- Required: Yes +- Type: object + +### Parameter: `subscriptionId` + +The subscription ID of the subscription (Scope). Cannot be used with managementGroupId. +- Required: No +- Type: string +- Default: `''` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | Policy Definition Name. | +| `resourceId` | string | Policy Definition resource ID. | +| `roleDefinitionIds` | array | Policy Definition Role Definition IDs. | + +## Cross-referenced modules + +_None_ + ## Notes ### Module Usage Guidance diff --git a/modules/authorization/policy-definition/main.json b/modules/authorization/policy-definition/main.json index 2d366af87f..0667382c4a 100644 --- a/modules/authorization/policy-definition/main.json +++ b/modules/authorization/policy-definition/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15749498802750084340" + "version": "0.22.6.54827", + "templateHash": "12398926446776214850" }, "name": "Policy Definitions (All scopes)", "description": "This module deploys a Policy Definition at a Management Group or Subscription scope.", @@ -156,8 +156,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "17859945353406314149" + "version": "0.22.6.54827", + "templateHash": "3632302304949681871" }, "name": "Policy Definitions (Management Group scope)", "description": "This module deploys a Policy Definition at a Management Group scope.", @@ -332,8 +332,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7453988849629465072" + "version": "0.22.6.54827", + "templateHash": "15610043692526006499" }, "name": "Policy Definitions (Subscription scope)", "description": "This module deploys a Policy Definition at a Subscription scope.", diff --git a/modules/authorization/policy-definition/management-group/README.md b/modules/authorization/policy-definition/management-group/README.md index 01780427c6..d09b6aad3e 100644 --- a/modules/authorization/policy-definition/management-group/README.md +++ b/modules/authorization/policy-definition/management-group/README.md @@ -19,27 +19,89 @@ This module deploys a Policy Definition at a Management Group scope. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Specifies the name of the policy definition. Maximum length is 64 characters. | -| `policyRule` | object | The Policy Rule details for the Policy Definition. | +| [`name`](#parameter-name) | string | Specifies the name of the policy definition. Maximum length is 64 characters. | +| [`policyRule`](#parameter-policyrule) | object | The Policy Rule details for the Policy Definition. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `description` | string | `''` | | The policy definition description. | -| `displayName` | string | `''` | | The display name of the policy definition. Maximum length is 128 characters. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[deployment().location]` | | Location deployment metadata. | -| `metadata` | object | `{object}` | | The policy Definition metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | -| `mode` | string | `'All'` | `[All, Indexed, Microsoft.ContainerService.Data, Microsoft.KeyVault.Data, Microsoft.Kubernetes.Data, Microsoft.Network.Data]` | The policy definition mode. Default is All, Some examples are All, Indexed, Microsoft.KeyVault.Data. | -| `parameters` | object | `{object}` | | The policy definition parameters that can be used in policy definition references. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`description`](#parameter-description) | string | The policy definition description. | +| [`displayName`](#parameter-displayname) | string | The display name of the policy definition. Maximum length is 128 characters. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`metadata`](#parameter-metadata) | object | The policy Definition metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | +| [`mode`](#parameter-mode) | string | The policy definition mode. Default is All, Some examples are All, Indexed, Microsoft.KeyVault.Data. | +| [`parameters`](#parameter-parameters) | object | The policy definition parameters that can be used in policy definition references. | + +### Parameter: `description` + +The policy definition description. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `displayName` + +The display name of the policy definition. Maximum length is 128 characters. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `metadata` + +The policy Definition metadata. Metadata is an open ended object and is typically a collection of key-value pairs. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `mode` + +The policy definition mode. Default is All, Some examples are All, Indexed, Microsoft.KeyVault.Data. +- Required: No +- Type: string +- Default: `'All'` +- Allowed: `[All, Indexed, Microsoft.ContainerService.Data, Microsoft.KeyVault.Data, Microsoft.Kubernetes.Data, Microsoft.Network.Data]` + +### Parameter: `name` + +Specifies the name of the policy definition. Maximum length is 64 characters. +- Required: Yes +- Type: string + +### Parameter: `parameters` + +The policy definition parameters that can be used in policy definition references. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `policyRule` + +The Policy Rule details for the Policy Definition. +- Required: Yes +- Type: object ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | Policy Definition Name. | | `resourceId` | string | Policy Definition resource ID. | diff --git a/modules/authorization/policy-definition/management-group/main.json b/modules/authorization/policy-definition/management-group/main.json index c1d82a9803..0c99261e72 100644 --- a/modules/authorization/policy-definition/management-group/main.json +++ b/modules/authorization/policy-definition/management-group/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "14890815799488372081" + "version": "0.22.6.54827", + "templateHash": "3632302304949681871" }, "name": "Policy Definitions (Management Group scope)", "description": "This module deploys a Policy Definition at a Management Group scope.", diff --git a/modules/authorization/policy-definition/subscription/README.md b/modules/authorization/policy-definition/subscription/README.md index 2557236387..acb2ee448d 100644 --- a/modules/authorization/policy-definition/subscription/README.md +++ b/modules/authorization/policy-definition/subscription/README.md @@ -19,27 +19,89 @@ This module deploys a Policy Definition at a Subscription scope. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Specifies the name of the policy definition. Maximum length is 64 characters. | -| `policyRule` | object | The Policy Rule details for the Policy Definition. | +| [`name`](#parameter-name) | string | Specifies the name of the policy definition. Maximum length is 64 characters. | +| [`policyRule`](#parameter-policyrule) | object | The Policy Rule details for the Policy Definition. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `description` | string | `''` | | The policy definition description. | -| `displayName` | string | `''` | | The display name of the policy definition. Maximum length is 128 characters. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[deployment().location]` | | Location deployment metadata. | -| `metadata` | object | `{object}` | | The policy Definition metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | -| `mode` | string | `'All'` | `[All, Indexed, Microsoft.ContainerService.Data, Microsoft.KeyVault.Data, Microsoft.Kubernetes.Data, Microsoft.Network.Data]` | The policy definition mode. Default is All, Some examples are All, Indexed, Microsoft.KeyVault.Data. | -| `parameters` | object | `{object}` | | The policy definition parameters that can be used in policy definition references. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`description`](#parameter-description) | string | The policy definition description. | +| [`displayName`](#parameter-displayname) | string | The display name of the policy definition. Maximum length is 128 characters. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`metadata`](#parameter-metadata) | object | The policy Definition metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | +| [`mode`](#parameter-mode) | string | The policy definition mode. Default is All, Some examples are All, Indexed, Microsoft.KeyVault.Data. | +| [`parameters`](#parameter-parameters) | object | The policy definition parameters that can be used in policy definition references. | + +### Parameter: `description` + +The policy definition description. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `displayName` + +The display name of the policy definition. Maximum length is 128 characters. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `metadata` + +The policy Definition metadata. Metadata is an open ended object and is typically a collection of key-value pairs. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `mode` + +The policy definition mode. Default is All, Some examples are All, Indexed, Microsoft.KeyVault.Data. +- Required: No +- Type: string +- Default: `'All'` +- Allowed: `[All, Indexed, Microsoft.ContainerService.Data, Microsoft.KeyVault.Data, Microsoft.Kubernetes.Data, Microsoft.Network.Data]` + +### Parameter: `name` + +Specifies the name of the policy definition. Maximum length is 64 characters. +- Required: Yes +- Type: string + +### Parameter: `parameters` + +The policy definition parameters that can be used in policy definition references. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `policyRule` + +The Policy Rule details for the Policy Definition. +- Required: Yes +- Type: object ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | Policy Definition Name. | | `resourceId` | string | Policy Definition resource ID. | diff --git a/modules/authorization/policy-definition/subscription/main.json b/modules/authorization/policy-definition/subscription/main.json index 9d45f6df13..d765d1b498 100644 --- a/modules/authorization/policy-definition/subscription/main.json +++ b/modules/authorization/policy-definition/subscription/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "14434059777291440353" + "version": "0.22.6.54827", + "templateHash": "15610043692526006499" }, "name": "Policy Definitions (Subscription scope)", "description": "This module deploys a Policy Definition at a Subscription scope.", diff --git a/modules/authorization/policy-exemption/README.md b/modules/authorization/policy-exemption/README.md index 50aeb359a3..948638c525 100644 --- a/modules/authorization/policy-exemption/README.md +++ b/modules/authorization/policy-exemption/README.md @@ -4,74 +4,43 @@ This module deploys a Policy Exemption at a Management Group, Subscription or Re ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/policyExemptions` | [2022-07-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-07-01-preview/policyExemptions) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Specifies the name of the policy exemption. Maximum length is 64 characters for management group, subscription and resource group scopes. | -| `policyAssignmentId` | string | The resource ID of the policy assignment that is being exempted. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `assignmentScopeValidation` | string | `''` | `['', Default, DoNotValidate]` | The option whether validate the exemption is at or under the assignment scope. | -| `description` | string | `''` | | The description of the policy exemption. | -| `displayName` | string | `''` | | The display name of the policy exemption. Maximum length is 128 characters. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `exemptionCategory` | string | `'Mitigated'` | `[Mitigated, Waiver]` | The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated. | -| `expiresOn` | string | `''` | | The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z. | -| `location` | string | `[deployment().location]` | | Location deployment metadata. | -| `managementGroupId` | string | `[managementGroup().name]` | | The group ID of the management group to be exempted from the policy assignment. If not provided, will use the current scope for deployment. | -| `metadata` | object | `{object}` | | The policy exemption metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | -| `policyDefinitionReferenceIds` | array | `[]` | | The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. | -| `resourceGroupName` | string | `''` | | The name of the resource group to be exempted from the policy assignment. Must also use the subscription ID parameter. | -| `resourceSelectors` | array | `[]` | | The resource selector list to filter policies by resource properties. | -| `subscriptionId` | string | `''` | | The subscription ID of the subscription to be exempted from the policy assignment. Cannot use with management group ID parameter. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Policy Exemption Name. | -| `resourceId` | string | Policy Exemption resource ID. | -| `scope` | string | Policy Exemption Scope. | - -## Cross-referenced modules - -_None_ - -## Deployment examples +## Usage examples -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. +The following module usage examples are retrieved from the content of the files hosted in the module's `tests` folder. >**Note**: The name of each example is based on the name of the file from which it is taken. >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -

Example 1: Mg.Common

+ >**Note**: To reference the module, please use the following syntax `br:bicep/modules/authorization.policy-exemption:1.0.0`. + +- [Mg.Common](#example-1-mgcommon) +- [Mg.Min](#example-2-mgmin) +- [Rg.Common](#example-3-rgcommon) +- [Rg.Min](#example-4-rgmin) +- [Sub.Common](#example-5-subcommon) +- [Sub.Min](#example-6-submin) + +### Example 1: _Mg.Common_
via Bicep module ```bicep -module policyExemption './authorization/policy-exemption/main.bicep' = { +module policyExemption 'br:bicep/modules/authorization.policy-exemption:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apemgcom' params: { // Required parameters @@ -177,14 +146,14 @@ module policyExemption './authorization/policy-exemption/main.bicep' = {

-

Example 2: Mg.Min

+### Example 2: _Mg.Min_
via Bicep module ```bicep -module policyExemption './authorization/policy-exemption/main.bicep' = { +module policyExemption 'br:bicep/modules/authorization.policy-exemption:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apemgmin' params: { // Required parameters @@ -226,14 +195,14 @@ module policyExemption './authorization/policy-exemption/main.bicep' = {

-

Example 3: Rg.Common

+### Example 3: _Rg.Common_
via Bicep module ```bicep -module policyExemption './authorization/policy-exemption/main.bicep' = { +module policyExemption 'br:bicep/modules/authorization.policy-exemption:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apergcom' params: { // Required parameters @@ -339,14 +308,14 @@ module policyExemption './authorization/policy-exemption/main.bicep' = {

-

Example 4: Rg.Min

+### Example 4: _Rg.Min_
via Bicep module ```bicep -module policyExemption './authorization/policy-exemption/main.bicep' = { +module policyExemption 'br:bicep/modules/authorization.policy-exemption:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apergmin' params: { // Required parameters @@ -388,14 +357,14 @@ module policyExemption './authorization/policy-exemption/main.bicep' = {

-

Example 5: Sub.Common

+### Example 5: _Sub.Common_
via Bicep module ```bicep -module policyExemption './authorization/policy-exemption/main.bicep' = { +module policyExemption 'br:bicep/modules/authorization.policy-exemption:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apesubcom' params: { // Required parameters @@ -501,14 +470,14 @@ module policyExemption './authorization/policy-exemption/main.bicep' = {

-

Example 6: Sub.Min

+### Example 6: _Sub.Min_
via Bicep module ```bicep -module policyExemption './authorization/policy-exemption/main.bicep' = { +module policyExemption 'br:bicep/modules/authorization.policy-exemption:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apesubmin' params: { // Required parameters @@ -551,6 +520,151 @@ module policyExemption './authorization/policy-exemption/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Specifies the name of the policy exemption. Maximum length is 64 characters for management group, subscription and resource group scopes. | +| [`policyAssignmentId`](#parameter-policyassignmentid) | string | The resource ID of the policy assignment that is being exempted. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`assignmentScopeValidation`](#parameter-assignmentscopevalidation) | string | The option whether validate the exemption is at or under the assignment scope. | +| [`description`](#parameter-description) | string | The description of the policy exemption. | +| [`displayName`](#parameter-displayname) | string | The display name of the policy exemption. Maximum length is 128 characters. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`exemptionCategory`](#parameter-exemptioncategory) | string | The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated. | +| [`expiresOn`](#parameter-expireson) | string | The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z. | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`managementGroupId`](#parameter-managementgroupid) | string | The group ID of the management group to be exempted from the policy assignment. If not provided, will use the current scope for deployment. | +| [`metadata`](#parameter-metadata) | object | The policy exemption metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | +| [`policyDefinitionReferenceIds`](#parameter-policydefinitionreferenceids) | array | The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. | +| [`resourceGroupName`](#parameter-resourcegroupname) | string | The name of the resource group to be exempted from the policy assignment. Must also use the subscription ID parameter. | +| [`resourceSelectors`](#parameter-resourceselectors) | array | The resource selector list to filter policies by resource properties. | +| [`subscriptionId`](#parameter-subscriptionid) | string | The subscription ID of the subscription to be exempted from the policy assignment. Cannot use with management group ID parameter. | + +### Parameter: `assignmentScopeValidation` + +The option whether validate the exemption is at or under the assignment scope. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Default, DoNotValidate]` + +### Parameter: `description` + +The description of the policy exemption. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `displayName` + +The display name of the policy exemption. Maximum length is 128 characters. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `exemptionCategory` + +The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated. +- Required: No +- Type: string +- Default: `'Mitigated'` +- Allowed: `[Mitigated, Waiver]` + +### Parameter: `expiresOn` + +The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `managementGroupId` + +The group ID of the management group to be exempted from the policy assignment. If not provided, will use the current scope for deployment. +- Required: No +- Type: string +- Default: `[managementGroup().name]` + +### Parameter: `metadata` + +The policy exemption metadata. Metadata is an open ended object and is typically a collection of key-value pairs. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +Specifies the name of the policy exemption. Maximum length is 64 characters for management group, subscription and resource group scopes. +- Required: Yes +- Type: string + +### Parameter: `policyAssignmentId` + +The resource ID of the policy assignment that is being exempted. +- Required: Yes +- Type: string + +### Parameter: `policyDefinitionReferenceIds` + +The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `resourceGroupName` + +The name of the resource group to be exempted from the policy assignment. Must also use the subscription ID parameter. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `resourceSelectors` + +The resource selector list to filter policies by resource properties. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `subscriptionId` + +The subscription ID of the subscription to be exempted from the policy assignment. Cannot use with management group ID parameter. +- Required: No +- Type: string +- Default: `''` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | Policy Exemption Name. | +| `resourceId` | string | Policy Exemption resource ID. | +| `scope` | string | Policy Exemption Scope. | + +## Cross-referenced modules + +_None_ + ## Notes ### Module Usage Guidance diff --git a/modules/authorization/policy-exemption/main.json b/modules/authorization/policy-exemption/main.json index a870d46d9b..37bb291bf4 100644 --- a/modules/authorization/policy-exemption/main.json +++ b/modules/authorization/policy-exemption/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7537469788100455482" + "version": "0.22.6.54827", + "templateHash": "5596643679633132129" }, "name": "Policy Exemptions (All scopes)", "description": "This module deploys a Policy Exemption at a Management Group, Subscription or Resource Group scope.", @@ -202,8 +202,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "5811278633353778987" + "version": "0.22.6.54827", + "templateHash": "5606667569084267633" }, "name": "Policy Exemptions (Management Group scope)", "description": "This module deploys a Policy Exemption at a Management Group scope.", @@ -413,8 +413,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "16790622898117117515" + "version": "0.22.6.54827", + "templateHash": "10613705515536903891" }, "name": "Policy Exemptions (Subscription scope)", "description": "This module deploys a Policy Exemption at a Subscription scope.", @@ -621,8 +621,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15066914920145194393" + "version": "0.22.6.54827", + "templateHash": "17689607806582642174" }, "name": "Policy Exemptions (Resource Group scope)", "description": "This module deploys a Policy Exemption at a Resource Group scope.", diff --git a/modules/authorization/policy-exemption/management-group/README.md b/modules/authorization/policy-exemption/management-group/README.md index 1bfb787eab..7cca1936a3 100644 --- a/modules/authorization/policy-exemption/management-group/README.md +++ b/modules/authorization/policy-exemption/management-group/README.md @@ -19,30 +19,114 @@ This module deploys a Policy Exemption at a Management Group scope. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Specifies the name of the policy exemption. Maximum length is 64 characters for management group scope. | -| `policyAssignmentId` | string | The resource ID of the policy assignment that is being exempted. | +| [`name`](#parameter-name) | string | Specifies the name of the policy exemption. Maximum length is 64 characters for management group scope. | +| [`policyAssignmentId`](#parameter-policyassignmentid) | string | The resource ID of the policy assignment that is being exempted. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `assignmentScopeValidation` | string | `''` | `['', Default, DoNotValidate]` | The option whether validate the exemption is at or under the assignment scope. | -| `description` | string | `''` | | The description of the policy exemption. | -| `displayName` | string | `''` | | The display name of the policy assignment. Maximum length is 128 characters. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `exemptionCategory` | string | `'Mitigated'` | `[Mitigated, Waiver]` | The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated. | -| `expiresOn` | string | `''` | | The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z. | -| `location` | string | `[deployment().location]` | | Location deployment metadata. | -| `metadata` | object | `{object}` | | The policy exemption metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | -| `policyDefinitionReferenceIds` | array | `[]` | | The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. | -| `resourceSelectors` | array | `[]` | | The resource selector list to filter policies by resource properties. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`assignmentScopeValidation`](#parameter-assignmentscopevalidation) | string | The option whether validate the exemption is at or under the assignment scope. | +| [`description`](#parameter-description) | string | The description of the policy exemption. | +| [`displayName`](#parameter-displayname) | string | The display name of the policy assignment. Maximum length is 128 characters. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`exemptionCategory`](#parameter-exemptioncategory) | string | The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated. | +| [`expiresOn`](#parameter-expireson) | string | The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z. | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`metadata`](#parameter-metadata) | object | The policy exemption metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | +| [`policyDefinitionReferenceIds`](#parameter-policydefinitionreferenceids) | array | The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. | +| [`resourceSelectors`](#parameter-resourceselectors) | array | The resource selector list to filter policies by resource properties. | + +### Parameter: `assignmentScopeValidation` + +The option whether validate the exemption is at or under the assignment scope. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Default, DoNotValidate]` + +### Parameter: `description` + +The description of the policy exemption. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `displayName` + +The display name of the policy assignment. Maximum length is 128 characters. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `exemptionCategory` + +The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated. +- Required: No +- Type: string +- Default: `'Mitigated'` +- Allowed: `[Mitigated, Waiver]` + +### Parameter: `expiresOn` + +The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `metadata` + +The policy exemption metadata. Metadata is an open ended object and is typically a collection of key-value pairs. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +Specifies the name of the policy exemption. Maximum length is 64 characters for management group scope. +- Required: Yes +- Type: string + +### Parameter: `policyAssignmentId` + +The resource ID of the policy assignment that is being exempted. +- Required: Yes +- Type: string + +### Parameter: `policyDefinitionReferenceIds` + +The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `resourceSelectors` + +The resource selector list to filter policies by resource properties. +- Required: No +- Type: array +- Default: `[]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | Policy Exemption Name. | | `resourceId` | string | Policy Exemption resource ID. | diff --git a/modules/authorization/policy-exemption/management-group/main.json b/modules/authorization/policy-exemption/management-group/main.json index 9d9e463ba8..8271a1ee56 100644 --- a/modules/authorization/policy-exemption/management-group/main.json +++ b/modules/authorization/policy-exemption/management-group/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "17592627855612646241" + "version": "0.22.6.54827", + "templateHash": "5606667569084267633" }, "name": "Policy Exemptions (Management Group scope)", "description": "This module deploys a Policy Exemption at a Management Group scope.", diff --git a/modules/authorization/policy-exemption/resource-group/README.md b/modules/authorization/policy-exemption/resource-group/README.md index 7fd6faa68a..cc3f54c9b9 100644 --- a/modules/authorization/policy-exemption/resource-group/README.md +++ b/modules/authorization/policy-exemption/resource-group/README.md @@ -19,29 +19,106 @@ This module deploys a Policy Exemption at a Resource Group scope. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Specifies the name of the policy exemption. Maximum length is 64 characters for resource group scope. | -| `policyAssignmentId` | string | The resource ID of the policy assignment that is being exempted. | +| [`name`](#parameter-name) | string | Specifies the name of the policy exemption. Maximum length is 64 characters for resource group scope. | +| [`policyAssignmentId`](#parameter-policyassignmentid) | string | The resource ID of the policy assignment that is being exempted. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `assignmentScopeValidation` | string | `''` | `['', Default, DoNotValidate]` | The option whether validate the exemption is at or under the assignment scope. | -| `description` | string | `''` | | The description of the policy exemption. | -| `displayName` | string | `''` | | The display name of the policy exemption. Maximum length is 128 characters. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `exemptionCategory` | string | `'Mitigated'` | `[Mitigated, Waiver]` | The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated. | -| `expiresOn` | string | `''` | | The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z. | -| `metadata` | object | `{object}` | | The policy exemption metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | -| `policyDefinitionReferenceIds` | array | `[]` | | The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. | -| `resourceSelectors` | array | `[]` | | The resource selector list to filter policies by resource properties. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`assignmentScopeValidation`](#parameter-assignmentscopevalidation) | string | The option whether validate the exemption is at or under the assignment scope. | +| [`description`](#parameter-description) | string | The description of the policy exemption. | +| [`displayName`](#parameter-displayname) | string | The display name of the policy exemption. Maximum length is 128 characters. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`exemptionCategory`](#parameter-exemptioncategory) | string | The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated. | +| [`expiresOn`](#parameter-expireson) | string | The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z. | +| [`metadata`](#parameter-metadata) | object | The policy exemption metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | +| [`policyDefinitionReferenceIds`](#parameter-policydefinitionreferenceids) | array | The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. | +| [`resourceSelectors`](#parameter-resourceselectors) | array | The resource selector list to filter policies by resource properties. | + +### Parameter: `assignmentScopeValidation` + +The option whether validate the exemption is at or under the assignment scope. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Default, DoNotValidate]` + +### Parameter: `description` + +The description of the policy exemption. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `displayName` + +The display name of the policy exemption. Maximum length is 128 characters. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `exemptionCategory` + +The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated. +- Required: No +- Type: string +- Default: `'Mitigated'` +- Allowed: `[Mitigated, Waiver]` + +### Parameter: `expiresOn` + +The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `metadata` + +The policy exemption metadata. Metadata is an open ended object and is typically a collection of key-value pairs. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +Specifies the name of the policy exemption. Maximum length is 64 characters for resource group scope. +- Required: Yes +- Type: string + +### Parameter: `policyAssignmentId` + +The resource ID of the policy assignment that is being exempted. +- Required: Yes +- Type: string + +### Parameter: `policyDefinitionReferenceIds` + +The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `resourceSelectors` + +The resource selector list to filter policies by resource properties. +- Required: No +- Type: array +- Default: `[]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | Policy Exemption Name. | | `resourceGroupName` | string | The name of the resource group the policy exemption was applied at. | diff --git a/modules/authorization/policy-exemption/resource-group/main.json b/modules/authorization/policy-exemption/resource-group/main.json index f9d5590f54..8672a1ff5d 100644 --- a/modules/authorization/policy-exemption/resource-group/main.json +++ b/modules/authorization/policy-exemption/resource-group/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13048294777047698866" + "version": "0.22.6.54827", + "templateHash": "17689607806582642174" }, "name": "Policy Exemptions (Resource Group scope)", "description": "This module deploys a Policy Exemption at a Resource Group scope.", diff --git a/modules/authorization/policy-exemption/subscription/README.md b/modules/authorization/policy-exemption/subscription/README.md index 82e45d2349..8094b8371f 100644 --- a/modules/authorization/policy-exemption/subscription/README.md +++ b/modules/authorization/policy-exemption/subscription/README.md @@ -19,30 +19,114 @@ This module deploys a Policy Exemption at a Subscription scope. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Specifies the name of the policy exemption. Maximum length is 64 characters for subscription scope. | -| `policyAssignmentId` | string | The resource ID of the policy assignment that is being exempted. | +| [`name`](#parameter-name) | string | Specifies the name of the policy exemption. Maximum length is 64 characters for subscription scope. | +| [`policyAssignmentId`](#parameter-policyassignmentid) | string | The resource ID of the policy assignment that is being exempted. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `assignmentScopeValidation` | string | `''` | `['', Default, DoNotValidate]` | The option whether validate the exemption is at or under the assignment scope. | -| `description` | string | `''` | | The description of the policy exemption. | -| `displayName` | string | `''` | | The display name of the policy exemption. Maximum length is 128 characters. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `exemptionCategory` | string | `'Mitigated'` | `[Mitigated, Waiver]` | The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated. | -| `expiresOn` | string | `''` | | The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z. | -| `location` | string | `[deployment().location]` | | Location deployment metadata. | -| `metadata` | object | `{object}` | | The policy exemption metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | -| `policyDefinitionReferenceIds` | array | `[]` | | The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. | -| `resourceSelectors` | array | `[]` | | The resource selector list to filter policies by resource properties. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`assignmentScopeValidation`](#parameter-assignmentscopevalidation) | string | The option whether validate the exemption is at or under the assignment scope. | +| [`description`](#parameter-description) | string | The description of the policy exemption. | +| [`displayName`](#parameter-displayname) | string | The display name of the policy exemption. Maximum length is 128 characters. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`exemptionCategory`](#parameter-exemptioncategory) | string | The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated. | +| [`expiresOn`](#parameter-expireson) | string | The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z. | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`metadata`](#parameter-metadata) | object | The policy exemption metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | +| [`policyDefinitionReferenceIds`](#parameter-policydefinitionreferenceids) | array | The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. | +| [`resourceSelectors`](#parameter-resourceselectors) | array | The resource selector list to filter policies by resource properties. | + +### Parameter: `assignmentScopeValidation` + +The option whether validate the exemption is at or under the assignment scope. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Default, DoNotValidate]` + +### Parameter: `description` + +The description of the policy exemption. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `displayName` + +The display name of the policy exemption. Maximum length is 128 characters. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `exemptionCategory` + +The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated. +- Required: No +- Type: string +- Default: `'Mitigated'` +- Allowed: `[Mitigated, Waiver]` + +### Parameter: `expiresOn` + +The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `metadata` + +The policy exemption metadata. Metadata is an open ended object and is typically a collection of key-value pairs. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +Specifies the name of the policy exemption. Maximum length is 64 characters for subscription scope. +- Required: Yes +- Type: string + +### Parameter: `policyAssignmentId` + +The resource ID of the policy assignment that is being exempted. +- Required: Yes +- Type: string + +### Parameter: `policyDefinitionReferenceIds` + +The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `resourceSelectors` + +The resource selector list to filter policies by resource properties. +- Required: No +- Type: array +- Default: `[]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | Policy Exemption Name. | | `resourceId` | string | Policy Exemption resource ID. | diff --git a/modules/authorization/policy-exemption/subscription/main.json b/modules/authorization/policy-exemption/subscription/main.json index 2418e1af36..b9bce72b18 100644 --- a/modules/authorization/policy-exemption/subscription/main.json +++ b/modules/authorization/policy-exemption/subscription/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "5067037150154630010" + "version": "0.22.6.54827", + "templateHash": "10613705515536903891" }, "name": "Policy Exemptions (Subscription scope)", "description": "This module deploys a Policy Exemption at a Subscription scope.", diff --git a/modules/authorization/policy-set-definition/README.md b/modules/authorization/policy-set-definition/README.md index aba3a1620c..1022488350 100644 --- a/modules/authorization/policy-set-definition/README.md +++ b/modules/authorization/policy-set-definition/README.md @@ -4,69 +4,41 @@ This module deploys a Policy Set Definition (Initiative) at a Management Group o ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/policySetDefinitions` | [2021-06-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2021-06-01/policySetDefinitions) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Specifies the name of the policy Set Definition (Initiative). | -| `policyDefinitions` | array | The array of Policy definitions object to include for this policy set. Each object must include the Policy definition ID, and optionally other properties like parameters. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `description` | string | `''` | The description name of the Set Definition (Initiative). | -| `displayName` | string | `''` | The display name of the Set Definition (Initiative). Maximum length is 128 characters. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[deployment().location]` | Location deployment metadata. | -| `managementGroupId` | string | `[managementGroup().name]` | The group ID of the Management Group (Scope). If not provided, will use the current scope for deployment. | -| `metadata` | object | `{object}` | The Set Definition (Initiative) metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | -| `parameters` | object | `{object}` | The Set Definition (Initiative) parameters that can be used in policy definition references. | -| `policyDefinitionGroups` | array | `[]` | The metadata describing groups of policy definition references within the Policy Set Definition (Initiative). | -| `subscriptionId` | string | `''` | The subscription ID of the subscription (Scope). Cannot be used with managementGroupId. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Policy Set Definition Name. | -| `resourceId` | string | Policy Set Definition resource ID. | - -## Cross-referenced modules +## Usage examples -_None_ - -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. +The following module usage examples are retrieved from the content of the files hosted in the module's `tests` folder. >**Note**: The name of each example is based on the name of the file from which it is taken. >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -

Example 1: Mg.Common

+ >**Note**: To reference the module, please use the following syntax `br:bicep/modules/authorization.policy-set-definition:1.0.0`. + +- [Mg.Common](#example-1-mgcommon) +- [Mg.Min](#example-2-mgmin) +- [Sub.Common](#example-3-subcommon) +- [Sub.Min](#example-4-submin) + +### Example 1: _Mg.Common_
via Bicep module ```bicep -module policySetDefinition './authorization/policy-set-definition/main.bicep' = { +module policySetDefinition 'br:bicep/modules/authorization.policy-set-definition:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apsdmgcom' params: { // Required parameters @@ -202,14 +174,14 @@ module policySetDefinition './authorization/policy-set-definition/main.bicep' =

-

Example 2: Mg.Min

+### Example 2: _Mg.Min_
via Bicep module ```bicep -module policySetDefinition './authorization/policy-set-definition/main.bicep' = { +module policySetDefinition 'br:bicep/modules/authorization.policy-set-definition:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apsdmgmin' params: { // Required parameters @@ -273,14 +245,14 @@ module policySetDefinition './authorization/policy-set-definition/main.bicep' =

-

Example 3: Sub.Common

+### Example 3: _Sub.Common_
via Bicep module ```bicep -module policySetDefinition './authorization/policy-set-definition/main.bicep' = { +module policySetDefinition 'br:bicep/modules/authorization.policy-set-definition:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apsdsubcom' params: { // Required parameters @@ -416,14 +388,14 @@ module policySetDefinition './authorization/policy-set-definition/main.bicep' =

-

Example 4: Sub.Min

+### Example 4: _Sub.Min_
via Bicep module ```bicep -module policySetDefinition './authorization/policy-set-definition/main.bicep' = { +module policySetDefinition 'br:bicep/modules/authorization.policy-set-definition:1.0.0' = { name: '${uniqueString(deployment().name)}-test-apsdsubmin' params: { // Required parameters @@ -488,6 +460,116 @@ module policySetDefinition './authorization/policy-set-definition/main.bicep' =

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Specifies the name of the policy Set Definition (Initiative). | +| [`policyDefinitions`](#parameter-policydefinitions) | array | The array of Policy definitions object to include for this policy set. Each object must include the Policy definition ID, and optionally other properties like parameters. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`description`](#parameter-description) | string | The description name of the Set Definition (Initiative). | +| [`displayName`](#parameter-displayname) | string | The display name of the Set Definition (Initiative). Maximum length is 128 characters. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`managementGroupId`](#parameter-managementgroupid) | string | The group ID of the Management Group (Scope). If not provided, will use the current scope for deployment. | +| [`metadata`](#parameter-metadata) | object | The Set Definition (Initiative) metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | +| [`parameters`](#parameter-parameters) | object | The Set Definition (Initiative) parameters that can be used in policy definition references. | +| [`policyDefinitionGroups`](#parameter-policydefinitiongroups) | array | The metadata describing groups of policy definition references within the Policy Set Definition (Initiative). | +| [`subscriptionId`](#parameter-subscriptionid) | string | The subscription ID of the subscription (Scope). Cannot be used with managementGroupId. | + +### Parameter: `description` + +The description name of the Set Definition (Initiative). +- Required: No +- Type: string +- Default: `''` + +### Parameter: `displayName` + +The display name of the Set Definition (Initiative). Maximum length is 128 characters. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `managementGroupId` + +The group ID of the Management Group (Scope). If not provided, will use the current scope for deployment. +- Required: No +- Type: string +- Default: `[managementGroup().name]` + +### Parameter: `metadata` + +The Set Definition (Initiative) metadata. Metadata is an open ended object and is typically a collection of key-value pairs. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +Specifies the name of the policy Set Definition (Initiative). +- Required: Yes +- Type: string + +### Parameter: `parameters` + +The Set Definition (Initiative) parameters that can be used in policy definition references. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `policyDefinitionGroups` + +The metadata describing groups of policy definition references within the Policy Set Definition (Initiative). +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `policyDefinitions` + +The array of Policy definitions object to include for this policy set. Each object must include the Policy definition ID, and optionally other properties like parameters. +- Required: Yes +- Type: array + +### Parameter: `subscriptionId` + +The subscription ID of the subscription (Scope). Cannot be used with managementGroupId. +- Required: No +- Type: string +- Default: `''` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | Policy Set Definition Name. | +| `resourceId` | string | Policy Set Definition resource ID. | + +## Cross-referenced modules + +_None_ + ## Notes ### Module Usage Guidance diff --git a/modules/authorization/policy-set-definition/main.json b/modules/authorization/policy-set-definition/main.json index 4416cb72bf..d0051bf41a 100644 --- a/modules/authorization/policy-set-definition/main.json +++ b/modules/authorization/policy-set-definition/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1831706179623308969" + "version": "0.22.6.54827", + "templateHash": "9153336425223705834" }, "name": "Policy Set Definitions (Initiatives) (All scopes)", "description": "This module deploys a Policy Set Definition (Initiative) at a Management Group or Subscription scope.", @@ -146,8 +146,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9278231745561513332" + "version": "0.22.6.54827", + "templateHash": "13574874097410910980" }, "name": "Policy Set Definitions (Initiatives) (Management Group scope)", "description": "This module deploys a Policy Set Definition (Initiative) at a Management Group scope.", @@ -305,8 +305,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "3357776167220688626" + "version": "0.22.6.54827", + "templateHash": "566743094418434146" }, "name": "Policy Set Definitions (Initiatives) (Subscription scope)", "description": "This module deploys a Policy Set Definition (Initiative) at a Subscription scope.", diff --git a/modules/authorization/policy-set-definition/management-group/README.md b/modules/authorization/policy-set-definition/management-group/README.md index 40de7bcd60..6e0a971597 100644 --- a/modules/authorization/policy-set-definition/management-group/README.md +++ b/modules/authorization/policy-set-definition/management-group/README.md @@ -19,27 +19,88 @@ This module deploys a Policy Set Definition (Initiative) at a Management Group s **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Specifies the name of the policy Set Definition (Initiative). | -| `policyDefinitions` | array | The array of Policy definitions object to include for this policy set. Each object must include the Policy definition ID, and optionally other properties like parameters. | +| [`name`](#parameter-name) | string | Specifies the name of the policy Set Definition (Initiative). | +| [`policyDefinitions`](#parameter-policydefinitions) | array | The array of Policy definitions object to include for this policy set. Each object must include the Policy definition ID, and optionally other properties like parameters. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `description` | string | `''` | The description name of the Set Definition (Initiative). | -| `displayName` | string | `''` | The display name of the Set Definition (Initiative). Maximum length is 128 characters. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[deployment().location]` | Location deployment metadata. | -| `metadata` | object | `{object}` | The Set Definition (Initiative) metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | -| `parameters` | object | `{object}` | The Set Definition (Initiative) parameters that can be used in policy definition references. | -| `policyDefinitionGroups` | array | `[]` | The metadata describing groups of policy definition references within the Policy Set Definition (Initiative). | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`description`](#parameter-description) | string | The description name of the Set Definition (Initiative). | +| [`displayName`](#parameter-displayname) | string | The display name of the Set Definition (Initiative). Maximum length is 128 characters. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`metadata`](#parameter-metadata) | object | The Set Definition (Initiative) metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | +| [`parameters`](#parameter-parameters) | object | The Set Definition (Initiative) parameters that can be used in policy definition references. | +| [`policyDefinitionGroups`](#parameter-policydefinitiongroups) | array | The metadata describing groups of policy definition references within the Policy Set Definition (Initiative). | + +### Parameter: `description` + +The description name of the Set Definition (Initiative). +- Required: No +- Type: string +- Default: `''` + +### Parameter: `displayName` + +The display name of the Set Definition (Initiative). Maximum length is 128 characters. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `metadata` + +The Set Definition (Initiative) metadata. Metadata is an open ended object and is typically a collection of key-value pairs. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +Specifies the name of the policy Set Definition (Initiative). +- Required: Yes +- Type: string + +### Parameter: `parameters` + +The Set Definition (Initiative) parameters that can be used in policy definition references. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `policyDefinitionGroups` + +The metadata describing groups of policy definition references within the Policy Set Definition (Initiative). +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `policyDefinitions` + +The array of Policy definitions object to include for this policy set. Each object must include the Policy definition ID, and optionally other properties like parameters. +- Required: Yes +- Type: array ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | Policy Set Definition Name. | | `resourceId` | string | Policy Set Definition resource ID. | diff --git a/modules/authorization/policy-set-definition/management-group/main.json b/modules/authorization/policy-set-definition/management-group/main.json index baa439be6e..9b627357b6 100644 --- a/modules/authorization/policy-set-definition/management-group/main.json +++ b/modules/authorization/policy-set-definition/management-group/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "1638152228410583836" + "version": "0.22.6.54827", + "templateHash": "13574874097410910980" }, "name": "Policy Set Definitions (Initiatives) (Management Group scope)", "description": "This module deploys a Policy Set Definition (Initiative) at a Management Group scope.", diff --git a/modules/authorization/policy-set-definition/subscription/README.md b/modules/authorization/policy-set-definition/subscription/README.md index 64b2597fe0..8b0f87ad46 100644 --- a/modules/authorization/policy-set-definition/subscription/README.md +++ b/modules/authorization/policy-set-definition/subscription/README.md @@ -19,27 +19,88 @@ This module deploys a Policy Set Definition (Initiative) at a Subscription scope **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Specifies the name of the policy Set Definition (Initiative). Maximum length is 64 characters for subscription scope. | -| `policyDefinitions` | array | The array of Policy definitions object to include for this policy set. Each object must include the Policy definition ID, and optionally other properties like parameters. | +| [`name`](#parameter-name) | string | Specifies the name of the policy Set Definition (Initiative). Maximum length is 64 characters for subscription scope. | +| [`policyDefinitions`](#parameter-policydefinitions) | array | The array of Policy definitions object to include for this policy set. Each object must include the Policy definition ID, and optionally other properties like parameters. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `description` | string | `''` | The description name of the Set Definition (Initiative). | -| `displayName` | string | `''` | The display name of the Set Definition (Initiative). Maximum length is 128 characters. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[deployment().location]` | Location deployment metadata. | -| `metadata` | object | `{object}` | The Set Definition (Initiative) metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | -| `parameters` | object | `{object}` | The Set Definition (Initiative) parameters that can be used in policy definition references. | -| `policyDefinitionGroups` | array | `[]` | The metadata describing groups of policy definition references within the Policy Set Definition (Initiative). | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`description`](#parameter-description) | string | The description name of the Set Definition (Initiative). | +| [`displayName`](#parameter-displayname) | string | The display name of the Set Definition (Initiative). Maximum length is 128 characters. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`metadata`](#parameter-metadata) | object | The Set Definition (Initiative) metadata. Metadata is an open ended object and is typically a collection of key-value pairs. | +| [`parameters`](#parameter-parameters) | object | The Set Definition (Initiative) parameters that can be used in policy definition references. | +| [`policyDefinitionGroups`](#parameter-policydefinitiongroups) | array | The metadata describing groups of policy definition references within the Policy Set Definition (Initiative). | + +### Parameter: `description` + +The description name of the Set Definition (Initiative). +- Required: No +- Type: string +- Default: `''` + +### Parameter: `displayName` + +The display name of the Set Definition (Initiative). Maximum length is 128 characters. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `metadata` + +The Set Definition (Initiative) metadata. Metadata is an open ended object and is typically a collection of key-value pairs. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `name` + +Specifies the name of the policy Set Definition (Initiative). Maximum length is 64 characters for subscription scope. +- Required: Yes +- Type: string + +### Parameter: `parameters` + +The Set Definition (Initiative) parameters that can be used in policy definition references. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `policyDefinitionGroups` + +The metadata describing groups of policy definition references within the Policy Set Definition (Initiative). +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `policyDefinitions` + +The array of Policy definitions object to include for this policy set. Each object must include the Policy definition ID, and optionally other properties like parameters. +- Required: Yes +- Type: array ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | Policy Set Definition Name. | | `resourceId` | string | Policy Set Definition resource ID. | diff --git a/modules/authorization/policy-set-definition/subscription/main.json b/modules/authorization/policy-set-definition/subscription/main.json index 430128e583..4f8ea43907 100644 --- a/modules/authorization/policy-set-definition/subscription/main.json +++ b/modules/authorization/policy-set-definition/subscription/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "8864751360907211482" + "version": "0.22.6.54827", + "templateHash": "566743094418434146" }, "name": "Policy Set Definitions (Initiatives) (Subscription scope)", "description": "This module deploys a Policy Set Definition (Initiative) at a Subscription scope.", diff --git a/modules/authorization/role-assignment/README.md b/modules/authorization/role-assignment/README.md index 005701544c..6db1e43c7f 100644 --- a/modules/authorization/role-assignment/README.md +++ b/modules/authorization/role-assignment/README.md @@ -4,71 +4,43 @@ This module deploys a Role Assignment at a Management Group, Subscription or Res ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `principalId` | string | The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity). | -| `roleDefinitionIdOrName` | string | You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `condition` | string | `''` | | The conditions on the role assignment. This limits the resources it can be assigned to. | -| `conditionVersion` | string | `'2.0'` | `[2.0]` | Version of the condition. Currently accepted value is "2.0". | -| `delegatedManagedIdentityResourceId` | string | `''` | | ID of the delegated managed identity resource. | -| `description` | string | `''` | | The description of the role assignment. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[deployment().location]` | | Location deployment metadata. | -| `managementGroupId` | string | `[managementGroup().name]` | | Group ID of the Management Group to assign the RBAC role to. If not provided, will use the current scope for deployment. | -| `principalType` | string | `''` | `['', Device, ForeignGroup, Group, ServicePrincipal, User]` | The principal type of the assigned principal ID. | -| `resourceGroupName` | string | `''` | | Name of the Resource Group to assign the RBAC role to. If Resource Group name is provided, and Subscription ID is provided, the module deploys at resource group level, therefore assigns the provided RBAC role to the resource group. | -| `subscriptionId` | string | `''` | | Subscription ID of the subscription to assign the RBAC role to. If no Resource Group name is provided, the module deploys at subscription level, therefore assigns the provided RBAC role to the subscription. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The GUID of the Role Assignment. | -| `resourceId` | string | The resource ID of the Role Assignment. | -| `scope` | string | The scope this Role Assignment applies to. | - -## Cross-referenced modules +## Usage examples -_None_ - -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. +The following module usage examples are retrieved from the content of the files hosted in the module's `tests` folder. >**Note**: The name of each example is based on the name of the file from which it is taken. >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -

Example 1: Mg.Common

+ >**Note**: To reference the module, please use the following syntax `br:bicep/modules/authorization.role-assignment:1.0.0`. + +- [Mg.Common](#example-1-mgcommon) +- [Mg.Min](#example-2-mgmin) +- [Rg.Common](#example-3-rgcommon) +- [Rg.Min](#example-4-rgmin) +- [Sub.Common](#example-5-subcommon) +- [Sub.Min](#example-6-submin) + +### Example 1: _Mg.Common_
via Bicep module ```bicep -module roleAssignment './authorization/role-assignment/main.bicep' = { +module roleAssignment 'br:bicep/modules/authorization.role-assignment:1.0.0' = { name: '${uniqueString(deployment().name)}-test-aramgcom' params: { // Required parameters @@ -122,14 +94,14 @@ module roleAssignment './authorization/role-assignment/main.bicep' = {

-

Example 2: Mg.Min

+### Example 2: _Mg.Min_
via Bicep module ```bicep -module roleAssignment './authorization/role-assignment/main.bicep' = { +module roleAssignment 'br:bicep/modules/authorization.role-assignment:1.0.0' = { name: '${uniqueString(deployment().name)}-test-aramgmin' params: { // Required parameters @@ -175,14 +147,14 @@ module roleAssignment './authorization/role-assignment/main.bicep' = {

-

Example 3: Rg.Common

+### Example 3: _Rg.Common_
via Bicep module ```bicep -module roleAssignment './authorization/role-assignment/main.bicep' = { +module roleAssignment 'br:bicep/modules/authorization.role-assignment:1.0.0' = { name: '${uniqueString(deployment().name)}-test-arargcom' params: { // Required parameters @@ -240,14 +212,14 @@ module roleAssignment './authorization/role-assignment/main.bicep' = {

-

Example 4: Rg.Min

+### Example 4: _Rg.Min_
via Bicep module ```bicep -module roleAssignment './authorization/role-assignment/main.bicep' = { +module roleAssignment 'br:bicep/modules/authorization.role-assignment:1.0.0' = { name: '${uniqueString(deployment().name)}-test-arargmin' params: { // Required parameters @@ -301,14 +273,14 @@ module roleAssignment './authorization/role-assignment/main.bicep' = {

-

Example 5: Sub.Common

+### Example 5: _Sub.Common_
via Bicep module ```bicep -module roleAssignment './authorization/role-assignment/main.bicep' = { +module roleAssignment 'br:bicep/modules/authorization.role-assignment:1.0.0' = { name: '${uniqueString(deployment().name)}-test-arasubcom' params: { // Required parameters @@ -362,14 +334,14 @@ module roleAssignment './authorization/role-assignment/main.bicep' = {

-

Example 6: Sub.Min

+### Example 6: _Sub.Min_
via Bicep module ```bicep -module roleAssignment './authorization/role-assignment/main.bicep' = { +module roleAssignment 'br:bicep/modules/authorization.role-assignment:1.0.0' = { name: '${uniqueString(deployment().name)}-test-arasubmin' params: { // Required parameters @@ -420,6 +392,127 @@ module roleAssignment './authorization/role-assignment/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-principalid) | string | The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity). | +| [`roleDefinitionIdOrName`](#parameter-roledefinitionidorname) | string | You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-condition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. | +| [`conditionVersion`](#parameter-conditionversion) | string | Version of the condition. Currently accepted value is "2.0". | +| [`delegatedManagedIdentityResourceId`](#parameter-delegatedmanagedidentityresourceid) | string | ID of the delegated managed identity resource. | +| [`description`](#parameter-description) | string | The description of the role assignment. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`managementGroupId`](#parameter-managementgroupid) | string | Group ID of the Management Group to assign the RBAC role to. If not provided, will use the current scope for deployment. | +| [`principalType`](#parameter-principaltype) | string | The principal type of the assigned principal ID. | +| [`resourceGroupName`](#parameter-resourcegroupname) | string | Name of the Resource Group to assign the RBAC role to. If Resource Group name is provided, and Subscription ID is provided, the module deploys at resource group level, therefore assigns the provided RBAC role to the resource group. | +| [`subscriptionId`](#parameter-subscriptionid) | string | Subscription ID of the subscription to assign the RBAC role to. If no Resource Group name is provided, the module deploys at subscription level, therefore assigns the provided RBAC role to the subscription. | + +### Parameter: `condition` + +The conditions on the role assignment. This limits the resources it can be assigned to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `conditionVersion` + +Version of the condition. Currently accepted value is "2.0". +- Required: No +- Type: string +- Default: `'2.0'` +- Allowed: `[2.0]` + +### Parameter: `delegatedManagedIdentityResourceId` + +ID of the delegated managed identity resource. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `description` + +The description of the role assignment. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `managementGroupId` + +Group ID of the Management Group to assign the RBAC role to. If not provided, will use the current scope for deployment. +- Required: No +- Type: string +- Default: `[managementGroup().name]` + +### Parameter: `principalId` + +The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity). +- Required: Yes +- Type: string + +### Parameter: `principalType` + +The principal type of the assigned principal ID. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Device, ForeignGroup, Group, ServicePrincipal, User]` + +### Parameter: `resourceGroupName` + +Name of the Resource Group to assign the RBAC role to. If Resource Group name is provided, and Subscription ID is provided, the module deploys at resource group level, therefore assigns the provided RBAC role to the resource group. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `roleDefinitionIdOrName` + +You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: Yes +- Type: string + +### Parameter: `subscriptionId` + +Subscription ID of the subscription to assign the RBAC role to. If no Resource Group name is provided, the module deploys at subscription level, therefore assigns the provided RBAC role to the subscription. +- Required: No +- Type: string +- Default: `''` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The GUID of the Role Assignment. | +| `resourceId` | string | The resource ID of the Role Assignment. | +| `scope` | string | The scope this Role Assignment applies to. | + +## Cross-referenced modules + +_None_ + ## Notes ### Module Usage Guidance diff --git a/modules/authorization/role-assignment/main.json b/modules/authorization/role-assignment/main.json index 23f3d4897d..0cf8880ab7 100644 --- a/modules/authorization/role-assignment/main.json +++ b/modules/authorization/role-assignment/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14335081108343042206" + "version": "0.22.6.54827", + "templateHash": "807341397297135440" }, "name": "Role Assignments (All scopes)", "description": "This module deploys a Role Assignment at a Management Group, Subscription or Resource Group scope.", @@ -167,8 +167,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "6412111068130570787" + "version": "0.22.6.54827", + "templateHash": "3058280694250439865" }, "name": "Role Assignments (Management Group scope)", "description": "This module deploys a Role Assignment at a Management Group scope.", @@ -756,8 +756,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "15330444935750176887" + "version": "0.22.6.54827", + "templateHash": "1741591761510469286" }, "name": "Role Assignments (Subscription scope)", "description": "This module deploys a Role Assignment at a Subscription scope.", @@ -1345,8 +1345,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "11095586144343595797" + "version": "0.22.6.54827", + "templateHash": "13714993030578518060" }, "name": "Role Assignments (Resource Group scope)", "description": "This module deploys a Role Assignment at a Resource Group scope.", diff --git a/modules/authorization/role-assignment/management-group/README.md b/modules/authorization/role-assignment/management-group/README.md index 911ac2c8e6..2166992af8 100644 --- a/modules/authorization/role-assignment/management-group/README.md +++ b/modules/authorization/role-assignment/management-group/README.md @@ -19,28 +19,98 @@ This module deploys a Role Assignment at a Management Group scope. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `principalId` | string | The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity). | -| `roleDefinitionIdOrName` | string | You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`principalId`](#parameter-principalid) | string | The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity). | +| [`roleDefinitionIdOrName`](#parameter-roledefinitionidorname) | string | You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `condition` | string | `''` | | The conditions on the role assignment. This limits the resources it can be assigned to. | -| `conditionVersion` | string | `'2.0'` | `[2.0]` | Version of the condition. Currently accepted value is "2.0". | -| `delegatedManagedIdentityResourceId` | string | `''` | | ID of the delegated managed identity resource. | -| `description` | string | `''` | | The description of the role assignment. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[deployment().location]` | | Location deployment metadata. | -| `managementGroupId` | string | `[managementGroup().name]` | | Group ID of the Management Group to assign the RBAC role to. If not provided, will use the current scope for deployment. | -| `principalType` | string | `''` | `['', Device, ForeignGroup, Group, ServicePrincipal, User]` | The principal type of the assigned principal ID. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-condition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. | +| [`conditionVersion`](#parameter-conditionversion) | string | Version of the condition. Currently accepted value is "2.0". | +| [`delegatedManagedIdentityResourceId`](#parameter-delegatedmanagedidentityresourceid) | string | ID of the delegated managed identity resource. | +| [`description`](#parameter-description) | string | The description of the role assignment. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`managementGroupId`](#parameter-managementgroupid) | string | Group ID of the Management Group to assign the RBAC role to. If not provided, will use the current scope for deployment. | +| [`principalType`](#parameter-principaltype) | string | The principal type of the assigned principal ID. | + +### Parameter: `condition` + +The conditions on the role assignment. This limits the resources it can be assigned to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `conditionVersion` + +Version of the condition. Currently accepted value is "2.0". +- Required: No +- Type: string +- Default: `'2.0'` +- Allowed: `[2.0]` + +### Parameter: `delegatedManagedIdentityResourceId` + +ID of the delegated managed identity resource. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `description` + +The description of the role assignment. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `managementGroupId` + +Group ID of the Management Group to assign the RBAC role to. If not provided, will use the current scope for deployment. +- Required: No +- Type: string +- Default: `[managementGroup().name]` + +### Parameter: `principalId` + +The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity). +- Required: Yes +- Type: string + +### Parameter: `principalType` + +The principal type of the assigned principal ID. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Device, ForeignGroup, Group, ServicePrincipal, User]` + +### Parameter: `roleDefinitionIdOrName` + +You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The GUID of the Role Assignment. | | `resourceId` | string | The resource ID of the Role Assignment. | diff --git a/modules/authorization/role-assignment/management-group/main.json b/modules/authorization/role-assignment/management-group/main.json index 5356f24b6f..c7695ece43 100644 --- a/modules/authorization/role-assignment/management-group/main.json +++ b/modules/authorization/role-assignment/management-group/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "5116103670131987468" + "version": "0.22.6.54827", + "templateHash": "3058280694250439865" }, "name": "Role Assignments (Management Group scope)", "description": "This module deploys a Role Assignment at a Management Group scope.", diff --git a/modules/authorization/role-assignment/resource-group/README.md b/modules/authorization/role-assignment/resource-group/README.md index a2cd0959a5..3699890e4a 100644 --- a/modules/authorization/role-assignment/resource-group/README.md +++ b/modules/authorization/role-assignment/resource-group/README.md @@ -19,28 +19,98 @@ This module deploys a Role Assignment at a Resource Group scope. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `principalId` | string | The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity). | -| `roleDefinitionIdOrName` | string | You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`principalId`](#parameter-principalid) | string | The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity). | +| [`roleDefinitionIdOrName`](#parameter-roledefinitionidorname) | string | You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `condition` | string | `''` | | The conditions on the role assignment. This limits the resources it can be assigned to. | -| `conditionVersion` | string | `'2.0'` | `[2.0]` | Version of the condition. Currently accepted value is "2.0". | -| `delegatedManagedIdentityResourceId` | string | `''` | | ID of the delegated managed identity resource. | -| `description` | string | `''` | | The description of the role assignment. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `principalType` | string | `''` | `['', Device, ForeignGroup, Group, ServicePrincipal, User]` | The principal type of the assigned principal ID. | -| `resourceGroupName` | string | `[resourceGroup().name]` | | Name of the Resource Group to assign the RBAC role to. If not provided, will use the current scope for deployment. | -| `subscriptionId` | string | `[subscription().subscriptionId]` | | Subscription ID of the subscription to assign the RBAC role to. If not provided, will use the current scope for deployment. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-condition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. | +| [`conditionVersion`](#parameter-conditionversion) | string | Version of the condition. Currently accepted value is "2.0". | +| [`delegatedManagedIdentityResourceId`](#parameter-delegatedmanagedidentityresourceid) | string | ID of the delegated managed identity resource. | +| [`description`](#parameter-description) | string | The description of the role assignment. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`principalType`](#parameter-principaltype) | string | The principal type of the assigned principal ID. | +| [`resourceGroupName`](#parameter-resourcegroupname) | string | Name of the Resource Group to assign the RBAC role to. If not provided, will use the current scope for deployment. | +| [`subscriptionId`](#parameter-subscriptionid) | string | Subscription ID of the subscription to assign the RBAC role to. If not provided, will use the current scope for deployment. | + +### Parameter: `condition` + +The conditions on the role assignment. This limits the resources it can be assigned to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `conditionVersion` + +Version of the condition. Currently accepted value is "2.0". +- Required: No +- Type: string +- Default: `'2.0'` +- Allowed: `[2.0]` + +### Parameter: `delegatedManagedIdentityResourceId` + +ID of the delegated managed identity resource. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `description` + +The description of the role assignment. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `principalId` + +The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity). +- Required: Yes +- Type: string + +### Parameter: `principalType` + +The principal type of the assigned principal ID. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Device, ForeignGroup, Group, ServicePrincipal, User]` + +### Parameter: `resourceGroupName` + +Name of the Resource Group to assign the RBAC role to. If not provided, will use the current scope for deployment. +- Required: No +- Type: string +- Default: `[resourceGroup().name]` + +### Parameter: `roleDefinitionIdOrName` + +You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: Yes +- Type: string + +### Parameter: `subscriptionId` + +Subscription ID of the subscription to assign the RBAC role to. If not provided, will use the current scope for deployment. +- Required: No +- Type: string +- Default: `[subscription().subscriptionId]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The GUID of the Role Assignment. | | `resourceGroupName` | string | The name of the resource group the role assignment was applied at. | diff --git a/modules/authorization/role-assignment/resource-group/main.json b/modules/authorization/role-assignment/resource-group/main.json index 056f28f034..3ce0469854 100644 --- a/modules/authorization/role-assignment/resource-group/main.json +++ b/modules/authorization/role-assignment/resource-group/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "1439450089488966223" + "version": "0.22.6.54827", + "templateHash": "13714993030578518060" }, "name": "Role Assignments (Resource Group scope)", "description": "This module deploys a Role Assignment at a Resource Group scope.", diff --git a/modules/authorization/role-assignment/subscription/README.md b/modules/authorization/role-assignment/subscription/README.md index 58b5d059a4..cf374e9f4d 100644 --- a/modules/authorization/role-assignment/subscription/README.md +++ b/modules/authorization/role-assignment/subscription/README.md @@ -19,28 +19,98 @@ This module deploys a Role Assignment at a Subscription scope. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `principalId` | string | The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity). | -| `roleDefinitionIdOrName` | string | You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`principalId`](#parameter-principalid) | string | The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity). | +| [`roleDefinitionIdOrName`](#parameter-roledefinitionidorname) | string | You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `condition` | string | `''` | | The conditions on the role assignment. This limits the resources it can be assigned to. | -| `conditionVersion` | string | `'2.0'` | `[2.0]` | Version of the condition. Currently accepted value is "2.0". | -| `delegatedManagedIdentityResourceId` | string | `''` | | ID of the delegated managed identity resource. | -| `description` | string | `''` | | The description of the role assignment. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[deployment().location]` | | Location deployment metadata. | -| `principalType` | string | `''` | `['', Device, ForeignGroup, Group, ServicePrincipal, User]` | The principal type of the assigned principal ID. | -| `subscriptionId` | string | `[subscription().subscriptionId]` | | Subscription ID of the subscription to assign the RBAC role to. If not provided, will use the current scope for deployment. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-condition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. | +| [`conditionVersion`](#parameter-conditionversion) | string | Version of the condition. Currently accepted value is "2.0". | +| [`delegatedManagedIdentityResourceId`](#parameter-delegatedmanagedidentityresourceid) | string | ID of the delegated managed identity resource. | +| [`description`](#parameter-description) | string | The description of the role assignment. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`principalType`](#parameter-principaltype) | string | The principal type of the assigned principal ID. | +| [`subscriptionId`](#parameter-subscriptionid) | string | Subscription ID of the subscription to assign the RBAC role to. If not provided, will use the current scope for deployment. | + +### Parameter: `condition` + +The conditions on the role assignment. This limits the resources it can be assigned to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `conditionVersion` + +Version of the condition. Currently accepted value is "2.0". +- Required: No +- Type: string +- Default: `'2.0'` +- Allowed: `[2.0]` + +### Parameter: `delegatedManagedIdentityResourceId` + +ID of the delegated managed identity resource. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `description` + +The description of the role assignment. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `principalId` + +The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity). +- Required: Yes +- Type: string + +### Parameter: `principalType` + +The principal type of the assigned principal ID. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Device, ForeignGroup, Group, ServicePrincipal, User]` + +### Parameter: `roleDefinitionIdOrName` + +You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: Yes +- Type: string + +### Parameter: `subscriptionId` + +Subscription ID of the subscription to assign the RBAC role to. If not provided, will use the current scope for deployment. +- Required: No +- Type: string +- Default: `[subscription().subscriptionId]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The GUID of the Role Assignment. | | `resourceId` | string | The resource ID of the Role Assignment. | diff --git a/modules/authorization/role-assignment/subscription/main.json b/modules/authorization/role-assignment/subscription/main.json index 751db130ed..12889ef5e5 100644 --- a/modules/authorization/role-assignment/subscription/main.json +++ b/modules/authorization/role-assignment/subscription/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "318736480892502738" + "version": "0.22.6.54827", + "templateHash": "1741591761510469286" }, "name": "Role Assignments (Subscription scope)", "description": "This module deploys a Role Assignment at a Subscription scope.", diff --git a/modules/authorization/role-definition/README.md b/modules/authorization/role-definition/README.md index 35163be1ba..e0cb4fe512 100644 --- a/modules/authorization/role-definition/README.md +++ b/modules/authorization/role-definition/README.md @@ -4,71 +4,43 @@ This module deploys a Role Definition at a Management Group, Subscription or Res ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/roleDefinitions` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleDefinitions) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `roleName` | string | Name of the custom RBAC role to be created. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `actions` | array | `[]` | List of allowed actions. | -| `assignableScopes` | array | `[]` | Role definition assignable scopes. If not provided, will use the current scope provided. | -| `dataActions` | array | `[]` | List of allowed data actions. This is not supported if the assignableScopes contains Management Group Scopes. | -| `description` | string | `''` | Description of the custom RBAC role to be created. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[deployment().location]` | Location deployment metadata. | -| `managementGroupId` | string | `[managementGroup().name]` | The group ID of the Management Group where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. | -| `notActions` | array | `[]` | List of denied actions. | -| `notDataActions` | array | `[]` | List of denied data actions. This is not supported if the assignableScopes contains Management Group Scopes. | -| `resourceGroupName` | string | `''` | The name of the Resource Group where the Role Definition and Target Scope will be applied to. | -| `subscriptionId` | string | `''` | The subscription ID where the Role Definition and Target Scope will be applied to. Use for both Subscription level and Resource Group Level. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The GUID of the Role Definition. | -| `resourceId` | string | The resource ID of the Role Definition. | -| `scope` | string | The scope this Role Definition applies to. | - -## Cross-referenced modules +## Usage examples -_None_ - -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. +The following module usage examples are retrieved from the content of the files hosted in the module's `tests` folder. >**Note**: The name of each example is based on the name of the file from which it is taken. >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -

Example 1: Mg.Common

+ >**Note**: To reference the module, please use the following syntax `br:bicep/modules/authorization.role-definition:1.0.0`. + +- [Mg.Common](#example-1-mgcommon) +- [Mg.Min](#example-2-mgmin) +- [Rg.Common](#example-3-rgcommon) +- [Rg.Min](#example-4-rgmin) +- [Sub.Common](#example-5-subcommon) +- [Sub.Min](#example-6-submin) + +### Example 1: _Mg.Common_
via Bicep module ```bicep -module roleDefinition './authorization/role-definition/main.bicep' = { +module roleDefinition 'br:bicep/modules/authorization.role-definition:1.0.0' = { name: '${uniqueString(deployment().name)}-test-ardmgcom' params: { // Required parameters @@ -140,14 +112,14 @@ module roleDefinition './authorization/role-definition/main.bicep' = {

-

Example 2: Mg.Min

+### Example 2: _Mg.Min_
via Bicep module ```bicep -module roleDefinition './authorization/role-definition/main.bicep' = { +module roleDefinition 'br:bicep/modules/authorization.role-definition:1.0.0' = { name: '${uniqueString(deployment().name)}-test-ardmgmin' params: { // Required parameters @@ -195,14 +167,14 @@ module roleDefinition './authorization/role-definition/main.bicep' = {

-

Example 3: Rg.Common

+### Example 3: _Rg.Common_
via Bicep module ```bicep -module roleDefinition './authorization/role-definition/main.bicep' = { +module roleDefinition 'br:bicep/modules/authorization.role-definition:1.0.0' = { name: '${uniqueString(deployment().name)}-test-ardrgcom' params: { // Required parameters @@ -290,14 +262,14 @@ module roleDefinition './authorization/role-definition/main.bicep' = {

-

Example 4: Rg.Min

+### Example 4: _Rg.Min_
via Bicep module ```bicep -module roleDefinition './authorization/role-definition/main.bicep' = { +module roleDefinition 'br:bicep/modules/authorization.role-definition:1.0.0' = { name: '${uniqueString(deployment().name)}-test-ardrgmin' params: { // Required parameters @@ -345,14 +317,14 @@ module roleDefinition './authorization/role-definition/main.bicep' = {

-

Example 5: Sub.Common

+### Example 5: _Sub.Common_
via Bicep module ```bicep -module roleDefinition './authorization/role-definition/main.bicep' = { +module roleDefinition 'br:bicep/modules/authorization.role-definition:1.0.0' = { name: '${uniqueString(deployment().name)}-test-ardsubcom' params: { // Required parameters @@ -440,14 +412,14 @@ module roleDefinition './authorization/role-definition/main.bicep' = {

-

Example 6: Sub.Min

+### Example 6: _Sub.Min_
via Bicep module ```bicep -module roleDefinition './authorization/role-definition/main.bicep' = { +module roleDefinition 'br:bicep/modules/authorization.role-definition:1.0.0' = { name: '${uniqueString(deployment().name)}-test-ardsubmin' params: { // Required parameters @@ -500,6 +472,126 @@ module roleDefinition './authorization/role-definition/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`roleName`](#parameter-rolename) | string | Name of the custom RBAC role to be created. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`actions`](#parameter-actions) | array | List of allowed actions. | +| [`assignableScopes`](#parameter-assignablescopes) | array | Role definition assignable scopes. If not provided, will use the current scope provided. | +| [`dataActions`](#parameter-dataactions) | array | List of allowed data actions. This is not supported if the assignableScopes contains Management Group Scopes. | +| [`description`](#parameter-description) | string | Description of the custom RBAC role to be created. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`managementGroupId`](#parameter-managementgroupid) | string | The group ID of the Management Group where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. | +| [`notActions`](#parameter-notactions) | array | List of denied actions. | +| [`notDataActions`](#parameter-notdataactions) | array | List of denied data actions. This is not supported if the assignableScopes contains Management Group Scopes. | +| [`resourceGroupName`](#parameter-resourcegroupname) | string | The name of the Resource Group where the Role Definition and Target Scope will be applied to. | +| [`subscriptionId`](#parameter-subscriptionid) | string | The subscription ID where the Role Definition and Target Scope will be applied to. Use for both Subscription level and Resource Group Level. | + +### Parameter: `actions` + +List of allowed actions. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `assignableScopes` + +Role definition assignable scopes. If not provided, will use the current scope provided. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `dataActions` + +List of allowed data actions. This is not supported if the assignableScopes contains Management Group Scopes. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `description` + +Description of the custom RBAC role to be created. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `managementGroupId` + +The group ID of the Management Group where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. +- Required: No +- Type: string +- Default: `[managementGroup().name]` + +### Parameter: `notActions` + +List of denied actions. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `notDataActions` + +List of denied data actions. This is not supported if the assignableScopes contains Management Group Scopes. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `resourceGroupName` + +The name of the Resource Group where the Role Definition and Target Scope will be applied to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `roleName` + +Name of the custom RBAC role to be created. +- Required: Yes +- Type: string + +### Parameter: `subscriptionId` + +The subscription ID where the Role Definition and Target Scope will be applied to. Use for both Subscription level and Resource Group Level. +- Required: No +- Type: string +- Default: `''` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `name` | string | The GUID of the Role Definition. | +| `resourceId` | string | The resource ID of the Role Definition. | +| `scope` | string | The scope this Role Definition applies to. | + +## Cross-referenced modules + +_None_ + ## Notes ### Module Usage Guidance diff --git a/modules/authorization/role-definition/main.json b/modules/authorization/role-definition/main.json index cf31e78348..51ac23254d 100644 --- a/modules/authorization/role-definition/main.json +++ b/modules/authorization/role-definition/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "18292113724809460809" + "version": "0.22.6.54827", + "templateHash": "16702773762135222765" }, "name": "Role Definitions (All scopes)", "description": "This module deploys a Role Definition at a Management Group, Subscription or Resource Group scope.", @@ -151,8 +151,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "1388091612585738122" + "version": "0.22.6.54827", + "templateHash": "5277764931156995532" }, "name": "Role Definitions (Management Group scope)", "description": "This module deploys a Role Definition at a Management Group scope.", @@ -313,8 +313,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "11994641933581262080" + "version": "0.22.6.54827", + "templateHash": "5911596219403447648" }, "name": "Role Definitions (Subscription scope)", "description": "This module deploys a Role Definition at a Subscription scope.", @@ -491,8 +491,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "51591651981484766" + "version": "0.22.6.54827", + "templateHash": "15123790149450958610" }, "name": "Role Definitions (Resource Group scope)", "description": "This module deploys a Role Definition at a Resource Group scope.", diff --git a/modules/authorization/role-definition/management-group/README.md b/modules/authorization/role-definition/management-group/README.md index 02a11b45bc..e892466ced 100644 --- a/modules/authorization/role-definition/management-group/README.md +++ b/modules/authorization/role-definition/management-group/README.md @@ -19,26 +19,81 @@ This module deploys a Role Definition at a Management Group scope. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `roleName` | string | Name of the custom RBAC role to be created. | +| [`roleName`](#parameter-rolename) | string | Name of the custom RBAC role to be created. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `actions` | array | `[]` | List of allowed actions. | -| `assignableScopes` | array | `[]` | Role definition assignable scopes. If not provided, will use the current scope provided. | -| `description` | string | `''` | Description of the custom RBAC role to be created. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[deployment().location]` | Location deployment metadata. | -| `managementGroupId` | string | `[managementGroup().name]` | The group ID of the Management Group where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. | -| `notActions` | array | `[]` | List of denied actions. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`actions`](#parameter-actions) | array | List of allowed actions. | +| [`assignableScopes`](#parameter-assignablescopes) | array | Role definition assignable scopes. If not provided, will use the current scope provided. | +| [`description`](#parameter-description) | string | Description of the custom RBAC role to be created. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`managementGroupId`](#parameter-managementgroupid) | string | The group ID of the Management Group where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. | +| [`notActions`](#parameter-notactions) | array | List of denied actions. | + +### Parameter: `actions` + +List of allowed actions. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `assignableScopes` + +Role definition assignable scopes. If not provided, will use the current scope provided. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `description` + +Description of the custom RBAC role to be created. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `managementGroupId` + +The group ID of the Management Group where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. +- Required: No +- Type: string +- Default: `[managementGroup().name]` + +### Parameter: `notActions` + +List of denied actions. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `roleName` + +Name of the custom RBAC role to be created. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The GUID of the Role Definition. | | `resourceId` | string | The resource ID of the Role Definition. | diff --git a/modules/authorization/role-definition/management-group/main.json b/modules/authorization/role-definition/management-group/main.json index cc28a185f9..00d197b4e8 100644 --- a/modules/authorization/role-definition/management-group/main.json +++ b/modules/authorization/role-definition/management-group/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "15321014984642305644" + "version": "0.22.6.54827", + "templateHash": "5277764931156995532" }, "name": "Role Definitions (Management Group scope)", "description": "This module deploys a Role Definition at a Management Group scope.", diff --git a/modules/authorization/role-definition/resource-group/README.md b/modules/authorization/role-definition/resource-group/README.md index 924c4eb112..1e5da9a0d7 100644 --- a/modules/authorization/role-definition/resource-group/README.md +++ b/modules/authorization/role-definition/resource-group/README.md @@ -19,28 +19,97 @@ This module deploys a Role Definition at a Resource Group scope. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `roleName` | string | Name of the custom RBAC role to be created. | +| [`roleName`](#parameter-rolename) | string | Name of the custom RBAC role to be created. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `actions` | array | `[]` | List of allowed actions. | -| `assignableScopes` | array | `[]` | Role definition assignable scopes. If not provided, will use the current scope provided. | -| `dataActions` | array | `[]` | List of allowed data actions. This is not supported if the assignableScopes contains Management Group Scopes. | -| `description` | string | `''` | Description of the custom RBAC role to be created. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `notActions` | array | `[]` | List of denied actions. | -| `notDataActions` | array | `[]` | List of denied data actions. This is not supported if the assignableScopes contains Management Group Scopes. | -| `resourceGroupName` | string | `[resourceGroup().name]` | The name of the Resource Group where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. | -| `subscriptionId` | string | `[subscription().subscriptionId]` | The subscription ID where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`actions`](#parameter-actions) | array | List of allowed actions. | +| [`assignableScopes`](#parameter-assignablescopes) | array | Role definition assignable scopes. If not provided, will use the current scope provided. | +| [`dataActions`](#parameter-dataactions) | array | List of allowed data actions. This is not supported if the assignableScopes contains Management Group Scopes. | +| [`description`](#parameter-description) | string | Description of the custom RBAC role to be created. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`notActions`](#parameter-notactions) | array | List of denied actions. | +| [`notDataActions`](#parameter-notdataactions) | array | List of denied data actions. This is not supported if the assignableScopes contains Management Group Scopes. | +| [`resourceGroupName`](#parameter-resourcegroupname) | string | The name of the Resource Group where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. | +| [`subscriptionId`](#parameter-subscriptionid) | string | The subscription ID where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. | + +### Parameter: `actions` + +List of allowed actions. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `assignableScopes` + +Role definition assignable scopes. If not provided, will use the current scope provided. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `dataActions` + +List of allowed data actions. This is not supported if the assignableScopes contains Management Group Scopes. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `description` + +Description of the custom RBAC role to be created. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `notActions` + +List of denied actions. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `notDataActions` + +List of denied data actions. This is not supported if the assignableScopes contains Management Group Scopes. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `resourceGroupName` + +The name of the Resource Group where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. +- Required: No +- Type: string +- Default: `[resourceGroup().name]` + +### Parameter: `roleName` + +Name of the custom RBAC role to be created. +- Required: Yes +- Type: string + +### Parameter: `subscriptionId` + +The subscription ID where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. +- Required: No +- Type: string +- Default: `[subscription().subscriptionId]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The GUID of the Role Definition. | | `resourceGroupName` | string | The name of the resource group the role definition was created at. | diff --git a/modules/authorization/role-definition/resource-group/main.json b/modules/authorization/role-definition/resource-group/main.json index 734ae5e18c..c10d685cc7 100644 --- a/modules/authorization/role-definition/resource-group/main.json +++ b/modules/authorization/role-definition/resource-group/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "13735806028928031798" + "version": "0.22.6.54827", + "templateHash": "15123790149450958610" }, "name": "Role Definitions (Resource Group scope)", "description": "This module deploys a Role Definition at a Resource Group scope.", diff --git a/modules/authorization/role-definition/subscription/README.md b/modules/authorization/role-definition/subscription/README.md index 3bbd9894b0..e0f96a3894 100644 --- a/modules/authorization/role-definition/subscription/README.md +++ b/modules/authorization/role-definition/subscription/README.md @@ -19,28 +19,97 @@ This module deploys a Role Definition at a Subscription scope. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `roleName` | string | Name of the custom RBAC role to be created. | +| [`roleName`](#parameter-rolename) | string | Name of the custom RBAC role to be created. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `actions` | array | `[]` | List of allowed actions. | -| `assignableScopes` | array | `[]` | Role definition assignable scopes. If not provided, will use the current scope provided. | -| `dataActions` | array | `[]` | List of allowed data actions. This is not supported if the assignableScopes contains Management Group Scopes. | -| `description` | string | `''` | Description of the custom RBAC role to be created. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[deployment().location]` | Location deployment metadata. | -| `notActions` | array | `[]` | List of denied actions. | -| `notDataActions` | array | `[]` | List of denied data actions. This is not supported if the assignableScopes contains Management Group Scopes. | -| `subscriptionId` | string | `[subscription().subscriptionId]` | The subscription ID where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`actions`](#parameter-actions) | array | List of allowed actions. | +| [`assignableScopes`](#parameter-assignablescopes) | array | Role definition assignable scopes. If not provided, will use the current scope provided. | +| [`dataActions`](#parameter-dataactions) | array | List of allowed data actions. This is not supported if the assignableScopes contains Management Group Scopes. | +| [`description`](#parameter-description) | string | Description of the custom RBAC role to be created. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location deployment metadata. | +| [`notActions`](#parameter-notactions) | array | List of denied actions. | +| [`notDataActions`](#parameter-notdataactions) | array | List of denied data actions. This is not supported if the assignableScopes contains Management Group Scopes. | +| [`subscriptionId`](#parameter-subscriptionid) | string | The subscription ID where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. | + +### Parameter: `actions` + +List of allowed actions. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `assignableScopes` + +Role definition assignable scopes. If not provided, will use the current scope provided. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `dataActions` + +List of allowed data actions. This is not supported if the assignableScopes contains Management Group Scopes. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `description` + +Description of the custom RBAC role to be created. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location deployment metadata. +- Required: No +- Type: string +- Default: `[deployment().location]` + +### Parameter: `notActions` + +List of denied actions. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `notDataActions` + +List of denied data actions. This is not supported if the assignableScopes contains Management Group Scopes. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `roleName` + +Name of the custom RBAC role to be created. +- Required: Yes +- Type: string + +### Parameter: `subscriptionId` + +The subscription ID where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. +- Required: No +- Type: string +- Default: `[subscription().subscriptionId]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The GUID of the Role Definition. | | `resourceId` | string | The resource ID of the Role Definition. | diff --git a/modules/authorization/role-definition/subscription/main.json b/modules/authorization/role-definition/subscription/main.json index 13af925166..ab79f1d69a 100644 --- a/modules/authorization/role-definition/subscription/main.json +++ b/modules/authorization/role-definition/subscription/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "9532889033437004469" + "version": "0.22.6.54827", + "templateHash": "5911596219403447648" }, "name": "Role Definitions (Subscription scope)", "description": "This module deploys a Role Definition at a Subscription scope.", diff --git a/modules/automation/automation-account/.test/common/main.test.bicep b/modules/automation/automation-account/.test/common/main.test.bicep index 2efb5d1f6e..7baf4a71e8 100644 --- a/modules/automation/automation-account/.test/common/main.test.bicep +++ b/modules/automation/automation-account/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/automation/automation-account/.test/min/main.test.bicep b/modules/automation/automation-account/.test/min/main.test.bicep index 85372aede7..17dcbd734b 100644 --- a/modules/automation/automation-account/.test/min/main.test.bicep +++ b/modules/automation/automation-account/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using Maximum Parameters' +metadata description = 'This instance deploys the module with the large set of possible parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/automation/automation-account/README.md b/modules/automation/automation-account/README.md index 92619970e8..e96f321154 100644 --- a/modules/automation/automation-account/README.md +++ b/modules/automation/automation-account/README.md @@ -5,10 +5,10 @@ This module deploys an Azure Automation Account. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -29,90 +29,30 @@ This module deploys an Azure Automation Account. | `Microsoft.OperationalInsights/workspaces/linkedServices` | [2020-08-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.OperationalInsights/2020-08-01/workspaces/linkedServices) | | `Microsoft.OperationsManagement/solutions` | [2015-11-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.OperationsManagement/2015-11-01-preview/solutions) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Automation Account. | - -**Conditional parameters** +## Usage examples -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `cMKKeyVaultResourceId` | string | `''` | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. | -| `cMKUserAssignedIdentityResourceId` | string | `''` | User assigned identity to use when fetching the customer managed key. Required if 'cMKKeyName' is not empty. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `cMKKeyName` | string | `''` | | The name of the customer managed key to use for encryption. | -| `cMKKeyVersion` | string | `''` | | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, DscNodeStatus, JobLogs, JobStreams]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `disableLocalAuth` | bool | `True` | | Disable local authentication profile used within the resource. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `gallerySolutions` | array | `[]` | | List of gallerySolutions to be created in the linked log analytics workspace. | -| `jobSchedules` | array | `[]` | | List of jobSchedules to be created in the automation account. | -| `linkedWorkspaceResourceId` | string | `''` | | ID of the log analytics workspace to be linked to the deployed automation account. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `modules` | array | `[]` | | List of modules to be created in the automation account. | -| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| `publicNetworkAccess` | string | `''` | `['', Disabled, Enabled]` | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `runbooks` | array | `[]` | | List of runbooks to be created in the automation account. | -| `schedules` | array | `[]` | | List of schedules to be created in the automation account. | -| `skuName` | string | `'Basic'` | `[Basic, Free]` | SKU name of the account. | -| `softwareUpdateConfigurations` | array | `[]` | | List of softwareUpdateConfigurations to be created in the automation account. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the Automation Account resource. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | -| `variables` | array | `[]` | | List of variables to be created in the automation account. | - - -## Outputs +The following module usage examples are retrieved from the content of the files hosted in the module's `tests` folder. + >**Note**: The name of each example is based on the name of the file from which it is taken. -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the deployed automation account. | -| `resourceGroupName` | string | The resource group of the deployed automation account. | -| `resourceId` | string | The resource ID of the deployed automation account. | -| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -## Cross-referenced modules + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/automation.automation-account:1.0.0`. -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). +- [Using only defaults](#example-1-using-only-defaults) +- [Encr](#example-2-encr) +- [Using Maximum Parameters](#example-3-using-maximum-parameters) -| Reference | Type | -| :-- | :-- | -| `network/private-endpoint` | Local reference | -| `operational-insights/workspace/linked-service` | Local reference | -| `operations-management/solution` | Local reference | +### Example 1: _Using only defaults_ -## Deployment examples +This instance deploys the module with the minimum set of required parameters. -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

via Bicep module ```bicep -module automationAccount './automation/automation-account/main.bicep' = { +module automationAccount 'br:bicep/modules/automation.automation-account:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-aacom' params: { // Required parameters @@ -548,14 +488,14 @@ module automationAccount './automation/automation-account/main.bicep' = {

-

Example 2: Encr

+### Example 2: _Encr_
via Bicep module ```bicep -module automationAccount './automation/automation-account/main.bicep' = { +module automationAccount 'br:bicep/modules/automation.automation-account:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-aaencr' params: { // Required parameters @@ -613,14 +553,17 @@ module automationAccount './automation/automation-account/main.bicep' = {

-

Example 3: Min

+### Example 3: _Using Maximum Parameters_ + +This instance deploys the module with the large set of possible parameters. +
via Bicep module ```bicep -module automationAccount './automation/automation-account/main.bicep' = { +module automationAccount 'br:bicep/modules/automation.automation-account:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-aamin' params: { // Required parameters @@ -657,3 +600,288 @@ module automationAccount './automation/automation-account/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the Automation Account. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`cMKKeyVaultResourceId`](#parameter-cmkkeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. | +| [`cMKUserAssignedIdentityResourceId`](#parameter-cmkuserassignedidentityresourceid) | string | User assigned identity to use when fetching the customer managed key. Required if 'cMKKeyName' is not empty. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`cMKKeyName`](#parameter-cmkkeyname) | string | The name of the customer managed key to use for encryption. | +| [`cMKKeyVersion`](#parameter-cmkkeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`disableLocalAuth`](#parameter-disablelocalauth) | bool | Disable local authentication profile used within the resource. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`gallerySolutions`](#parameter-gallerysolutions) | array | List of gallerySolutions to be created in the linked log analytics workspace. | +| [`jobSchedules`](#parameter-jobschedules) | array | List of jobSchedules to be created in the automation account. | +| [`linkedWorkspaceResourceId`](#parameter-linkedworkspaceresourceid) | string | ID of the log analytics workspace to be linked to the deployed automation account. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`modules`](#parameter-modules) | array | List of modules to be created in the automation account. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`runbooks`](#parameter-runbooks) | array | List of runbooks to be created in the automation account. | +| [`schedules`](#parameter-schedules) | array | List of schedules to be created in the automation account. | +| [`skuName`](#parameter-skuname) | string | SKU name of the account. | +| [`softwareUpdateConfigurations`](#parameter-softwareupdateconfigurations) | array | List of softwareUpdateConfigurations to be created in the automation account. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the Automation Account resource. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | +| [`variables`](#parameter-variables) | array | List of variables to be created in the automation account. | + +### Parameter: `cMKKeyName` + +The name of the customer managed key to use for encryption. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKKeyVaultResourceId` + +The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKKeyVersion` + +The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKUserAssignedIdentityResourceId` + +User assigned identity to use when fetching the customer managed key. Required if 'cMKKeyName' is not empty. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, DscNodeStatus, JobLogs, JobStreams]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `disableLocalAuth` + +Disable local authentication profile used within the resource. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `gallerySolutions` + +List of gallerySolutions to be created in the linked log analytics workspace. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `jobSchedules` + +List of jobSchedules to be created in the automation account. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `linkedWorkspaceResourceId` + +ID of the log analytics workspace to be linked to the deployed automation account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `modules` + +List of modules to be created in the automation account. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `name` + +Name of the Automation Account. +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints` + +Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `publicNetworkAccess` + +Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Disabled, Enabled]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `runbooks` + +List of runbooks to be created in the automation account. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `schedules` + +List of schedules to be created in the automation account. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `skuName` + +SKU name of the account. +- Required: No +- Type: string +- Default: `'Basic'` +- Allowed: `[Basic, Free]` + +### Parameter: `softwareUpdateConfigurations` + +List of softwareUpdateConfigurations to be created in the automation account. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the Automation Account resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `variables` + +List of variables to be created in the automation account. +- Required: No +- Type: array +- Default: `[]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the deployed automation account. | +| `resourceGroupName` | string | The resource group of the deployed automation account. | +| `resourceId` | string | The resource ID of the deployed automation account. | +| `systemAssignedPrincipalId` | string | The principal ID of the system assigned identity. | + +## Cross-referenced modules + +_None_ diff --git a/modules/automation/automation-account/job-schedule/README.md b/modules/automation/automation-account/job-schedule/README.md index d5f88fc047..57460c8123 100644 --- a/modules/automation/automation-account/job-schedule/README.md +++ b/modules/automation/automation-account/job-schedule/README.md @@ -19,35 +19,81 @@ This module deploys an Azure Automation Account Job Schedule. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `runbookName` | string | The runbook property associated with the entity. | -| `scheduleName` | string | The schedule property associated with the entity. | +| [`runbookName`](#parameter-runbookname) | string | The runbook property associated with the entity. | +| [`scheduleName`](#parameter-schedulename) | string | The schedule property associated with the entity. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `automationAccountName` | string | The name of the parent Automation Account. Required if the template is used in a standalone deployment. | +| [`automationAccountName`](#parameter-automationaccountname) | string | The name of the parent Automation Account. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `parameters` | object | `{object}` | List of job properties. | -| `runOn` | string | `''` | The hybrid worker group that the scheduled job should run on. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`parameters`](#parameter-parameters) | object | List of job properties. | +| [`runOn`](#parameter-runon) | string | The hybrid worker group that the scheduled job should run on. | **Generated parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `name` | string | `[newGuid()]` | Name of the Automation Account job schedule. Must be a GUID and is autogenerated. No need to provide this value. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the Automation Account job schedule. Must be a GUID and is autogenerated. No need to provide this value. | + +### Parameter: `automationAccountName` + +The name of the parent Automation Account. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +Name of the Automation Account job schedule. Must be a GUID and is autogenerated. No need to provide this value. +- Required: No +- Type: string +- Default: `[newGuid()]` + +### Parameter: `parameters` + +List of job properties. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `runbookName` + +The runbook property associated with the entity. +- Required: Yes +- Type: string + +### Parameter: `runOn` + +The hybrid worker group that the scheduled job should run on. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `scheduleName` + +The schedule property associated with the entity. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed job schedule. | | `resourceGroupName` | string | The resource group of the deployed job schedule. | diff --git a/modules/automation/automation-account/job-schedule/main.json b/modules/automation/automation-account/job-schedule/main.json index 5fee90a026..bb8ec2e35b 100644 --- a/modules/automation/automation-account/job-schedule/main.json +++ b/modules/automation/automation-account/job-schedule/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "12038142052110102548" + "version": "0.22.6.54827", + "templateHash": "7560418296837405700" }, "name": "Automation Account Job Schedules", "description": "This module deploys an Azure Automation Account Job Schedule.", diff --git a/modules/automation/automation-account/main.json b/modules/automation/automation-account/main.json index 413b25d49a..e99ac28588 100644 --- a/modules/automation/automation-account/main.json +++ b/modules/automation/automation-account/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "715583337826412599" + "version": "0.22.6.54827", + "templateHash": "14616774767362362836" }, "name": "Automation Accounts", "description": "This module deploys an Azure Automation Account.", @@ -387,8 +387,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "6993581259043167782" + "version": "0.22.6.54827", + "templateHash": "15709477569881004771" }, "name": "Automation Account Modules", "description": "This module deploys an Azure Automation Account Module.", @@ -544,8 +544,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14615504958276169101" + "version": "0.22.6.54827", + "templateHash": "4119330639685982378" }, "name": "Automation Account Schedules", "description": "This module deploys an Azure Automation Account Schedule.", @@ -740,8 +740,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14475542689236047442" + "version": "0.22.6.54827", + "templateHash": "18248893160569507204" }, "name": "Automation Account Runbooks", "description": "This module deploys an Azure Automation Account Runbook.", @@ -945,8 +945,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "12703294720660038691" + "version": "0.22.6.54827", + "templateHash": "7560418296837405700" }, "name": "Automation Account Job Schedules", "description": "This module deploys an Azure Automation Account Job Schedule.", @@ -1097,8 +1097,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10724020478275741370" + "version": "0.22.6.54827", + "templateHash": "17400819380217562013" }, "name": "Automation Account Variables", "description": "This module deploys an Azure Automation Account Variable.", @@ -1235,8 +1235,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7090165993767697446" + "version": "0.22.6.54827", + "templateHash": "15022791045507209174" }, "name": "Log Analytics Workspace Linked Services", "description": "This module deploys a Log Analytics Workspace Linked Service.", @@ -1377,8 +1377,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9052763253522380709" + "version": "0.22.6.54827", + "templateHash": "2318608107759137473" }, "name": "Operations Management Solutions", "description": "This module deploys an Operations Management Solution.", @@ -1563,8 +1563,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "17973053005173772952" + "version": "0.22.6.54827", + "templateHash": "10775503419002427646" }, "name": "Automation Account Software Update Configurations", "description": "This module deploys an Azure Automation Account Software Update Configuration.", @@ -2035,8 +2035,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14580007913383558904" + "version": "0.22.6.54827", + "templateHash": "2884140170473394983" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -2235,8 +2235,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2469208411936339153" + "version": "0.22.6.54827", + "templateHash": "5610247137574346230" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -2373,8 +2373,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.22.6.54827", + "templateHash": "14351187799927334028" } }, "parameters": { @@ -2587,8 +2587,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "10676519467876912979" + "version": "0.22.6.54827", + "templateHash": "10195514445399502357" } }, "parameters": { diff --git a/modules/automation/automation-account/module/README.md b/modules/automation/automation-account/module/README.md index 21ea5e81c4..bba5a2892b 100644 --- a/modules/automation/automation-account/module/README.md +++ b/modules/automation/automation-account/module/README.md @@ -19,30 +19,76 @@ This module deploys an Azure Automation Account Module. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Name of the Automation Account module. | -| `uri` | string | Module package URI, e.g. https://www.powershellgallery.com/api/v2/package. | +| [`name`](#parameter-name) | string | Name of the Automation Account module. | +| [`uri`](#parameter-uri) | string | Module package URI, e.g. https://www.powershellgallery.com/api/v2/package. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `automationAccountName` | string | The name of the parent Automation Account. Required if the template is used in a standalone deployment. | +| [`automationAccountName`](#parameter-automationaccountname) | string | The name of the parent Automation Account. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | Location for all resources. | -| `tags` | object | `{object}` | Tags of the Automation Account resource. | -| `version` | string | `'latest'` | Module version or specify latest to get the latest version. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`tags`](#parameter-tags) | object | Tags of the Automation Account resource. | +| [`version`](#parameter-version) | string | Module version or specify latest to get the latest version. | + +### Parameter: `automationAccountName` + +The name of the parent Automation Account. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +Name of the Automation Account module. +- Required: Yes +- Type: string + +### Parameter: `tags` + +Tags of the Automation Account resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `uri` + +Module package URI, e.g. https://www.powershellgallery.com/api/v2/package. +- Required: Yes +- Type: string + +### Parameter: `version` + +Module version or specify latest to get the latest version. +- Required: No +- Type: string +- Default: `'latest'` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the deployed module. | diff --git a/modules/automation/automation-account/module/main.json b/modules/automation/automation-account/module/main.json index 92e1b857bf..bf3c18c30b 100644 --- a/modules/automation/automation-account/module/main.json +++ b/modules/automation/automation-account/module/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "12776439865232935886" + "version": "0.22.6.54827", + "templateHash": "15709477569881004771" }, "name": "Automation Account Modules", "description": "This module deploys an Azure Automation Account Module.", diff --git a/modules/automation/automation-account/runbook/README.md b/modules/automation/automation-account/runbook/README.md index 5712d4182b..8cb4f7f0c8 100644 --- a/modules/automation/automation-account/runbook/README.md +++ b/modules/automation/automation-account/runbook/README.md @@ -19,40 +19,122 @@ This module deploys an Azure Automation Account Runbook. **Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `name` | string | | Name of the Automation Account runbook. | -| `type` | string | `[Graph, GraphPowerShell, GraphPowerShellWorkflow, PowerShell, PowerShellWorkflow]` | The type of the runbook. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the Automation Account runbook. | +| [`type`](#parameter-type) | string | The type of the runbook. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `automationAccountName` | string | The name of the parent Automation Account. Required if the template is used in a standalone deployment. | +| [`automationAccountName`](#parameter-automationaccountname) | string | The name of the parent Automation Account. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `description` | string | `''` | The description of the runbook. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | Location for all resources. | -| `sasTokenValidityLength` | string | `'PT8H'` | SAS token validity length. Usage: 'PT8H' - valid for 8 hours; 'P5D' - valid for 5 days; 'P1Y' - valid for 1 year. When not provided, the SAS token will be valid for 8 hours. | -| `scriptStorageAccountId` | string | `''` | ID of the runbook storage account. | -| `tags` | object | `{object}` | Tags of the Automation Account resource. | -| `uri` | string | `''` | The uri of the runbook content. | -| `version` | string | `''` | The version of the runbook content. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`description`](#parameter-description) | string | The description of the runbook. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`sasTokenValidityLength`](#parameter-sastokenvaliditylength) | string | SAS token validity length. Usage: 'PT8H' - valid for 8 hours; 'P5D' - valid for 5 days; 'P1Y' - valid for 1 year. When not provided, the SAS token will be valid for 8 hours. | +| [`scriptStorageAccountId`](#parameter-scriptstorageaccountid) | string | ID of the runbook storage account. | +| [`tags`](#parameter-tags) | object | Tags of the Automation Account resource. | +| [`uri`](#parameter-uri) | string | The uri of the runbook content. | +| [`version`](#parameter-version) | string | The version of the runbook content. | **Generated parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `baseTime` | string | `[utcNow('u')]` | Time used as a basis for e.g. the schedule start date. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`baseTime`](#parameter-basetime) | string | Time used as a basis for e.g. the schedule start date. | + +### Parameter: `automationAccountName` + +The name of the parent Automation Account. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `baseTime` + +Time used as a basis for e.g. the schedule start date. +- Required: No +- Type: string +- Default: `[utcNow('u')]` + +### Parameter: `description` + +The description of the runbook. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +Name of the Automation Account runbook. +- Required: Yes +- Type: string + +### Parameter: `sasTokenValidityLength` + +SAS token validity length. Usage: 'PT8H' - valid for 8 hours; 'P5D' - valid for 5 days; 'P1Y' - valid for 1 year. When not provided, the SAS token will be valid for 8 hours. +- Required: No +- Type: string +- Default: `'PT8H'` + +### Parameter: `scriptStorageAccountId` + +ID of the runbook storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `tags` + +Tags of the Automation Account resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `type` + +The type of the runbook. +- Required: Yes +- Type: string +- Allowed: `[Graph, GraphPowerShell, GraphPowerShellWorkflow, PowerShell, PowerShellWorkflow]` + +### Parameter: `uri` + +The uri of the runbook content. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `version` + +The version of the runbook content. +- Required: No +- Type: string +- Default: `''` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the deployed runbook. | diff --git a/modules/automation/automation-account/runbook/main.json b/modules/automation/automation-account/runbook/main.json index 21cabe276d..3a2f126c75 100644 --- a/modules/automation/automation-account/runbook/main.json +++ b/modules/automation/automation-account/runbook/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "123190998372280958" + "version": "0.22.6.54827", + "templateHash": "18248893160569507204" }, "name": "Automation Account Runbooks", "description": "This module deploys an Azure Automation Account Runbook.", diff --git a/modules/automation/automation-account/schedule/README.md b/modules/automation/automation-account/schedule/README.md index c337d0a7a1..df92b24d03 100644 --- a/modules/automation/automation-account/schedule/README.md +++ b/modules/automation/automation-account/schedule/README.md @@ -19,39 +19,115 @@ This module deploys an Azure Automation Account Schedule. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | Name of the Automation Account schedule. | +| [`name`](#parameter-name) | string | Name of the Automation Account schedule. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `automationAccountName` | string | The name of the parent Automation Account. Required if the template is used in a standalone deployment. | +| [`automationAccountName`](#parameter-automationaccountname) | string | The name of the parent Automation Account. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `advancedSchedule` | object | `{object}` | | The properties of the create Advanced Schedule. | -| `description` | string | `''` | | The description of the schedule. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `expiryTime` | string | `''` | | The end time of the schedule. | -| `frequency` | string | `'OneTime'` | `[Day, Hour, Minute, Month, OneTime, Week]` | The frequency of the schedule. | -| `interval` | int | `0` | | Anything. | -| `startTime` | string | `''` | | The start time of the schedule. | -| `timeZone` | string | `''` | | The time zone of the schedule. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`advancedSchedule`](#parameter-advancedschedule) | object | The properties of the create Advanced Schedule. | +| [`description`](#parameter-description) | string | The description of the schedule. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`expiryTime`](#parameter-expirytime) | string | The end time of the schedule. | +| [`frequency`](#parameter-frequency) | string | The frequency of the schedule. | +| [`interval`](#parameter-interval) | int | Anything. | +| [`startTime`](#parameter-starttime) | string | The start time of the schedule. | +| [`timeZone`](#parameter-timezone) | string | The time zone of the schedule. | **Generated parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `baseTime` | string | `[utcNow('u')]` | Time used as a basis for e.g. the schedule start date. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`baseTime`](#parameter-basetime) | string | Time used as a basis for e.g. the schedule start date. | + +### Parameter: `advancedSchedule` + +The properties of the create Advanced Schedule. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `automationAccountName` + +The name of the parent Automation Account. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `baseTime` + +Time used as a basis for e.g. the schedule start date. +- Required: No +- Type: string +- Default: `[utcNow('u')]` + +### Parameter: `description` + +The description of the schedule. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `expiryTime` + +The end time of the schedule. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `frequency` + +The frequency of the schedule. +- Required: No +- Type: string +- Default: `'OneTime'` +- Allowed: `[Day, Hour, Minute, Month, OneTime, Week]` + +### Parameter: `interval` + +Anything. +- Required: No +- Type: int +- Default: `0` + +### Parameter: `name` + +Name of the Automation Account schedule. +- Required: Yes +- Type: string + +### Parameter: `startTime` + +The start time of the schedule. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `timeZone` + +The time zone of the schedule. +- Required: No +- Type: string +- Default: `''` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed schedule. | | `resourceGroupName` | string | The resource group of the deployed schedule. | diff --git a/modules/automation/automation-account/schedule/main.json b/modules/automation/automation-account/schedule/main.json index b76ec06a61..4183686e3a 100644 --- a/modules/automation/automation-account/schedule/main.json +++ b/modules/automation/automation-account/schedule/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "5807574740331814274" + "version": "0.22.6.54827", + "templateHash": "4119330639685982378" }, "name": "Automation Account Schedules", "description": "This module deploys an Azure Automation Account Schedule.", diff --git a/modules/automation/automation-account/software-update-configuration/README.md b/modules/automation/automation-account/software-update-configuration/README.md index 4504591720..97acf050e6 100644 --- a/modules/automation/automation-account/software-update-configuration/README.md +++ b/modules/automation/automation-account/software-update-configuration/README.md @@ -20,62 +20,302 @@ This module deploys an Azure Automation Account Software Update Configuration. **Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `frequency` | string | `[Day, Hour, Month, OneTime, Week]` | The frequency of the deployment schedule. When using 'Hour', 'Day', 'Week' or 'Month', an interval needs to be provided. | -| `name` | string | | The name of the Deployment schedule. | -| `operatingSystem` | string | `[Linux, Windows]` | The operating system to be configured by the deployment schedule. | -| `rebootSetting` | string | `[Always, IfRequired, Never, RebootOnly]` | Reboot setting for the deployment schedule. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`frequency`](#parameter-frequency) | string | The frequency of the deployment schedule. When using 'Hour', 'Day', 'Week' or 'Month', an interval needs to be provided. | +| [`name`](#parameter-name) | string | The name of the Deployment schedule. | +| [`operatingSystem`](#parameter-operatingsystem) | string | The operating system to be configured by the deployment schedule. | +| [`rebootSetting`](#parameter-rebootsetting) | string | Reboot setting for the deployment schedule. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `automationAccountName` | string | The name of the parent Automation Account. Required if the template is used in a standalone deployment. | +| [`automationAccountName`](#parameter-automationaccountname) | string | The name of the parent Automation Account. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `azureVirtualMachines` | array | `[]` | | List of azure resource IDs for azure virtual machines in scope for the deployment schedule. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `excludeUpdates` | array | `[]` | | KB numbers or Linux packages excluded in the deployment schedule. | -| `expiryTime` | string | `''` | | The end time of the deployment schedule in ISO 8601 format. YYYY-MM-DDTHH:MM:SS, 2021-12-31T23:00:00. | -| `expiryTimeOffsetMinutes` | int | `0` | | The expiry time's offset in minutes. | -| `includeUpdates` | array | `[]` | | KB numbers or Linux packages included in the deployment schedule. | -| `interval` | int | `1` | | The interval of the frequency for the deployment schedule. 1 Hour is every hour, 2 Day is every second day, etc. | -| `isEnabled` | bool | `True` | | Enables the deployment schedule. | -| `maintenanceWindow` | string | `'PT2H'` | | Maximum time allowed for the deployment schedule to run. Duration needs to be specified using the format PT[n]H[n]M[n]S as per ISO8601. | -| `monthDays` | array | `[]` | `[1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31]` | Can be used with frequency 'Month'. Provides the specific days of the month to run the deployment schedule. | -| `monthlyOccurrences` | array | `[]` | | Can be used with frequency 'Month'. Provides the pattern/cadence for running the deployment schedule in a month. Takes objects formed like this {occurance(int),day(string)}. Day is the name of the day to run the deployment schedule, the occurance specifies which occurance of that day to run the deployment schedule. | -| `nextRun` | string | `''` | | The next time the deployment schedule runs in ISO 8601 format. YYYY-MM-DDTHH:MM:SS, 2021-12-31T23:00:00. | -| `nextRunOffsetMinutes` | int | `0` | | The next run's offset in minutes. | -| `nonAzureComputerNames` | array | `[]` | | List of names of non-azure machines in scope for the deployment schedule. | -| `nonAzureQueries` | array | `[]` | | Array of functions from a Log Analytics workspace, used to scope the deployment schedule. | -| `postTaskParameters` | object | `{object}` | | Parameters provided to the task running after the deployment schedule. | -| `postTaskSource` | string | `''` | | The source of the task running after the deployment schedule. | -| `preTaskParameters` | object | `{object}` | | Parameters provided to the task running before the deployment schedule. | -| `preTaskSource` | string | `''` | | The source of the task running before the deployment schedule. | -| `scheduleDescription` | string | `''` | | The schedules description. | -| `scopeByLocations` | array | `[]` | | Specify locations to which to scope the deployment schedule to. | -| `scopeByResources` | array | `[[subscription().id]]` | | Specify the resources to scope the deployment schedule to. | -| `scopeByTags` | object | `{object}` | | Specify tags to which to scope the deployment schedule to. | -| `scopeByTagsOperation` | string | `'All'` | `[All, Any]` | Enables the scopeByTags to require All (Tag A and Tag B) or Any (Tag A or Tag B). | -| `startTime` | string | `''` | | The start time of the deployment schedule in ISO 8601 format. To specify a specific time use YYYY-MM-DDTHH:MM:SS, 2021-12-31T23:00:00. For schedules where we want to start the deployment as soon as possible, specify the time segment only in 24 hour format, HH:MM, 22:00. | -| `timeZone` | string | `'UTC'` | | Time zone for the deployment schedule. IANA ID or a Windows Time Zone ID. | -| `updateClassifications` | array | `[Critical, Security]` | `[Critical, Definition, FeaturePack, Other, Security, ServicePack, Tools, UpdateRollup, Updates]` | Update classification included in the deployment schedule. | -| `weekDays` | array | `[]` | `[Friday, Monday, Saturday, Sunday, Thursday, Tuesday, Wednesday]` | Required when used with frequency 'Week'. Specified the day of the week to run the deployment schedule. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`azureVirtualMachines`](#parameter-azurevirtualmachines) | array | List of azure resource IDs for azure virtual machines in scope for the deployment schedule. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`excludeUpdates`](#parameter-excludeupdates) | array | KB numbers or Linux packages excluded in the deployment schedule. | +| [`expiryTime`](#parameter-expirytime) | string | The end time of the deployment schedule in ISO 8601 format. YYYY-MM-DDTHH:MM:SS, 2021-12-31T23:00:00. | +| [`expiryTimeOffsetMinutes`](#parameter-expirytimeoffsetminutes) | int | The expiry time's offset in minutes. | +| [`includeUpdates`](#parameter-includeupdates) | array | KB numbers or Linux packages included in the deployment schedule. | +| [`interval`](#parameter-interval) | int | The interval of the frequency for the deployment schedule. 1 Hour is every hour, 2 Day is every second day, etc. | +| [`isEnabled`](#parameter-isenabled) | bool | Enables the deployment schedule. | +| [`maintenanceWindow`](#parameter-maintenancewindow) | string | Maximum time allowed for the deployment schedule to run. Duration needs to be specified using the format PT[n]H[n]M[n]S as per ISO8601. | +| [`monthDays`](#parameter-monthdays) | array | Can be used with frequency 'Month'. Provides the specific days of the month to run the deployment schedule. | +| [`monthlyOccurrences`](#parameter-monthlyoccurrences) | array | Can be used with frequency 'Month'. Provides the pattern/cadence for running the deployment schedule in a month. Takes objects formed like this {occurance(int),day(string)}. Day is the name of the day to run the deployment schedule, the occurance specifies which occurance of that day to run the deployment schedule. | +| [`nextRun`](#parameter-nextrun) | string | The next time the deployment schedule runs in ISO 8601 format. YYYY-MM-DDTHH:MM:SS, 2021-12-31T23:00:00. | +| [`nextRunOffsetMinutes`](#parameter-nextrunoffsetminutes) | int | The next run's offset in minutes. | +| [`nonAzureComputerNames`](#parameter-nonazurecomputernames) | array | List of names of non-azure machines in scope for the deployment schedule. | +| [`nonAzureQueries`](#parameter-nonazurequeries) | array | Array of functions from a Log Analytics workspace, used to scope the deployment schedule. | +| [`postTaskParameters`](#parameter-posttaskparameters) | object | Parameters provided to the task running after the deployment schedule. | +| [`postTaskSource`](#parameter-posttasksource) | string | The source of the task running after the deployment schedule. | +| [`preTaskParameters`](#parameter-pretaskparameters) | object | Parameters provided to the task running before the deployment schedule. | +| [`preTaskSource`](#parameter-pretasksource) | string | The source of the task running before the deployment schedule. | +| [`scheduleDescription`](#parameter-scheduledescription) | string | The schedules description. | +| [`scopeByLocations`](#parameter-scopebylocations) | array | Specify locations to which to scope the deployment schedule to. | +| [`scopeByResources`](#parameter-scopebyresources) | array | Specify the resources to scope the deployment schedule to. | +| [`scopeByTags`](#parameter-scopebytags) | object | Specify tags to which to scope the deployment schedule to. | +| [`scopeByTagsOperation`](#parameter-scopebytagsoperation) | string | Enables the scopeByTags to require All (Tag A and Tag B) or Any (Tag A or Tag B). | +| [`startTime`](#parameter-starttime) | string | The start time of the deployment schedule in ISO 8601 format. To specify a specific time use YYYY-MM-DDTHH:MM:SS, 2021-12-31T23:00:00. For schedules where we want to start the deployment as soon as possible, specify the time segment only in 24 hour format, HH:MM, 22:00. | +| [`timeZone`](#parameter-timezone) | string | Time zone for the deployment schedule. IANA ID or a Windows Time Zone ID. | +| [`updateClassifications`](#parameter-updateclassifications) | array | Update classification included in the deployment schedule. | +| [`weekDays`](#parameter-weekdays) | array | Required when used with frequency 'Week'. Specified the day of the week to run the deployment schedule. | **Generated parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `baseTime` | string | `[utcNow('u')]` | Do not touch. Is used to provide the base time for time comparison for startTime. If startTime is specified in HH:MM format, baseTime is used to check if the provided startTime has passed, adding one day before setting the deployment schedule. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`baseTime`](#parameter-basetime) | string | Do not touch. Is used to provide the base time for time comparison for startTime. If startTime is specified in HH:MM format, baseTime is used to check if the provided startTime has passed, adding one day before setting the deployment schedule. | + +### Parameter: `automationAccountName` + +The name of the parent Automation Account. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `azureVirtualMachines` + +List of azure resource IDs for azure virtual machines in scope for the deployment schedule. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `baseTime` + +Do not touch. Is used to provide the base time for time comparison for startTime. If startTime is specified in HH:MM format, baseTime is used to check if the provided startTime has passed, adding one day before setting the deployment schedule. +- Required: No +- Type: string +- Default: `[utcNow('u')]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `excludeUpdates` + +KB numbers or Linux packages excluded in the deployment schedule. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `expiryTime` + +The end time of the deployment schedule in ISO 8601 format. YYYY-MM-DDTHH:MM:SS, 2021-12-31T23:00:00. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `expiryTimeOffsetMinutes` + +The expiry time's offset in minutes. +- Required: No +- Type: int +- Default: `0` + +### Parameter: `frequency` + +The frequency of the deployment schedule. When using 'Hour', 'Day', 'Week' or 'Month', an interval needs to be provided. +- Required: Yes +- Type: string +- Allowed: `[Day, Hour, Month, OneTime, Week]` + +### Parameter: `includeUpdates` + +KB numbers or Linux packages included in the deployment schedule. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `interval` + +The interval of the frequency for the deployment schedule. 1 Hour is every hour, 2 Day is every second day, etc. +- Required: No +- Type: int +- Default: `1` + +### Parameter: `isEnabled` + +Enables the deployment schedule. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `maintenanceWindow` + +Maximum time allowed for the deployment schedule to run. Duration needs to be specified using the format PT[n]H[n]M[n]S as per ISO8601. +- Required: No +- Type: string +- Default: `'PT2H'` + +### Parameter: `monthDays` + +Can be used with frequency 'Month'. Provides the specific days of the month to run the deployment schedule. +- Required: No +- Type: array +- Default: `[]` +- Allowed: `[1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31]` + +### Parameter: `monthlyOccurrences` + +Can be used with frequency 'Month'. Provides the pattern/cadence for running the deployment schedule in a month. Takes objects formed like this {occurance(int),day(string)}. Day is the name of the day to run the deployment schedule, the occurance specifies which occurance of that day to run the deployment schedule. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `name` + +The name of the Deployment schedule. +- Required: Yes +- Type: string + +### Parameter: `nextRun` + +The next time the deployment schedule runs in ISO 8601 format. YYYY-MM-DDTHH:MM:SS, 2021-12-31T23:00:00. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `nextRunOffsetMinutes` + +The next run's offset in minutes. +- Required: No +- Type: int +- Default: `0` + +### Parameter: `nonAzureComputerNames` + +List of names of non-azure machines in scope for the deployment schedule. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `nonAzureQueries` + +Array of functions from a Log Analytics workspace, used to scope the deployment schedule. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `operatingSystem` + +The operating system to be configured by the deployment schedule. +- Required: Yes +- Type: string +- Allowed: `[Linux, Windows]` + +### Parameter: `postTaskParameters` + +Parameters provided to the task running after the deployment schedule. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `postTaskSource` + +The source of the task running after the deployment schedule. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `preTaskParameters` + +Parameters provided to the task running before the deployment schedule. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `preTaskSource` + +The source of the task running before the deployment schedule. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `rebootSetting` + +Reboot setting for the deployment schedule. +- Required: Yes +- Type: string +- Allowed: `[Always, IfRequired, Never, RebootOnly]` + +### Parameter: `scheduleDescription` + +The schedules description. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `scopeByLocations` + +Specify locations to which to scope the deployment schedule to. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `scopeByResources` + +Specify the resources to scope the deployment schedule to. +- Required: No +- Type: array +- Default: `[[subscription().id]]` + +### Parameter: `scopeByTags` + +Specify tags to which to scope the deployment schedule to. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `scopeByTagsOperation` + +Enables the scopeByTags to require All (Tag A and Tag B) or Any (Tag A or Tag B). +- Required: No +- Type: string +- Default: `'All'` +- Allowed: `[All, Any]` + +### Parameter: `startTime` + +The start time of the deployment schedule in ISO 8601 format. To specify a specific time use YYYY-MM-DDTHH:MM:SS, 2021-12-31T23:00:00. For schedules where we want to start the deployment as soon as possible, specify the time segment only in 24 hour format, HH:MM, 22:00. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `timeZone` + +Time zone for the deployment schedule. IANA ID or a Windows Time Zone ID. +- Required: No +- Type: string +- Default: `'UTC'` + +### Parameter: `updateClassifications` + +Update classification included in the deployment schedule. +- Required: No +- Type: array +- Default: `[Critical, Security]` +- Allowed: `[Critical, Definition, FeaturePack, Other, Security, ServicePack, Tools, UpdateRollup, Updates]` + +### Parameter: `weekDays` + +Required when used with frequency 'Week'. Specified the day of the week to run the deployment schedule. +- Required: No +- Type: array +- Default: `[]` +- Allowed: `[Friday, Monday, Saturday, Sunday, Thursday, Tuesday, Wednesday]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed softwareUpdateConfiguration. | | `resourceGroupName` | string | The resource group of the deployed softwareUpdateConfiguration. | diff --git a/modules/automation/automation-account/software-update-configuration/main.json b/modules/automation/automation-account/software-update-configuration/main.json index f4305ddbf8..14b2d33ac1 100644 --- a/modules/automation/automation-account/software-update-configuration/main.json +++ b/modules/automation/automation-account/software-update-configuration/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "11844327136869535634" + "version": "0.22.6.54827", + "templateHash": "10775503419002427646" }, "name": "Automation Account Software Update Configurations", "description": "This module deploys an Azure Automation Account Software Update Configuration.", diff --git a/modules/automation/automation-account/variable/README.md b/modules/automation/automation-account/variable/README.md index a3356c0f6a..99ec5a4985 100644 --- a/modules/automation/automation-account/variable/README.md +++ b/modules/automation/automation-account/variable/README.md @@ -20,29 +20,68 @@ This module deploys an Azure Automation Account Variable. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the variable. | -| `value` | securestring | The value of the variable. For security best practices, this value is always passed as a secure string as it could contain an encrypted value when the "isEncrypted" property is set to true. | +| [`name`](#parameter-name) | string | The name of the variable. | +| [`value`](#parameter-value) | securestring | The value of the variable. For security best practices, this value is always passed as a secure string as it could contain an encrypted value when the "isEncrypted" property is set to true. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `automationAccountName` | string | The name of the parent Automation Account. Required if the template is used in a standalone deployment. | +| [`automationAccountName`](#parameter-automationaccountname) | string | The name of the parent Automation Account. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `description` | string | `''` | The description of the variable. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via a Globally Unique Identifier (GUID). | -| `isEncrypted` | bool | `True` | If the variable should be encrypted. For security reasons encryption of variables should be enabled. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`description`](#parameter-description) | string | The description of the variable. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`isEncrypted`](#parameter-isencrypted) | bool | If the variable should be encrypted. For security reasons encryption of variables should be enabled. | + +### Parameter: `automationAccountName` + +The name of the parent Automation Account. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `description` + +The description of the variable. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `isEncrypted` + +If the variable should be encrypted. For security reasons encryption of variables should be enabled. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `name` + +The name of the variable. +- Required: Yes +- Type: string + +### Parameter: `value` + +The value of the variable. For security best practices, this value is always passed as a secure string as it could contain an encrypted value when the "isEncrypted" property is set to true. +- Required: Yes +- Type: securestring ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed variable. | | `resourceGroupName` | string | The resource group of the deployed variable. | diff --git a/modules/automation/automation-account/variable/main.json b/modules/automation/automation-account/variable/main.json index e0ffc7ec3a..333cb278b4 100644 --- a/modules/automation/automation-account/variable/main.json +++ b/modules/automation/automation-account/variable/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.20.4.51522", - "templateHash": "17684191295648041474" + "version": "0.22.6.54827", + "templateHash": "17400819380217562013" }, "name": "Automation Account Variables", "description": "This module deploys an Azure Automation Account Variable.", diff --git a/modules/batch/batch-account/.test/common/main.test.bicep b/modules/batch/batch-account/.test/common/main.test.bicep index d90c14f14e..54e95332e1 100644 --- a/modules/batch/batch-account/.test/common/main.test.bicep +++ b/modules/batch/batch-account/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/batch/batch-account/.test/min/main.test.bicep b/modules/batch/batch-account/.test/min/main.test.bicep index c92b18d8ab..7c813c5976 100644 --- a/modules/batch/batch-account/.test/min/main.test.bicep +++ b/modules/batch/batch-account/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using Maximum Parameters' +metadata description = 'This instance deploys the module with the large set of possible parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/batch/batch-account/README.md b/modules/batch/batch-account/README.md index cf3dd26a6c..5973940d4e 100644 --- a/modules/batch/batch-account/README.md +++ b/modules/batch/batch-account/README.md @@ -4,13 +4,13 @@ This module deploys a Batch Account. ## Navigation -- [Resource types](#Resource-types) +- [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) -## Resource types +## Resource Types | Resource Type | API Version | | :-- | :-- | @@ -21,83 +21,30 @@ This module deploys a Batch Account. | `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | Name of the Azure Batch. | -| `storageAccountId` | string | The resource ID of the storage account to be used for auto-storage account. | - -**Conditional parameters** - -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `cMKKeyVaultResourceId` | string | `''` | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. | -| `keyVaultReferenceResourceId` | string | `''` | The key vault to associate with the Batch account. Required if the 'poolAllocationMode' is set to 'UserSubscription' and requires the service principal 'Microsoft Azure Batch' to be granted contributor permissions on this key vault. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `allowedAuthenticationModes` | array | `[]` | `[AAD, SharedKey, TaskAuthenticationToken]` | List of allowed authentication modes for the Batch account that can be used to authenticate with the data plane. | -| `cMKKeyName` | string | `''` | | The name of the customer managed key to use for encryption. | -| `cMKKeyVersion` | string | `''` | | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, ServiceLog]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `networkProfileAllowedIpRanges` | array | `[]` | | Array of IP ranges to filter client IP address. It is only applicable when publicNetworkAccess is not explicitly disabled. | -| `networkProfileDefaultAction` | string | `'Deny'` | `[Allow, Deny]` | The network profile default action for endpoint access. It is only applicable when publicNetworkAccess is not explicitly disabled. | -| `poolAllocationMode` | string | `'BatchService'` | `[BatchService, UserSubscription]` | The allocation mode for creating pools in the Batch account. Determines which quota will be used. | -| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| `publicNetworkAccess` | string | `''` | `['', Disabled, Enabled]` | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and networkProfileAllowedIpRanges are not set. | -| `storageAccessIdentity` | string | `''` | | The resource ID of a user assigned identity assigned to pools which have compute nodes that need access to auto-storage. | -| `storageAuthenticationMode` | string | `'StorageKeys'` | `[BatchAccountManagedIdentity, StorageKeys]` | The authentication mode which the Batch service will use to manage the auto-storage account. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | - +## Usage examples -## Outputs +The following module usage examples are retrieved from the content of the files hosted in the module's `tests` folder. + >**Note**: The name of each example is based on the name of the file from which it is taken. -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the batch account. | -| `resourceGroupName` | string | The resource group the batch account was deployed into. | -| `resourceId` | string | The resource ID of the batch account. | + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -## Cross-referenced modules + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/batch.batch-account:1.0.0`. -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). +- [Using only defaults](#example-1-using-only-defaults) +- [Encr](#example-2-encr) +- [Using Maximum Parameters](#example-3-using-maximum-parameters) -| Reference | Type | -| :-- | :-- | -| `network/private-endpoint` | Local reference | +### Example 1: _Using only defaults_ -## Deployment examples +This instance deploys the module with the minimum set of required parameters. -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

via Bicep module ```bicep -module batchAccount './batch/batch-account/main.bicep' = { +module batchAccount 'br:bicep/modules/batch.batch-account:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-bbacom' params: { // Required parameters @@ -239,14 +186,14 @@ module batchAccount './batch/batch-account/main.bicep' = {

-

Example 2: Encr

+### Example 2: _Encr_
via Bicep module ```bicep -module batchAccount './batch/batch-account/main.bicep' = { +module batchAccount 'br:bicep/modules/batch.batch-account:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-bbaencr' params: { // Required parameters @@ -362,14 +309,17 @@ module batchAccount './batch/batch-account/main.bicep' = {

-

Example 3: Min

+### Example 3: _Using Maximum Parameters_ + +This instance deploys the module with the large set of possible parameters. +
via Bicep module ```bicep -module batchAccount './batch/batch-account/main.bicep' = { +module batchAccount 'br:bicep/modules/batch.batch-account:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-bbamin' params: { // Required parameters @@ -410,3 +360,257 @@ module batchAccount './batch/batch-account/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the Azure Batch. | +| [`storageAccountId`](#parameter-storageaccountid) | string | The resource ID of the storage account to be used for auto-storage account. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`cMKKeyVaultResourceId`](#parameter-cmkkeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. | +| [`keyVaultReferenceResourceId`](#parameter-keyvaultreferenceresourceid) | string | The key vault to associate with the Batch account. Required if the 'poolAllocationMode' is set to 'UserSubscription' and requires the service principal 'Microsoft Azure Batch' to be granted contributor permissions on this key vault. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`allowedAuthenticationModes`](#parameter-allowedauthenticationmodes) | array | List of allowed authentication modes for the Batch account that can be used to authenticate with the data plane. | +| [`cMKKeyName`](#parameter-cmkkeyname) | string | The name of the customer managed key to use for encryption. | +| [`cMKKeyVersion`](#parameter-cmkkeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`networkProfileAllowedIpRanges`](#parameter-networkprofileallowedipranges) | array | Array of IP ranges to filter client IP address. It is only applicable when publicNetworkAccess is not explicitly disabled. | +| [`networkProfileDefaultAction`](#parameter-networkprofiledefaultaction) | string | The network profile default action for endpoint access. It is only applicable when publicNetworkAccess is not explicitly disabled. | +| [`poolAllocationMode`](#parameter-poolallocationmode) | string | The allocation mode for creating pools in the Batch account. Determines which quota will be used. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and networkProfileAllowedIpRanges are not set. | +| [`storageAccessIdentity`](#parameter-storageaccessidentity) | string | The resource ID of a user assigned identity assigned to pools which have compute nodes that need access to auto-storage. | +| [`storageAuthenticationMode`](#parameter-storageauthenticationmode) | string | The authentication mode which the Batch service will use to manage the auto-storage account. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | + +### Parameter: `allowedAuthenticationModes` + +List of allowed authentication modes for the Batch account that can be used to authenticate with the data plane. +- Required: No +- Type: array +- Default: `[]` +- Allowed: `[AAD, SharedKey, TaskAuthenticationToken]` + +### Parameter: `cMKKeyName` + +The name of the customer managed key to use for encryption. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKKeyVaultResourceId` + +The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `cMKKeyVersion` + +The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, ServiceLog]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `keyVaultReferenceResourceId` + +The key vault to associate with the Batch account. Required if the 'poolAllocationMode' is set to 'UserSubscription' and requires the service principal 'Microsoft Azure Batch' to be granted contributor permissions on this key vault. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Name of the Azure Batch. +- Required: Yes +- Type: string + +### Parameter: `networkProfileAllowedIpRanges` + +Array of IP ranges to filter client IP address. It is only applicable when publicNetworkAccess is not explicitly disabled. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `networkProfileDefaultAction` + +The network profile default action for endpoint access. It is only applicable when publicNetworkAccess is not explicitly disabled. +- Required: No +- Type: string +- Default: `'Deny'` +- Allowed: `[Allow, Deny]` + +### Parameter: `poolAllocationMode` + +The allocation mode for creating pools in the Batch account. Determines which quota will be used. +- Required: No +- Type: string +- Default: `'BatchService'` +- Allowed: `[BatchService, UserSubscription]` + +### Parameter: `privateEndpoints` + +Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `publicNetworkAccess` + +Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and networkProfileAllowedIpRanges are not set. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Disabled, Enabled]` + +### Parameter: `storageAccessIdentity` + +The resource ID of a user assigned identity assigned to pools which have compute nodes that need access to auto-storage. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `storageAccountId` + +The resource ID of the storage account to be used for auto-storage account. +- Required: Yes +- Type: string + +### Parameter: `storageAuthenticationMode` + +The authentication mode which the Batch service will use to manage the auto-storage account. +- Required: No +- Type: string +- Default: `'StorageKeys'` +- Allowed: `[BatchAccountManagedIdentity, StorageKeys]` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the batch account. | +| `resourceGroupName` | string | The resource group the batch account was deployed into. | +| `resourceId` | string | The resource ID of the batch account. | + +## Cross-referenced modules + +_None_ diff --git a/modules/batch/batch-account/main.json b/modules/batch/batch-account/main.json index a114631351..0253e6c50b 100644 --- a/modules/batch/batch-account/main.json +++ b/modules/batch/batch-account/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8956575251332566079" + "version": "0.22.6.54827", + "templateHash": "12201052807403978225" }, "name": "Batch Accounts", "description": "This module deploys a Batch Account.", @@ -391,8 +391,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14580007913383558904" + "version": "0.22.6.54827", + "templateHash": "2884140170473394983" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -591,8 +591,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2469208411936339153" + "version": "0.22.6.54827", + "templateHash": "5610247137574346230" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -729,8 +729,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.22.6.54827", + "templateHash": "14351187799927334028" } }, "parameters": { diff --git a/modules/cache/redis-enterprise/.test/common/main.test.bicep b/modules/cache/redis-enterprise/.test/common/main.test.bicep index fe85adb34b..b1f24303f4 100644 --- a/modules/cache/redis-enterprise/.test/common/main.test.bicep +++ b/modules/cache/redis-enterprise/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/cache/redis-enterprise/.test/min/main.test.bicep b/modules/cache/redis-enterprise/.test/min/main.test.bicep index dfe3f24c13..6d6d533981 100644 --- a/modules/cache/redis-enterprise/.test/min/main.test.bicep +++ b/modules/cache/redis-enterprise/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using Maximum Parameters' +metadata description = 'This instance deploys the module with the large set of possible parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/cache/redis-enterprise/README.md b/modules/cache/redis-enterprise/README.md index 4421956599..8b53290b88 100644 --- a/modules/cache/redis-enterprise/README.md +++ b/modules/cache/redis-enterprise/README.md @@ -5,10 +5,10 @@ This module deploys a Redis Cache Enterprise. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -22,71 +22,30 @@ This module deploys a Redis Cache Enterprise. | `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) | -## Parameters - -**Required parameters** +## Usage examples -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the Redis Cache Enterprise resource. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `capacity` | int | `2` | | The size of the Redis Enterprise Cluster. Defaults to 2. Valid values are (2, 4, 6, ...) for Enterprise SKUs and (3, 9, 15, ...) for Flash SKUs. | -| `databases` | array | `[]` | | The databases to create in the Redis Cache Enterprise Cluster. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `diagnosticLogCategoriesToEnable` | array | `[]` | `['', audit, ConnectionEvents]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource, but currently not supported for Redis Cache Enterprise. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `location` | string | `[resourceGroup().location]` | | The geo-location where the resource lives. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `minimumTlsVersion` | string | `'1.2'` | `[1.0, 1.1, 1.2]` | Requires clients to use a specified TLS version (or higher) to connect. | -| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `skuName` | string | `'Enterprise_E10'` | `[Enterprise_E10, Enterprise_E100, Enterprise_E20, Enterprise_E50, EnterpriseFlash_F1500, EnterpriseFlash_F300, EnterpriseFlash_F700]` | The type of Redis Enterprise Cluster to deploy. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `zoneRedundant` | bool | `True` | | When true, the cluster will be deployed across availability zones. | - - -## Outputs +The following module usage examples are retrieved from the content of the files hosted in the module's `tests` folder. + >**Note**: The name of each example is based on the name of the file from which it is taken. -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `hostName` | string | Redis hostname. | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the redis cache enterprise. | -| `resourceGroupName` | string | The name of the resource group the redis cache enterprise was created in. | -| `resourceId` | string | The resource ID of the redis cache enterprise. | + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -## Cross-referenced modules + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/cache.redis-enterprise:1.0.0`. -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). +- [Using only defaults](#example-1-using-only-defaults) +- [Geo](#example-2-geo) +- [Using Maximum Parameters](#example-3-using-maximum-parameters) -| Reference | Type | -| :-- | :-- | -| `network/private-endpoint` | Local reference | +### Example 1: _Using only defaults_ -## Deployment examples +This instance deploys the module with the minimum set of required parameters. -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

via Bicep module ```bicep -module redisEnterprise './cache/redis-enterprise/main.bicep' = { +module redisEnterprise 'br:bicep/modules/cache.redis-enterprise:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-crecom' params: { // Required parameters @@ -264,14 +223,14 @@ module redisEnterprise './cache/redis-enterprise/main.bicep' = {

-

Example 2: Geo

+### Example 2: _Geo_
via Bicep module ```bicep -module redisEnterprise './cache/redis-enterprise/main.bicep' = { +module redisEnterprise 'br:bicep/modules/cache.redis-enterprise:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cregeo' params: { // Required parameters @@ -385,14 +344,17 @@ module redisEnterprise './cache/redis-enterprise/main.bicep' = {

-

Example 3: Min

+### Example 3: _Using Maximum Parameters_ + +This instance deploys the module with the large set of possible parameters. +
via Bicep module ```bicep -module redisEnterprise './cache/redis-enterprise/main.bicep' = { +module redisEnterprise 'br:bicep/modules/cache.redis-enterprise:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cremin' params: { // Required parameters @@ -429,3 +391,187 @@ module redisEnterprise './cache/redis-enterprise/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the Redis Cache Enterprise resource. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`capacity`](#parameter-capacity) | int | The size of the Redis Enterprise Cluster. Defaults to 2. Valid values are (2, 4, 6, ...) for Enterprise SKUs and (3, 9, 15, ...) for Flash SKUs. | +| [`databases`](#parameter-databases) | array | The databases to create in the Redis Cache Enterprise Cluster. | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource, but currently not supported for Redis Cache Enterprise. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`location`](#parameter-location) | string | The geo-location where the resource lives. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`minimumTlsVersion`](#parameter-minimumtlsversion) | string | Requires clients to use a specified TLS version (or higher) to connect. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`skuName`](#parameter-skuname) | string | The type of Redis Enterprise Cluster to deploy. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`zoneRedundant`](#parameter-zoneredundant) | bool | When true, the cluster will be deployed across availability zones. | + +### Parameter: `capacity` + +The size of the Redis Enterprise Cluster. Defaults to 2. Valid values are (2, 4, 6, ...) for Enterprise SKUs and (3, 9, 15, ...) for Flash SKUs. +- Required: No +- Type: int +- Default: `2` + +### Parameter: `databases` + +The databases to create in the Redis Cache Enterprise Cluster. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource, but currently not supported for Redis Cache Enterprise. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[]` +- Allowed: `['', audit, ConnectionEvents]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +The geo-location where the resource lives. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `minimumTlsVersion` + +Requires clients to use a specified TLS version (or higher) to connect. +- Required: No +- Type: string +- Default: `'1.2'` +- Allowed: `[1.0, 1.1, 1.2]` + +### Parameter: `name` + +The name of the Redis Cache Enterprise resource. +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints` + +Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `skuName` + +The type of Redis Enterprise Cluster to deploy. +- Required: No +- Type: string +- Default: `'Enterprise_E10'` +- Allowed: `[Enterprise_E10, Enterprise_E100, Enterprise_E20, Enterprise_E50, EnterpriseFlash_F1500, EnterpriseFlash_F300, EnterpriseFlash_F700]` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `zoneRedundant` + +When true, the cluster will be deployed across availability zones. +- Required: No +- Type: bool +- Default: `True` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `hostName` | string | Redis hostname. | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the redis cache enterprise. | +| `resourceGroupName` | string | The name of the resource group the redis cache enterprise was created in. | +| `resourceId` | string | The resource ID of the redis cache enterprise. | + +## Cross-referenced modules + +_None_ diff --git a/modules/cache/redis-enterprise/database/README.md b/modules/cache/redis-enterprise/database/README.md index b685df1716..7f0d3120d2 100644 --- a/modules/cache/redis-enterprise/database/README.md +++ b/modules/cache/redis-enterprise/database/README.md @@ -20,31 +20,126 @@ This module deploys a Redis Cache Enterprise Database. **Conditional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `persistenceAofFrequency` | string | `''` | `['', 1s, always]` | Sets the frequency at which data is written to disk. Required if AOF persistence is enabled. | -| `persistenceRdbFrequency` | string | `''` | `['', 12h, 1h, 6h]` | Sets the frequency at which a snapshot of the database is created. Required if RDB persistence is enabled. | -| `redisCacheEnterpriseName` | string | | | The name of the parent Redis Cache Enterprise Cluster. Required if the template is used in a standalone deployment. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`persistenceAofFrequency`](#parameter-persistenceaoffrequency) | string | Sets the frequency at which data is written to disk. Required if AOF persistence is enabled. | +| [`persistenceRdbFrequency`](#parameter-persistencerdbfrequency) | string | Sets the frequency at which a snapshot of the database is created. Required if RDB persistence is enabled. | +| [`redisCacheEnterpriseName`](#parameter-rediscacheenterprisename) | string | The name of the parent Redis Cache Enterprise Cluster. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `clientProtocol` | string | `'Encrypted'` | `[Encrypted, Plaintext]` | Specifies whether redis clients can connect using TLS-encrypted or plaintext redis protocols. Default is TLS-encrypted. | -| `clusteringPolicy` | string | `'OSSCluster'` | `[EnterpriseCluster, OSSCluster]` | Specifies the clustering policy to enable at creation time of the Redis Cache Enterprise Cluster. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `evictionPolicy` | string | `'VolatileLRU'` | `[AllKeysLFU, AllKeysLRU, AllKeysRandom, NoEviction, VolatileLFU, VolatileLRU, VolatileRandom, VolatileTTL]` | Redis eviction policy - default is VolatileLRU. | -| `geoReplication` | object | `{object}` | | Optional set of properties to configure geo replication for this database. Geo replication prerequisites must be met. See "https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-how-to-active-geo-replication#active-geo-replication-prerequisites" for more information. | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `modules` | array | `[]` | | Optional set of redis modules to enable in this database - modules can only be added at creation time. | -| `persistenceAofEnabled` | bool | `False` | | Sets whether AOF is enabled. Required if setting AOF frequency. AOF and RDB persistence cannot be enabled at the same time. | -| `persistenceRdbEnabled` | bool | `False` | | Sets whether RDB is enabled. RDB and AOF persistence cannot be enabled at the same time. | -| `port` | int | `-1` | | TCP port of the database endpoint. Specified at create time. Default is (-1) meaning value is not set and defaults to an available port. Current supported port is 10000. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`clientProtocol`](#parameter-clientprotocol) | string | Specifies whether redis clients can connect using TLS-encrypted or plaintext redis protocols. Default is TLS-encrypted. | +| [`clusteringPolicy`](#parameter-clusteringpolicy) | string | Specifies the clustering policy to enable at creation time of the Redis Cache Enterprise Cluster. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`evictionPolicy`](#parameter-evictionpolicy) | string | Redis eviction policy - default is VolatileLRU. | +| [`geoReplication`](#parameter-georeplication) | object | Optional set of properties to configure geo replication for this database. Geo replication prerequisites must be met. See "https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-how-to-active-geo-replication#active-geo-replication-prerequisites" for more information. | +| [`location`](#parameter-location) | string | Location for all resources. | +| [`modules`](#parameter-modules) | array | Optional set of redis modules to enable in this database - modules can only be added at creation time. | +| [`persistenceAofEnabled`](#parameter-persistenceaofenabled) | bool | Sets whether AOF is enabled. Required if setting AOF frequency. AOF and RDB persistence cannot be enabled at the same time. | +| [`persistenceRdbEnabled`](#parameter-persistencerdbenabled) | bool | Sets whether RDB is enabled. RDB and AOF persistence cannot be enabled at the same time. | +| [`port`](#parameter-port) | int | TCP port of the database endpoint. Specified at create time. Default is (-1) meaning value is not set and defaults to an available port. Current supported port is 10000. | + +### Parameter: `clientProtocol` + +Specifies whether redis clients can connect using TLS-encrypted or plaintext redis protocols. Default is TLS-encrypted. +- Required: No +- Type: string +- Default: `'Encrypted'` +- Allowed: `[Encrypted, Plaintext]` + +### Parameter: `clusteringPolicy` + +Specifies the clustering policy to enable at creation time of the Redis Cache Enterprise Cluster. +- Required: No +- Type: string +- Default: `'OSSCluster'` +- Allowed: `[EnterpriseCluster, OSSCluster]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `evictionPolicy` + +Redis eviction policy - default is VolatileLRU. +- Required: No +- Type: string +- Default: `'VolatileLRU'` +- Allowed: `[AllKeysLFU, AllKeysLRU, AllKeysRandom, NoEviction, VolatileLFU, VolatileLRU, VolatileRandom, VolatileTTL]` + +### Parameter: `geoReplication` + +Optional set of properties to configure geo replication for this database. Geo replication prerequisites must be met. See "https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-how-to-active-geo-replication#active-geo-replication-prerequisites" for more information. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `location` + +Location for all resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `modules` + +Optional set of redis modules to enable in this database - modules can only be added at creation time. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `persistenceAofEnabled` + +Sets whether AOF is enabled. Required if setting AOF frequency. AOF and RDB persistence cannot be enabled at the same time. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `persistenceAofFrequency` + +Sets the frequency at which data is written to disk. Required if AOF persistence is enabled. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', 1s, always]` + +### Parameter: `persistenceRdbEnabled` + +Sets whether RDB is enabled. RDB and AOF persistence cannot be enabled at the same time. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `persistenceRdbFrequency` + +Sets the frequency at which a snapshot of the database is created. Required if RDB persistence is enabled. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', 12h, 1h, 6h]` + +### Parameter: `port` + +TCP port of the database endpoint. Specified at create time. Default is (-1) meaning value is not set and defaults to an available port. Current supported port is 10000. +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `redisCacheEnterpriseName` + +The name of the parent Redis Cache Enterprise Cluster. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the deployed database. | | `resourceGroupName` | string | The resource group of the deployed database. | diff --git a/modules/cache/redis-enterprise/database/main.json b/modules/cache/redis-enterprise/database/main.json index 27d234923b..d5698a412b 100644 --- a/modules/cache/redis-enterprise/database/main.json +++ b/modules/cache/redis-enterprise/database/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "16731424701559883139" + "version": "0.22.6.54827", + "templateHash": "8155705065039005753" }, "name": "Redis Cache Enterprise Databases", "description": "This module deploys a Redis Cache Enterprise Database.", diff --git a/modules/cache/redis-enterprise/main.json b/modules/cache/redis-enterprise/main.json index acdc3aa903..0dae10b9b6 100644 --- a/modules/cache/redis-enterprise/main.json +++ b/modules/cache/redis-enterprise/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "8401793883308983497" + "version": "0.22.6.54827", + "templateHash": "15719841187562389936" }, "name": "Redis Cache Enterprise", "description": "This module deploys a Redis Cache Enterprise.", @@ -296,8 +296,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2462654739530119148" + "version": "0.22.6.54827", + "templateHash": "12607572296541142934" } }, "parameters": { @@ -451,8 +451,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "16731424701559883139" + "version": "0.22.6.54827", + "templateHash": "8155705065039005753" }, "name": "Redis Cache Enterprise Databases", "description": "This module deploys a Redis Cache Enterprise Database.", @@ -689,8 +689,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14580007913383558904" + "version": "0.22.6.54827", + "templateHash": "2884140170473394983" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -889,8 +889,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2469208411936339153" + "version": "0.22.6.54827", + "templateHash": "5610247137574346230" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -1027,8 +1027,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.22.6.54827", + "templateHash": "14351187799927334028" } }, "parameters": { diff --git a/modules/cache/redis/.test/common/main.test.bicep b/modules/cache/redis/.test/common/main.test.bicep index 27cba7a79e..9b177c2fd2 100644 --- a/modules/cache/redis/.test/common/main.test.bicep +++ b/modules/cache/redis/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/cache/redis/.test/min/main.test.bicep b/modules/cache/redis/.test/min/main.test.bicep index 21c9108e8a..424f7feb2e 100644 --- a/modules/cache/redis/.test/min/main.test.bicep +++ b/modules/cache/redis/.test/min/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using Maximum Parameters' +metadata description = 'This instance deploys the module with the large set of possible parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/cache/redis/README.md b/modules/cache/redis/README.md index 721d612132..f69967d887 100644 --- a/modules/cache/redis/README.md +++ b/modules/cache/redis/README.md @@ -5,10 +5,10 @@ This module deploys a Redis Cache. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) - [Notes](#Notes) ## Resource Types @@ -22,85 +22,29 @@ This module deploys a Redis Cache. | `Microsoft.Network/privateEndpoints` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints) | | `Microsoft.Network/privateEndpoints/privateDnsZoneGroups` | [2023-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Network/2023-04-01/privateEndpoints/privateDnsZoneGroups) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the Redis cache resource. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `capacity` | int | `1` | `[0, 1, 2, 3, 4, 5, 6]` | The size of the Redis cache to deploy. Valid values: for C (Basic/Standard) family (0, 1, 2, 3, 4, 5, 6), for P (Premium) family (1, 2, 3, 4). | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `diagnosticLogCategoriesToEnable` | array | `[allLogs]` | `['', allLogs, ConnectedClientList]` | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `''` | | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enableNonSslPort` | bool | `False` | | Specifies whether the non-ssl Redis server port (6379) is enabled. | -| `location` | string | `[resourceGroup().location]` | | The location to deploy the Redis cache service. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `minimumTlsVersion` | string | `'1.2'` | `[1.0, 1.1, 1.2]` | Requires clients to use a specified TLS version (or higher) to connect. | -| `privateEndpoints` | array | `[]` | | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| `publicNetworkAccess` | string | `''` | `['', Disabled, Enabled]` | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | -| `redisConfiguration` | object | `{object}` | | All Redis Settings. Few possible keys: rdb-backup-enabled,rdb-storage-connection-string,rdb-backup-frequency,maxmemory-delta,maxmemory-policy,notify-keyspace-events,maxmemory-samples,slowlog-log-slower-than,slowlog-max-len,list-max-ziplist-entries,list-max-ziplist-value,hash-max-ziplist-entries,hash-max-ziplist-value,set-max-intset-entries,zset-max-ziplist-entries,zset-max-ziplist-value etc. | -| `redisVersion` | string | `'6'` | `[4, 6]` | Redis version. Only major version will be used in PUT/PATCH request with current valid values: (4, 6). | -| `replicasPerMaster` | int | `1` | | The number of replicas to be created per primary. | -| `replicasPerPrimary` | int | `1` | | The number of replicas to be created per primary. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `shardCount` | int | `1` | | The number of shards to be created on a Premium Cluster Cache. | -| `skuName` | string | `'Basic'` | `[Basic, Premium, Standard]` | The type of Redis cache to deploy. | -| `staticIP` | string | `''` | | Static IP address. Optionally, may be specified when deploying a Redis cache inside an existing Azure Virtual Network; auto assigned by default. | -| `subnetId` | string | `''` | | The full resource ID of a subnet in a virtual network to deploy the Redis cache in. Example format: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/Microsoft.{Network|ClassicNetwork}/VirtualNetworks/vnet1/subnets/subnet1. | -| `systemAssignedIdentity` | bool | `False` | | Enables system assigned managed identity on the resource. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `tenantSettings` | object | `{object}` | | A dictionary of tenant settings. | -| `userAssignedIdentities` | object | `{object}` | | The ID(s) to assign to the resource. | -| `zoneRedundant` | bool | `True` | | When true, replicas will be provisioned in availability zones specified in the zones parameter. | -| `zones` | array | `[]` | | If the zoneRedundant parameter is true, replicas will be provisioned in the availability zones specified here. Otherwise, the service will choose where replicas are deployed. | - +## Usage examples -## Outputs +The following module usage examples are retrieved from the content of the files hosted in the module's `tests` folder. + >**Note**: The name of each example is based on the name of the file from which it is taken. -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `hostName` | string | Redis hostname. | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the Redis Cache. | -| `resourceGroupName` | string | The name of the resource group the Redis Cache was created in. | -| `resourceId` | string | The resource ID of the Redis Cache. | -| `sslPort` | int | Redis SSL port. | -| `subnetId` | string | The full resource ID of a subnet in a virtual network where the Redis Cache was deployed in. | + >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -## Cross-referenced modules + >**Note**: To reference the module, please use the following syntax `br:bicep/modules/cache.redis:1.0.0`. -This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). +- [Using only defaults](#example-1-using-only-defaults) +- [Using Maximum Parameters](#example-2-using-maximum-parameters) -| Reference | Type | -| :-- | :-- | -| `network/private-endpoint` | Local reference | +### Example 1: _Using only defaults_ -## Deployment examples +This instance deploys the module with the minimum set of required parameters. -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. - >**Note**: The name of each example is based on the name of the file from which it is taken. - - >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. - -

Example 1: Common

via Bicep module ```bicep -module redis './cache/redis/main.bicep' = { +module redis 'br:bicep/modules/cache.redis:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-crcom' params: { // Required parameters @@ -252,14 +196,17 @@ module redis './cache/redis/main.bicep' = {

-

Example 2: Min

+### Example 2: _Using Maximum Parameters_ + +This instance deploys the module with the large set of possible parameters. +
via Bicep module ```bicep -module redis './cache/redis/main.bicep' = { +module redis 'br:bicep/modules/cache.redis:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-crmin' params: { // Required parameters @@ -298,6 +245,290 @@ module redis './cache/redis/main.bicep' = {

+## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | The name of the Redis cache resource. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`capacity`](#parameter-capacity) | int | The size of the Redis cache to deploy. Valid values: for C (Basic/Standard) family (0, 1, 2, 3, 4, 5, 6), for P (Premium) family (1, 2, 3, 4). | +| [`diagnosticEventHubAuthorizationRuleId`](#parameter-diagnosticeventhubauthorizationruleid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`diagnosticEventHubName`](#parameter-diagnosticeventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`diagnosticLogCategoriesToEnable`](#parameter-diagnosticlogcategoriestoenable) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`diagnosticMetricsToEnable`](#parameter-diagnosticmetricstoenable) | array | The name of metrics that will be streamed. | +| [`diagnosticSettingsName`](#parameter-diagnosticsettingsname) | string | The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". | +| [`diagnosticStorageAccountId`](#parameter-diagnosticstorageaccountid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`diagnosticWorkspaceId`](#parameter-diagnosticworkspaceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enableNonSslPort`](#parameter-enablenonsslport) | bool | Specifies whether the non-ssl Redis server port (6379) is enabled. | +| [`location`](#parameter-location) | string | The location to deploy the Redis cache service. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`minimumTlsVersion`](#parameter-minimumtlsversion) | string | Requires clients to use a specified TLS version (or higher) to connect. | +| [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. | +| [`redisConfiguration`](#parameter-redisconfiguration) | object | All Redis Settings. Few possible keys: rdb-backup-enabled,rdb-storage-connection-string,rdb-backup-frequency,maxmemory-delta,maxmemory-policy,notify-keyspace-events,maxmemory-samples,slowlog-log-slower-than,slowlog-max-len,list-max-ziplist-entries,list-max-ziplist-value,hash-max-ziplist-entries,hash-max-ziplist-value,set-max-intset-entries,zset-max-ziplist-entries,zset-max-ziplist-value etc. | +| [`redisVersion`](#parameter-redisversion) | string | Redis version. Only major version will be used in PUT/PATCH request with current valid values: (4, 6). | +| [`replicasPerMaster`](#parameter-replicaspermaster) | int | The number of replicas to be created per primary. | +| [`replicasPerPrimary`](#parameter-replicasperprimary) | int | The number of replicas to be created per primary. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`shardCount`](#parameter-shardcount) | int | The number of shards to be created on a Premium Cluster Cache. | +| [`skuName`](#parameter-skuname) | string | The type of Redis cache to deploy. | +| [`staticIP`](#parameter-staticip) | string | Static IP address. Optionally, may be specified when deploying a Redis cache inside an existing Azure Virtual Network; auto assigned by default. | +| [`subnetId`](#parameter-subnetid) | string | The full resource ID of a subnet in a virtual network to deploy the Redis cache in. Example format: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/Microsoft.{Network|ClassicNetwork}/VirtualNetworks/vnet1/subnets/subnet1. | +| [`systemAssignedIdentity`](#parameter-systemassignedidentity) | bool | Enables system assigned managed identity on the resource. | +| [`tags`](#parameter-tags) | object | Tags of the resource. | +| [`tenantSettings`](#parameter-tenantsettings) | object | A dictionary of tenant settings. | +| [`userAssignedIdentities`](#parameter-userassignedidentities) | object | The ID(s) to assign to the resource. | +| [`zoneRedundant`](#parameter-zoneredundant) | bool | When true, replicas will be provisioned in availability zones specified in the zones parameter. | +| [`zones`](#parameter-zones) | array | If the zoneRedundant parameter is true, replicas will be provisioned in the availability zones specified here. Otherwise, the service will choose where replicas are deployed. | + +### Parameter: `capacity` + +The size of the Redis cache to deploy. Valid values: for C (Basic/Standard) family (0, 1, 2, 3, 4, 5, 6), for P (Premium) family (1, 2, 3, 4). +- Required: No +- Type: int +- Default: `1` +- Allowed: `[0, 1, 2, 3, 4, 5, 6]` + +### Parameter: `diagnosticEventHubAuthorizationRuleId` + +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticEventHubName` + +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticLogCategoriesToEnable` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +- Required: No +- Type: array +- Default: `[allLogs]` +- Allowed: `['', allLogs, ConnectedClientList]` + +### Parameter: `diagnosticMetricsToEnable` + +The name of metrics that will be streamed. +- Required: No +- Type: array +- Default: `[AllMetrics]` +- Allowed: `[AllMetrics]` + +### Parameter: `diagnosticSettingsName` + +The name of the diagnostic setting, if deployed. If left empty, it defaults to "-diagnosticSettings". +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticStorageAccountId` + +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `diagnosticWorkspaceId` + +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableNonSslPort` + +Specifies whether the non-ssl Redis server port (6379) is enabled. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `location` + +The location to deploy the Redis cache service. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `minimumTlsVersion` + +Requires clients to use a specified TLS version (or higher) to connect. +- Required: No +- Type: string +- Default: `'1.2'` +- Allowed: `[1.0, 1.1, 1.2]` + +### Parameter: `name` + +The name of the Redis cache resource. +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints` + +Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `publicNetworkAccess` + +Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', Disabled, Enabled]` + +### Parameter: `redisConfiguration` + +All Redis Settings. Few possible keys: rdb-backup-enabled,rdb-storage-connection-string,rdb-backup-frequency,maxmemory-delta,maxmemory-policy,notify-keyspace-events,maxmemory-samples,slowlog-log-slower-than,slowlog-max-len,list-max-ziplist-entries,list-max-ziplist-value,hash-max-ziplist-entries,hash-max-ziplist-value,set-max-intset-entries,zset-max-ziplist-entries,zset-max-ziplist-value etc. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `redisVersion` + +Redis version. Only major version will be used in PUT/PATCH request with current valid values: (4, 6). +- Required: No +- Type: string +- Default: `'6'` +- Allowed: `[4, 6]` + +### Parameter: `replicasPerMaster` + +The number of replicas to be created per primary. +- Required: No +- Type: int +- Default: `1` + +### Parameter: `replicasPerPrimary` + +The number of replicas to be created per primary. +- Required: No +- Type: int +- Default: `1` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `shardCount` + +The number of shards to be created on a Premium Cluster Cache. +- Required: No +- Type: int +- Default: `1` + +### Parameter: `skuName` + +The type of Redis cache to deploy. +- Required: No +- Type: string +- Default: `'Basic'` +- Allowed: `[Basic, Premium, Standard]` + +### Parameter: `staticIP` + +Static IP address. Optionally, may be specified when deploying a Redis cache inside an existing Azure Virtual Network; auto assigned by default. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `subnetId` + +The full resource ID of a subnet in a virtual network to deploy the Redis cache in. Example format: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/Microsoft.{Network|ClassicNetwork}/VirtualNetworks/vnet1/subnets/subnet1. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `systemAssignedIdentity` + +Enables system assigned managed identity on the resource. +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `tags` + +Tags of the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `tenantSettings` + +A dictionary of tenant settings. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `userAssignedIdentities` + +The ID(s) to assign to the resource. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `zoneRedundant` + +When true, replicas will be provisioned in availability zones specified in the zones parameter. +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `zones` + +If the zoneRedundant parameter is true, replicas will be provisioned in the availability zones specified here. Otherwise, the service will choose where replicas are deployed. +- Required: No +- Type: array +- Default: `[]` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `hostName` | string | Redis hostname. | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the Redis Cache. | +| `resourceGroupName` | string | The name of the resource group the Redis Cache was created in. | +| `resourceId` | string | The resource ID of the Redis Cache. | +| `sslPort` | int | Redis SSL port. | +| `subnetId` | string | The full resource ID of a subnet in a virtual network where the Redis Cache was deployed in. | + +## Cross-referenced modules + +_None_ + ## Notes ### Parameter Usage: `redisConfiguration` diff --git a/modules/cache/redis/main.json b/modules/cache/redis/main.json index ef37e001eb..d503dc74b8 100644 --- a/modules/cache/redis/main.json +++ b/modules/cache/redis/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "9970933369999379119" + "version": "0.22.6.54827", + "templateHash": "5929435185460509109" }, "name": "Redis Cache", "description": "This module deploys a Redis Cache.", @@ -414,8 +414,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "7380162094150397462" + "version": "0.22.6.54827", + "templateHash": "4475888832005151593" } }, "parameters": { @@ -575,8 +575,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "14580007913383558904" + "version": "0.22.6.54827", + "templateHash": "2884140170473394983" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -775,8 +775,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "2469208411936339153" + "version": "0.22.6.54827", + "templateHash": "5610247137574346230" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -913,8 +913,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.21.1.54444", - "templateHash": "13032708393704093995" + "version": "0.22.6.54827", + "templateHash": "14351187799927334028" } }, "parameters": { diff --git a/modules/cdn/profile/.test/common/main.test.bicep b/modules/cdn/profile/.test/common/main.test.bicep index b8413ea964..82d13259b2 100644 --- a/modules/cdn/profile/.test/common/main.test.bicep +++ b/modules/cdn/profile/.test/common/main.test.bicep @@ -1,5 +1,8 @@ targetScope = 'subscription' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' + // ========== // // Parameters // // ========== // diff --git a/modules/cdn/profile/README.md b/modules/cdn/profile/README.md index e3f4d453f2..942a3553a2 100644 --- a/modules/cdn/profile/README.md +++ b/modules/cdn/profile/README.md @@ -5,10 +5,10 @@ This module deploys a CDN Profile. ## Navigation - [Resource Types](#Resource-Types) +- [Usage examples](#Usage-examples) - [Parameters](#Parameters) - [Outputs](#Outputs) - [Cross-referenced modules](#Cross-referenced-modules) -- [Deployment examples](#Deployment-examples) ## Resource Types @@ -28,68 +28,26 @@ This module deploys a CDN Profile. | `Microsoft.Cdn/profiles/ruleSets/rules` | [2023-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Cdn/profiles/ruleSets/rules) | | `Microsoft.Cdn/profiles/secrets` | [2023-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Cdn/profiles/secrets) | -## Parameters - -**Required parameters** - -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `name` | string | | Name of the CDN profile. | -| `sku` | string | `[Custom_Verizon, Premium_AzureFrontDoor, Premium_Verizon, Standard_955BandWidth_ChinaCdn, Standard_Akamai, Standard_AvgBandWidth_ChinaCdn, Standard_AzureFrontDoor, Standard_ChinaCdn, Standard_Microsoft, Standard_Verizon, StandardPlus_955BandWidth_ChinaCdn, StandardPlus_AvgBandWidth_ChinaCdn, StandardPlus_ChinaCdn]` | The pricing tier (defines a CDN provider, feature list and rate) of the CDN profile. | - -**Conditional parameters** - -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `origionGroups` | array | Array of origin group objects. Required if the afdEndpoints is specified. | - -**Optional parameters** - -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `afdEndpoints` | array | `[]` | | Array of AFD endpoint objects. | -| `customDomains` | array | `[]` | | Array of custom domain objects. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `endpointName` | string | `''` | | Name of the endpoint under the profile which is unique globally. | -| `endpointProperties` | object | `{object}` | | Endpoint properties (see https://learn.microsoft.com/en-us/azure/templates/microsoft.cdn/profiles/endpoints?pivots=deployment-language-bicep#endpointproperties for details). | -| `location` | string | `[resourceGroup().location]` | | Location for all Resources. | -| `lock` | string | `''` | `['', CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `originResponseTimeoutSeconds` | int | `60` | | Send and receive timeout on forwarding request to the origin. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `ruleSets` | array | `[]` | | Array of rule set objects. | -| `secrets` | array | `[]` | | Array of secret objects. | -| `tags` | object | `{object}` | | Endpoint tags. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the CDN profile. | -| `profileType` | string | The type of the CDN profile. | -| `resourceGroupName` | string | The resource group where the CDN profile is deployed. | -| `resourceId` | string | The resource ID of the CDN profile. | - -## Cross-referenced modules +## Usage examples -_None_ - -## Deployment examples - -The following module usage examples are retrieved from the content of the files hosted in the module's `.test` folder. +The following module usage examples are retrieved from the content of the files hosted in the module's `tests` folder. >**Note**: The name of each example is based on the name of the file from which it is taken. >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. -

Example 1: Afd

+ >**Note**: To reference the module, please use the following syntax `br:bicep/modules/cdn.profile:1.0.0`. + +- [Afd](#example-1-afd) +- [Using only defaults](#example-2-using-only-defaults) + +### Example 1: _Afd_
via Bicep module ```bicep -module profile './cdn/profile/main.bicep' = { +module profile 'br:bicep/modules/cdn.profile:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cdnpafd' params: { // Required parameters @@ -297,14 +255,17 @@ module profile './cdn/profile/main.bicep' = {

-

Example 2: Common

+### Example 2: _Using only defaults_ + +This instance deploys the module with the minimum set of required parameters. +
via Bicep module ```bicep -module profile './cdn/profile/main.bicep' = { +module profile 'br:bicep/modules/cdn.profile:1.0.0' = { name: '${uniqueString(deployment().name, location)}-test-cdnpcom' params: { // Required parameters @@ -439,3 +400,156 @@ module profile './cdn/profile/main.bicep' = {

+ + +## Parameters + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-name) | string | Name of the CDN profile. | +| [`sku`](#parameter-sku) | string | The pricing tier (defines a CDN provider, feature list and rate) of the CDN profile. | + +**Conditional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`origionGroups`](#parameter-origiongroups) | array | Array of origin group objects. Required if the afdEndpoints is specified. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`afdEndpoints`](#parameter-afdendpoints) | array | Array of AFD endpoint objects. | +| [`customDomains`](#parameter-customdomains) | array | Array of custom domain objects. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`endpointName`](#parameter-endpointname) | string | Name of the endpoint under the profile which is unique globally. | +| [`endpointProperties`](#parameter-endpointproperties) | object | Endpoint properties (see https://learn.microsoft.com/en-us/azure/templates/microsoft.cdn/profiles/endpoints?pivots=deployment-language-bicep#endpointproperties for details). | +| [`location`](#parameter-location) | string | Location for all Resources. | +| [`lock`](#parameter-lock) | string | Specify the type of lock. | +| [`originResponseTimeoutSeconds`](#parameter-originresponsetimeoutseconds) | int | Send and receive timeout on forwarding request to the origin. | +| [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`ruleSets`](#parameter-rulesets) | array | Array of rule set objects. | +| [`secrets`](#parameter-secrets) | array | Array of secret objects. | +| [`tags`](#parameter-tags) | object | Endpoint tags. | + +### Parameter: `afdEndpoints` + +Array of AFD endpoint objects. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `customDomains` + +Array of custom domain objects. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `endpointName` + +Name of the endpoint under the profile which is unique globally. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `endpointProperties` + +Endpoint properties (see https://learn.microsoft.com/en-us/azure/templates/microsoft.cdn/profiles/endpoints?pivots=deployment-language-bicep#endpointproperties for details). +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `location` + +Location for all Resources. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `lock` + +Specify the type of lock. +- Required: No +- Type: string +- Default: `''` +- Allowed: `['', CanNotDelete, ReadOnly]` + +### Parameter: `name` + +Name of the CDN profile. +- Required: Yes +- Type: string + +### Parameter: `originResponseTimeoutSeconds` + +Send and receive timeout on forwarding request to the origin. +- Required: No +- Type: int +- Default: `60` + +### Parameter: `origionGroups` + +Array of origin group objects. Required if the afdEndpoints is specified. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `roleAssignments` + +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `ruleSets` + +Array of rule set objects. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `secrets` + +Array of secret objects. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `sku` + +The pricing tier (defines a CDN provider, feature list and rate) of the CDN profile. +- Required: Yes +- Type: string +- Allowed: `[Custom_Verizon, Premium_AzureFrontDoor, Premium_Verizon, Standard_955BandWidth_ChinaCdn, Standard_Akamai, Standard_AvgBandWidth_ChinaCdn, Standard_AzureFrontDoor, Standard_ChinaCdn, Standard_Microsoft, Standard_Verizon, StandardPlus_955BandWidth_ChinaCdn, StandardPlus_AvgBandWidth_ChinaCdn, StandardPlus_ChinaCdn]` + +### Parameter: `tags` + +Endpoint tags. +- Required: No +- Type: object +- Default: `{object}` + + +## Outputs + +| Output | Type | Description | +| :-- | :-- | :-- | +| `location` | string | The location the resource was deployed into. | +| `name` | string | The name of the CDN profile. | +| `profileType` | string | The type of the CDN profile. | +| `resourceGroupName` | string | The resource group where the CDN profile is deployed. | +| `resourceId` | string | The resource ID of the CDN profile. | + +## Cross-referenced modules + +_None_ diff --git a/modules/cdn/profile/afdEndpoint/README.md b/modules/cdn/profile/afdEndpoint/README.md index 92b71cb16f..6668c13e76 100644 --- a/modules/cdn/profile/afdEndpoint/README.md +++ b/modules/cdn/profile/afdEndpoint/README.md @@ -20,31 +20,87 @@ This module deploys a CDN Profile AFD Endpoint. **Required parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `name` | string | The name of the AFD Endpoint. | +| [`name`](#parameter-name) | string | The name of the AFD Endpoint. | **Conditional parameters** -| Parameter Name | Type | Description | +| Parameter | Type | Description | | :-- | :-- | :-- | -| `profileName` | string | The name of the parent CDN profile. Required if the template is used in a standalone deployment. | +| [`profileName`](#parameter-profilename) | string | The name of the parent CDN profile. Required if the template is used in a standalone deployment. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `autoGeneratedDomainNameLabelScope` | string | `'TenantReuse'` | `[NoReuse, ResourceGroupReuse, SubscriptionReuse, TenantReuse]` | Indicates the endpoint name reuse scope. The default value is TenantReuse. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enabledState` | string | `'Enabled'` | `[Disabled, Enabled]` | Indicates whether the AFD Endpoint is enabled. The default value is Enabled. | -| `location` | string | `[resourceGroup().location]` | | The location of the AFD Endpoint. | -| `routes` | array | `[]` | | The list of routes for this AFD Endpoint. | -| `tags` | object | `{object}` | | The tags of the AFD Endpoint. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`autoGeneratedDomainNameLabelScope`](#parameter-autogenerateddomainnamelabelscope) | string | Indicates the endpoint name reuse scope. The default value is TenantReuse. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enabledState`](#parameter-enabledstate) | string | Indicates whether the AFD Endpoint is enabled. The default value is Enabled. | +| [`location`](#parameter-location) | string | The location of the AFD Endpoint. | +| [`routes`](#parameter-routes) | array | The list of routes for this AFD Endpoint. | +| [`tags`](#parameter-tags) | object | The tags of the AFD Endpoint. | + +### Parameter: `autoGeneratedDomainNameLabelScope` + +Indicates the endpoint name reuse scope. The default value is TenantReuse. +- Required: No +- Type: string +- Default: `'TenantReuse'` +- Allowed: `[NoReuse, ResourceGroupReuse, SubscriptionReuse, TenantReuse]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enabledState` + +Indicates whether the AFD Endpoint is enabled. The default value is Enabled. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `location` + +The location of the AFD Endpoint. +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `name` + +The name of the AFD Endpoint. +- Required: Yes +- Type: string + +### Parameter: `profileName` + +The name of the parent CDN profile. Required if the template is used in a standalone deployment. +- Required: Yes +- Type: string + +### Parameter: `routes` + +The list of routes for this AFD Endpoint. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `tags` + +The tags of the AFD Endpoint. +- Required: No +- Type: object +- Default: `{object}` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the AFD Endpoint. | diff --git a/modules/cdn/profile/afdEndpoint/route/README.md b/modules/cdn/profile/afdEndpoint/route/README.md index ee07973325..5b63f03281 100644 --- a/modules/cdn/profile/afdEndpoint/route/README.md +++ b/modules/cdn/profile/afdEndpoint/route/README.md @@ -19,33 +19,139 @@ This module deploys a CDN Profile AFD Endpoint route. **Required parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `afdEndpointName` | string | | The name of the AFD endpoint. | -| `name` | string | | The name of the route. | -| `originGroupName` | string | `''` | The name of the origin group. The origin group must be defined in the profile originGroups. | -| `profileName` | string | | The name of the parent CDN profile. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`afdEndpointName`](#parameter-afdendpointname) | string | The name of the AFD endpoint. | +| [`name`](#parameter-name) | string | The name of the route. | +| [`originGroupName`](#parameter-origingroupname) | string | The name of the origin group. The origin group must be defined in the profile originGroups. | +| [`profileName`](#parameter-profilename) | string | The name of the parent CDN profile. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `cacheConfiguration` | object | `{object}` | | The caching configuration for this route. To disable caching, do not provide a cacheConfiguration object. | -| `customDomainName` | string | | | The name of the custom domain. The custom domain must be defined in the profile customDomains. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `enabledState` | string | `'Enabled'` | `[Disabled, Enabled]` | Whether this route is enabled. | -| `forwardingProtocol` | string | `'MatchRequest'` | `[HttpOnly, HttpsOnly, MatchRequest]` | The protocol this rule will use when forwarding traffic to backends. | -| `httpsRedirect` | string | `'Enabled'` | `[Disabled, Enabled]` | Whether to automatically redirect HTTP traffic to HTTPS traffic. | -| `linkToDefaultDomain` | string | `'Enabled'` | `[Disabled, Enabled]` | Whether this route will be linked to the default endpoint domain. | -| `originPath` | string | `''` | | A directory path on the origin that AzureFrontDoor can use to retrieve content from, e.g. contoso.cloudapp.net/originpath. | -| `patternsToMatch` | array | `[]` | | The route patterns of the rule. | -| `ruleSets` | array | `[]` | | The rule sets of the rule. The rule sets must be defined in the profile ruleSets. | -| `supportedProtocols` | array | `[]` | `[Http, Https]` | The supported protocols of the rule. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`cacheConfiguration`](#parameter-cacheconfiguration) | object | The caching configuration for this route. To disable caching, do not provide a cacheConfiguration object. | +| [`customDomainName`](#parameter-customdomainname) | string | The name of the custom domain. The custom domain must be defined in the profile customDomains. | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`enabledState`](#parameter-enabledstate) | string | Whether this route is enabled. | +| [`forwardingProtocol`](#parameter-forwardingprotocol) | string | The protocol this rule will use when forwarding traffic to backends. | +| [`httpsRedirect`](#parameter-httpsredirect) | string | Whether to automatically redirect HTTP traffic to HTTPS traffic. | +| [`linkToDefaultDomain`](#parameter-linktodefaultdomain) | string | Whether this route will be linked to the default endpoint domain. | +| [`originPath`](#parameter-originpath) | string | A directory path on the origin that AzureFrontDoor can use to retrieve content from, e.g. contoso.cloudapp.net/originpath. | +| [`patternsToMatch`](#parameter-patternstomatch) | array | The route patterns of the rule. | +| [`ruleSets`](#parameter-rulesets) | array | The rule sets of the rule. The rule sets must be defined in the profile ruleSets. | +| [`supportedProtocols`](#parameter-supportedprotocols) | array | The supported protocols of the rule. | + +### Parameter: `afdEndpointName` + +The name of the AFD endpoint. +- Required: Yes +- Type: string + +### Parameter: `cacheConfiguration` + +The caching configuration for this route. To disable caching, do not provide a cacheConfiguration object. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `customDomainName` + +The name of the custom domain. The custom domain must be defined in the profile customDomains. +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enabledState` + +Whether this route is enabled. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `forwardingProtocol` + +The protocol this rule will use when forwarding traffic to backends. +- Required: No +- Type: string +- Default: `'MatchRequest'` +- Allowed: `[HttpOnly, HttpsOnly, MatchRequest]` + +### Parameter: `httpsRedirect` + +Whether to automatically redirect HTTP traffic to HTTPS traffic. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `linkToDefaultDomain` + +Whether this route will be linked to the default endpoint domain. +- Required: No +- Type: string +- Default: `'Enabled'` +- Allowed: `[Disabled, Enabled]` + +### Parameter: `name` + +The name of the route. +- Required: Yes +- Type: string + +### Parameter: `originGroupName` + +The name of the origin group. The origin group must be defined in the profile originGroups. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `originPath` + +A directory path on the origin that AzureFrontDoor can use to retrieve content from, e.g. contoso.cloudapp.net/originpath. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `patternsToMatch` + +The route patterns of the rule. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `profileName` + +The name of the parent CDN profile. +- Required: Yes +- Type: string + +### Parameter: `ruleSets` + +The rule sets of the rule. The rule sets must be defined in the profile ruleSets. +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `supportedProtocols` + +The supported protocols of the rule. +- Required: No +- Type: array +- Default: `[]` +- Allowed: `[Http, Https]` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the route. | | `resourceGroupName` | string | The name of the resource group the route was created in. | diff --git a/modules/cdn/profile/customdomain/README.md b/modules/cdn/profile/customdomain/README.md index 87399b9693..57363db2c1 100644 --- a/modules/cdn/profile/customdomain/README.md +++ b/modules/cdn/profile/customdomain/README.md @@ -19,33 +19,101 @@ This module deploys a CDN Profile Custom Domains. **Required parameters** -| Parameter Name | Type | Allowed Values | Description | -| :-- | :-- | :-- | :-- | -| `certificateType` | string | `[CustomerCertificate, ManagedCertificate]` | The type of the certificate used for secure delivery. | -| `hostName` | string | | The host name of the domain. Must be a domain name. | -| `name` | string | | The name of the custom domain. | -| `profileName` | string | | The name of the CDN profile. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`certificateType`](#parameter-certificatetype) | string | The type of the certificate used for secure delivery. | +| [`hostName`](#parameter-hostname) | string | The host name of the domain. Must be a domain name. | +| [`name`](#parameter-name) | string | The name of the custom domain. | +| [`profileName`](#parameter-profilename) | string | The name of the CDN profile. | **Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via a Globally Unique Identifier (GUID). | -| `extendedProperties` | object | `{object}` | | Key-Value pair representing migration properties for domains. | -| `minimumTlsVersion` | string | `'TLS12'` | `[TLS10, TLS12]` | The minimum TLS version required for the custom domain. Default value: TLS12. | -| `preValidatedCustomDomainResourceId` | string | `''` | | Resource reference to the Azure resource where custom domain ownership was prevalidated. | -| `secretName` | string | `''` | | The name of the secret. ie. subs/rg/profile/secret. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +| [`extendedProperties`](#parameter-extendedproperties) | object | Key-Value pair representing migration properties for domains. | +| [`minimumTlsVersion`](#parameter-minimumtlsversion) | string | The minimum TLS version required for the custom domain. Default value: TLS12. | +| [`preValidatedCustomDomainResourceId`](#parameter-prevalidatedcustomdomainresourceid) | string | Resource reference to the Azure resource where custom domain ownership was prevalidated. | +| [`secretName`](#parameter-secretname) | string | The name of the secret. ie. subs/rg/profile/secret. | **Optonal parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `azureDnsZoneResourceId` | string | `''` | Resource reference to the Azure DNS zone. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`azureDnsZoneResourceId`](#parameter-azurednszoneresourceid) | string | Resource reference to the Azure DNS zone. | + +### Parameter: `azureDnsZoneResourceId` + +Resource reference to the Azure DNS zone. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `certificateType` + +The type of the certificate used for secure delivery. +- Required: Yes +- Type: string +- Allowed: `[CustomerCertificate, ManagedCertificate]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `extendedProperties` + +Key-Value pair representing migration properties for domains. +- Required: No +- Type: object +- Default: `{object}` + +### Parameter: `hostName` + +The host name of the domain. Must be a domain name. +- Required: Yes +- Type: string + +### Parameter: `minimumTlsVersion` + +The minimum TLS version required for the custom domain. Default value: TLS12. +- Required: No +- Type: string +- Default: `'TLS12'` +- Allowed: `[TLS10, TLS12]` + +### Parameter: `name` + +The name of the custom domain. +- Required: Yes +- Type: string + +### Parameter: `preValidatedCustomDomainResourceId` + +Resource reference to the Azure resource where custom domain ownership was prevalidated. +- Required: No +- Type: string +- Default: `''` + +### Parameter: `profileName` + +The name of the CDN profile. +- Required: Yes +- Type: string + +### Parameter: `secretName` + +The name of the secret. ie. subs/rg/profile/secret. +- Required: No +- Type: string +- Default: `''` ## Outputs -| Output Name | Type | Description | +| Output | Type | Description | | :-- | :-- | :-- | | `name` | string | The name of the custom domain. | | `resourceGroupName` | string | The name of the resource group the custom domain was created in. | From de3fb8e458dfe007cb29fba3bec3164117e032fc Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sun, 15 Oct 2023 00:57:18 +0200 Subject: [PATCH 2/5] Small fixes --- modules/automation/automation-account/README.md | 8 +++++++- modules/batch/batch-account/README.md | 6 +++++- modules/cache/redis-enterprise/README.md | 6 +++++- modules/cache/redis/README.md | 6 +++++- 4 files changed, 22 insertions(+), 4 deletions(-) diff --git a/modules/automation/automation-account/README.md b/modules/automation/automation-account/README.md index e96f321154..6f5088347e 100644 --- a/modules/automation/automation-account/README.md +++ b/modules/automation/automation-account/README.md @@ -884,4 +884,10 @@ List of variables to be created in the automation account. ## Cross-referenced modules -_None_ +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | +| `modules/operational-insights/workspace/linked-service` | Local reference | +| `modules/operations-management/solution` | Local reference | diff --git a/modules/batch/batch-account/README.md b/modules/batch/batch-account/README.md index 5973940d4e..f51dc01ad5 100644 --- a/modules/batch/batch-account/README.md +++ b/modules/batch/batch-account/README.md @@ -613,4 +613,8 @@ The ID(s) to assign to the resource. ## Cross-referenced modules -_None_ +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | diff --git a/modules/cache/redis-enterprise/README.md b/modules/cache/redis-enterprise/README.md index 8b53290b88..1d1016e511 100644 --- a/modules/cache/redis-enterprise/README.md +++ b/modules/cache/redis-enterprise/README.md @@ -574,4 +574,8 @@ When true, the cluster will be deployed across availability zones. ## Cross-referenced modules -_None_ +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | diff --git a/modules/cache/redis/README.md b/modules/cache/redis/README.md index f69967d887..b2ac99a06d 100644 --- a/modules/cache/redis/README.md +++ b/modules/cache/redis/README.md @@ -527,7 +527,11 @@ If the zoneRedundant parameter is true, replicas will be provisioned in the avai ## Cross-referenced modules -_None_ +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | ## Notes From fa4f303cb7fcf5da2a841d5259937e8780298b62 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sun, 15 Oct 2023 18:37:49 +0200 Subject: [PATCH 3/5] Fixed templates --- modules/aad/domain-service/.test/common/main.test.bicep | 4 ++-- modules/analysis-services/server/.test/common/main.test.bicep | 4 ++-- modules/analysis-services/server/.test/min/main.test.bicep | 4 ++-- modules/api-management/service/.test/common/main.test.bicep | 4 ++-- modules/api-management/service/.test/min/main.test.bicep | 4 ++-- .../configuration-store/.test/common/main.test.bicep | 4 ++-- .../configuration-store/.test/min/main.test.bicep | 4 ++-- modules/app/container-app/.test/common/main.test.bicep | 4 ++-- modules/app/container-app/.test/min/main.test.bicep | 4 ++-- modules/app/managed-environment/.test/common/main.test.bicep | 4 ++-- modules/app/managed-environment/.test/min/main.test.bicep | 4 ++-- modules/authorization/lock/.test/common/main.test.bicep | 4 ++-- .../automation-account/.test/common/main.test.bicep | 4 ++-- .../automation/automation-account/.test/min/main.test.bicep | 4 ++-- modules/batch/batch-account/.test/common/main.test.bicep | 4 ++-- modules/batch/batch-account/.test/min/main.test.bicep | 4 ++-- modules/cache/redis-enterprise/.test/common/main.test.bicep | 4 ++-- modules/cache/redis-enterprise/.test/min/main.test.bicep | 4 ++-- modules/cache/redis/.test/common/main.test.bicep | 4 ++-- modules/cache/redis/.test/min/main.test.bicep | 4 ++-- modules/cdn/profile/.test/common/main.test.bicep | 4 ++-- 21 files changed, 42 insertions(+), 42 deletions(-) diff --git a/modules/aad/domain-service/.test/common/main.test.bicep b/modules/aad/domain-service/.test/common/main.test.bicep index bc19dc1260..815ecd6e53 100644 --- a/modules/aad/domain-service/.test/common/main.test.bicep +++ b/modules/aad/domain-service/.test/common/main.test.bicep @@ -1,7 +1,7 @@ targetScope = 'subscription' -metadata name = 'Using only defaults' -metadata description = 'This instance deploys the module with the minimum set of required parameters.' +metadata name = 'Using a large set of parameters' +metadata description = 'This instance deploys the module with a large set of possible parameters.' // ========== // // Parameters // diff --git a/modules/analysis-services/server/.test/common/main.test.bicep b/modules/analysis-services/server/.test/common/main.test.bicep index 8eeb6518dd..62f944bb6b 100644 --- a/modules/analysis-services/server/.test/common/main.test.bicep +++ b/modules/analysis-services/server/.test/common/main.test.bicep @@ -1,7 +1,7 @@ targetScope = 'subscription' -metadata name = 'Using only defaults' -metadata description = 'This instance deploys the module with the minimum set of required parameters.' +metadata name = 'Using a large set of parameters' +metadata description = 'This instance deploys the module with a large set of possible parameters.' // ========== // // Parameters // diff --git a/modules/analysis-services/server/.test/min/main.test.bicep b/modules/analysis-services/server/.test/min/main.test.bicep index 3d2c998523..e89ac48c07 100644 --- a/modules/analysis-services/server/.test/min/main.test.bicep +++ b/modules/analysis-services/server/.test/min/main.test.bicep @@ -1,7 +1,7 @@ targetScope = 'subscription' -metadata name = 'Using Maximum Parameters' -metadata description = 'This instance deploys the module with the large set of possible parameters.' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' // ========== // // Parameters // diff --git a/modules/api-management/service/.test/common/main.test.bicep b/modules/api-management/service/.test/common/main.test.bicep index 0a923c3d3c..c2a3bdec17 100644 --- a/modules/api-management/service/.test/common/main.test.bicep +++ b/modules/api-management/service/.test/common/main.test.bicep @@ -1,7 +1,7 @@ targetScope = 'subscription' -metadata name = 'Using only defaults' -metadata description = 'This instance deploys the module with the minimum set of required parameters.' +metadata name = 'Using a large set of parameters' +metadata description = 'This instance deploys the module with a large set of possible parameters.' // ========== // // Parameters // diff --git a/modules/api-management/service/.test/min/main.test.bicep b/modules/api-management/service/.test/min/main.test.bicep index 7c8a6f9a26..f4e9fd87a5 100644 --- a/modules/api-management/service/.test/min/main.test.bicep +++ b/modules/api-management/service/.test/min/main.test.bicep @@ -1,7 +1,7 @@ targetScope = 'subscription' -metadata name = 'Using Maximum Parameters' -metadata description = 'This instance deploys the module with the large set of possible parameters.' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' // ========== // // Parameters // diff --git a/modules/app-configuration/configuration-store/.test/common/main.test.bicep b/modules/app-configuration/configuration-store/.test/common/main.test.bicep index e359741a94..ff21b6be49 100644 --- a/modules/app-configuration/configuration-store/.test/common/main.test.bicep +++ b/modules/app-configuration/configuration-store/.test/common/main.test.bicep @@ -1,7 +1,7 @@ targetScope = 'subscription' -metadata name = 'Using only defaults' -metadata description = 'This instance deploys the module with the minimum set of required parameters.' +metadata name = 'Using a large set of parameters' +metadata description = 'This instance deploys the module with a large set of possible parameters.' // ========== // // Parameters // diff --git a/modules/app-configuration/configuration-store/.test/min/main.test.bicep b/modules/app-configuration/configuration-store/.test/min/main.test.bicep index f1508db465..8770a7a8ca 100644 --- a/modules/app-configuration/configuration-store/.test/min/main.test.bicep +++ b/modules/app-configuration/configuration-store/.test/min/main.test.bicep @@ -1,7 +1,7 @@ targetScope = 'subscription' -metadata name = 'Using Maximum Parameters' -metadata description = 'This instance deploys the module with the large set of possible parameters.' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' // ========== // // Parameters // diff --git a/modules/app/container-app/.test/common/main.test.bicep b/modules/app/container-app/.test/common/main.test.bicep index 2dc156fd4e..f9066abc21 100644 --- a/modules/app/container-app/.test/common/main.test.bicep +++ b/modules/app/container-app/.test/common/main.test.bicep @@ -1,7 +1,7 @@ targetScope = 'subscription' -metadata name = 'Using only defaults' -metadata description = 'This instance deploys the module with the minimum set of required parameters.' +metadata name = 'Using a large set of parameters' +metadata description = 'This instance deploys the module with a large set of possible parameters.' // ========== // // Parameters // diff --git a/modules/app/container-app/.test/min/main.test.bicep b/modules/app/container-app/.test/min/main.test.bicep index ae238c70c6..8969d7e6e3 100644 --- a/modules/app/container-app/.test/min/main.test.bicep +++ b/modules/app/container-app/.test/min/main.test.bicep @@ -1,7 +1,7 @@ targetScope = 'subscription' -metadata name = 'Using Maximum Parameters' -metadata description = 'This instance deploys the module with the large set of possible parameters.' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' // ========== // // Parameters // diff --git a/modules/app/managed-environment/.test/common/main.test.bicep b/modules/app/managed-environment/.test/common/main.test.bicep index 8954fe15d5..8df9011bb6 100644 --- a/modules/app/managed-environment/.test/common/main.test.bicep +++ b/modules/app/managed-environment/.test/common/main.test.bicep @@ -1,7 +1,7 @@ targetScope = 'subscription' -metadata name = 'Using only defaults' -metadata description = 'This instance deploys the module with the minimum set of required parameters.' +metadata name = 'Using a large set of parameters' +metadata description = 'This instance deploys the module with a large set of possible parameters.' // ========== // // Parameters // diff --git a/modules/app/managed-environment/.test/min/main.test.bicep b/modules/app/managed-environment/.test/min/main.test.bicep index 2aebf604c6..ceab992425 100644 --- a/modules/app/managed-environment/.test/min/main.test.bicep +++ b/modules/app/managed-environment/.test/min/main.test.bicep @@ -1,7 +1,7 @@ targetScope = 'subscription' -metadata name = 'Using Maximum Parameters' -metadata description = 'This instance deploys the module with the large set of possible parameters.' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' // ========== // // Parameters // diff --git a/modules/authorization/lock/.test/common/main.test.bicep b/modules/authorization/lock/.test/common/main.test.bicep index dc1cf363cb..c77b977511 100644 --- a/modules/authorization/lock/.test/common/main.test.bicep +++ b/modules/authorization/lock/.test/common/main.test.bicep @@ -1,7 +1,7 @@ targetScope = 'subscription' -metadata name = 'Using only defaults' -metadata description = 'This instance deploys the module with the minimum set of required parameters.' +metadata name = 'Using a large set of parameters' +metadata description = 'This instance deploys the module with a large set of possible parameters.' // ========== // // Parameters // diff --git a/modules/automation/automation-account/.test/common/main.test.bicep b/modules/automation/automation-account/.test/common/main.test.bicep index 7baf4a71e8..ff5f89d57a 100644 --- a/modules/automation/automation-account/.test/common/main.test.bicep +++ b/modules/automation/automation-account/.test/common/main.test.bicep @@ -1,7 +1,7 @@ targetScope = 'subscription' -metadata name = 'Using only defaults' -metadata description = 'This instance deploys the module with the minimum set of required parameters.' +metadata name = 'Using a large set of parameters' +metadata description = 'This instance deploys the module with a large set of possible parameters.' // ========== // // Parameters // diff --git a/modules/automation/automation-account/.test/min/main.test.bicep b/modules/automation/automation-account/.test/min/main.test.bicep index 17dcbd734b..3156e8971b 100644 --- a/modules/automation/automation-account/.test/min/main.test.bicep +++ b/modules/automation/automation-account/.test/min/main.test.bicep @@ -1,7 +1,7 @@ targetScope = 'subscription' -metadata name = 'Using Maximum Parameters' -metadata description = 'This instance deploys the module with the large set of possible parameters.' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' // ========== // // Parameters // diff --git a/modules/batch/batch-account/.test/common/main.test.bicep b/modules/batch/batch-account/.test/common/main.test.bicep index 54e95332e1..2947bb7589 100644 --- a/modules/batch/batch-account/.test/common/main.test.bicep +++ b/modules/batch/batch-account/.test/common/main.test.bicep @@ -1,7 +1,7 @@ targetScope = 'subscription' -metadata name = 'Using only defaults' -metadata description = 'This instance deploys the module with the minimum set of required parameters.' +metadata name = 'Using a large set of parameters' +metadata description = 'This instance deploys the module with a large set of possible parameters.' // ========== // // Parameters // diff --git a/modules/batch/batch-account/.test/min/main.test.bicep b/modules/batch/batch-account/.test/min/main.test.bicep index 7c813c5976..8d213101ab 100644 --- a/modules/batch/batch-account/.test/min/main.test.bicep +++ b/modules/batch/batch-account/.test/min/main.test.bicep @@ -1,7 +1,7 @@ targetScope = 'subscription' -metadata name = 'Using Maximum Parameters' -metadata description = 'This instance deploys the module with the large set of possible parameters.' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' // ========== // // Parameters // diff --git a/modules/cache/redis-enterprise/.test/common/main.test.bicep b/modules/cache/redis-enterprise/.test/common/main.test.bicep index b1f24303f4..d1b34f5219 100644 --- a/modules/cache/redis-enterprise/.test/common/main.test.bicep +++ b/modules/cache/redis-enterprise/.test/common/main.test.bicep @@ -1,7 +1,7 @@ targetScope = 'subscription' -metadata name = 'Using only defaults' -metadata description = 'This instance deploys the module with the minimum set of required parameters.' +metadata name = 'Using a large set of parameters' +metadata description = 'This instance deploys the module with a large set of possible parameters.' // ========== // // Parameters // diff --git a/modules/cache/redis-enterprise/.test/min/main.test.bicep b/modules/cache/redis-enterprise/.test/min/main.test.bicep index 6d6d533981..19ab84407e 100644 --- a/modules/cache/redis-enterprise/.test/min/main.test.bicep +++ b/modules/cache/redis-enterprise/.test/min/main.test.bicep @@ -1,7 +1,7 @@ targetScope = 'subscription' -metadata name = 'Using Maximum Parameters' -metadata description = 'This instance deploys the module with the large set of possible parameters.' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' // ========== // // Parameters // diff --git a/modules/cache/redis/.test/common/main.test.bicep b/modules/cache/redis/.test/common/main.test.bicep index 9b177c2fd2..d997cb81a8 100644 --- a/modules/cache/redis/.test/common/main.test.bicep +++ b/modules/cache/redis/.test/common/main.test.bicep @@ -1,7 +1,7 @@ targetScope = 'subscription' -metadata name = 'Using only defaults' -metadata description = 'This instance deploys the module with the minimum set of required parameters.' +metadata name = 'Using a large set of parameters' +metadata description = 'This instance deploys the module with a large set of possible parameters.' // ========== // // Parameters // diff --git a/modules/cache/redis/.test/min/main.test.bicep b/modules/cache/redis/.test/min/main.test.bicep index 424f7feb2e..4ab171428a 100644 --- a/modules/cache/redis/.test/min/main.test.bicep +++ b/modules/cache/redis/.test/min/main.test.bicep @@ -1,7 +1,7 @@ targetScope = 'subscription' -metadata name = 'Using Maximum Parameters' -metadata description = 'This instance deploys the module with the large set of possible parameters.' +metadata name = 'Using only defaults' +metadata description = 'This instance deploys the module with the minimum set of required parameters.' // ========== // // Parameters // diff --git a/modules/cdn/profile/.test/common/main.test.bicep b/modules/cdn/profile/.test/common/main.test.bicep index 82d13259b2..e42c4fccfd 100644 --- a/modules/cdn/profile/.test/common/main.test.bicep +++ b/modules/cdn/profile/.test/common/main.test.bicep @@ -1,7 +1,7 @@ targetScope = 'subscription' -metadata name = 'Using only defaults' -metadata description = 'This instance deploys the module with the minimum set of required parameters.' +metadata name = 'Using a large set of parameters' +metadata description = 'This instance deploys the module with a large set of possible parameters.' // ========== // // Parameters // From b2e46566093dd474644800d9fbf10c51ebec9e21 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Sun, 15 Oct 2023 19:27:39 +0200 Subject: [PATCH 4/5] Regen --- .../.test/common/main.test.bicep | 4 ++-- modules/aad/domain-service/README.md | 6 +++--- .../server/.test/common/main.test.bicep | 4 ++-- modules/analysis-services/server/README.md | 12 ++++++------ .../service/.test/common/main.test.bicep | 4 ++-- modules/api-management/service/README.md | 12 ++++++------ .../.test/common/main.test.bicep | 4 ++-- .../configuration-store/README.md | 18 +++++++++++------- .../container-app/.test/common/main.test.bicep | 4 ++-- modules/app/container-app/README.md | 12 ++++++------ .../.test/common/main.test.bicep | 4 ++-- modules/app/managed-environment/README.md | 12 ++++++------ .../lock/.test/common/main.test.bicep | 4 ++-- modules/authorization/lock/README.md | 6 +++--- .../.test/common/main.test.bicep | 4 ++-- .../automation/automation-account/README.md | 12 ++++++------ .../batch-account/.test/common/main.test.bicep | 4 ++-- modules/batch/batch-account/README.md | 12 ++++++------ .../.test/common/main.test.bicep | 4 ++-- modules/cache/redis-enterprise/README.md | 12 ++++++------ .../cache/redis/.test/common/main.test.bicep | 4 ++-- modules/cache/redis/README.md | 12 ++++++------ .../cdn/profile/.test/common/main.test.bicep | 4 ++-- modules/cdn/profile/README.md | 6 +++--- 24 files changed, 92 insertions(+), 88 deletions(-) diff --git a/modules/aad/domain-service/.test/common/main.test.bicep b/modules/aad/domain-service/.test/common/main.test.bicep index 815ecd6e53..6df70643ed 100644 --- a/modules/aad/domain-service/.test/common/main.test.bicep +++ b/modules/aad/domain-service/.test/common/main.test.bicep @@ -1,7 +1,7 @@ targetScope = 'subscription' -metadata name = 'Using a large set of parameters' -metadata description = 'This instance deploys the module with a large set of possible parameters.' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' // ========== // // Parameters // diff --git a/modules/aad/domain-service/README.md b/modules/aad/domain-service/README.md index b668b1ccda..2259267cb5 100644 --- a/modules/aad/domain-service/README.md +++ b/modules/aad/domain-service/README.md @@ -29,11 +29,11 @@ The following module usage examples are retrieved from the content of the files >**Note**: To reference the module, please use the following syntax `br:bicep/modules/aad.domain-service:1.0.0`. -- [Using only defaults](#example-1-using-only-defaults) +- [Using large parameter set](#example-1-using-large-parameter-set) -### Example 1: _Using only defaults_ +### Example 1: _Using large parameter set_ -This instance deploys the module with the minimum set of required parameters. +This instance deploys the module with most of its features enabled.

diff --git a/modules/analysis-services/server/.test/common/main.test.bicep b/modules/analysis-services/server/.test/common/main.test.bicep index 62f944bb6b..527c3c1c71 100644 --- a/modules/analysis-services/server/.test/common/main.test.bicep +++ b/modules/analysis-services/server/.test/common/main.test.bicep @@ -1,7 +1,7 @@ targetScope = 'subscription' -metadata name = 'Using a large set of parameters' -metadata description = 'This instance deploys the module with a large set of possible parameters.' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' // ========== // // Parameters // diff --git a/modules/analysis-services/server/README.md b/modules/analysis-services/server/README.md index 979b23fe72..12ee712f96 100644 --- a/modules/analysis-services/server/README.md +++ b/modules/analysis-services/server/README.md @@ -28,13 +28,13 @@ The following module usage examples are retrieved from the content of the files >**Note**: To reference the module, please use the following syntax `br:bicep/modules/analysis-services.server:1.0.0`. -- [Using only defaults](#example-1-using-only-defaults) +- [Using large parameter set](#example-1-using-large-parameter-set) - [Max](#example-2-max) -- [Using Maximum Parameters](#example-3-using-maximum-parameters) +- [Using only defaults](#example-3-using-only-defaults) -### Example 1: _Using only defaults_ +### Example 1: _Using large parameter set_ -This instance deploys the module with the minimum set of required parameters. +This instance deploys the module with most of its features enabled.
@@ -269,9 +269,9 @@ module server 'br:bicep/modules/analysis-services.server:1.0.0' = {

-### Example 3: _Using Maximum Parameters_ +### Example 3: _Using only defaults_ -This instance deploys the module with the large set of possible parameters. +This instance deploys the module with the minimum set of required parameters.

diff --git a/modules/api-management/service/.test/common/main.test.bicep b/modules/api-management/service/.test/common/main.test.bicep index c2a3bdec17..d00d8943f8 100644 --- a/modules/api-management/service/.test/common/main.test.bicep +++ b/modules/api-management/service/.test/common/main.test.bicep @@ -1,7 +1,7 @@ targetScope = 'subscription' -metadata name = 'Using a large set of parameters' -metadata description = 'This instance deploys the module with a large set of possible parameters.' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' // ========== // // Parameters // diff --git a/modules/api-management/service/README.md b/modules/api-management/service/README.md index 140a3c756e..fa6eabd17b 100644 --- a/modules/api-management/service/README.md +++ b/modules/api-management/service/README.md @@ -43,13 +43,13 @@ The following module usage examples are retrieved from the content of the files >**Note**: To reference the module, please use the following syntax `br:bicep/modules/api-management.service:1.0.0`. -- [Using only defaults](#example-1-using-only-defaults) +- [Using large parameter set](#example-1-using-large-parameter-set) - [Max](#example-2-max) -- [Using Maximum Parameters](#example-3-using-maximum-parameters) +- [Using only defaults](#example-3-using-only-defaults) -### Example 1: _Using only defaults_ +### Example 1: _Using large parameter set_ -This instance deploys the module with the minimum set of required parameters. +This instance deploys the module with most of its features enabled.
@@ -540,9 +540,9 @@ module service 'br:bicep/modules/api-management.service:1.0.0' = {

-### Example 3: _Using Maximum Parameters_ +### Example 3: _Using only defaults_ -This instance deploys the module with the large set of possible parameters. +This instance deploys the module with the minimum set of required parameters.

diff --git a/modules/app-configuration/configuration-store/.test/common/main.test.bicep b/modules/app-configuration/configuration-store/.test/common/main.test.bicep index ff21b6be49..9c5e54e5f8 100644 --- a/modules/app-configuration/configuration-store/.test/common/main.test.bicep +++ b/modules/app-configuration/configuration-store/.test/common/main.test.bicep @@ -1,7 +1,7 @@ targetScope = 'subscription' -metadata name = 'Using a large set of parameters' -metadata description = 'This instance deploys the module with a large set of possible parameters.' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' // ========== // // Parameters // diff --git a/modules/app-configuration/configuration-store/README.md b/modules/app-configuration/configuration-store/README.md index 2e9907827d..ed60cb9ef7 100644 --- a/modules/app-configuration/configuration-store/README.md +++ b/modules/app-configuration/configuration-store/README.md @@ -31,13 +31,13 @@ The following module usage examples are retrieved from the content of the files >**Note**: To reference the module, please use the following syntax `br:bicep/modules/app-configuration.configuration-store:1.0.0`. -- [Using only defaults](#example-1-using-only-defaults) -- [Using Maximum Parameters](#example-2-using-maximum-parameters) +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) - [Pe](#example-3-pe) -### Example 1: _Using only defaults_ +### Example 1: _Using large parameter set_ -This instance deploys the module with the minimum set of required parameters. +This instance deploys the module with most of its features enabled.
@@ -189,9 +189,9 @@ module configurationStore 'br:bicep/modules/app-configuration.configuration-stor

-### Example 2: _Using Maximum Parameters_ +### Example 2: _Using only defaults_ -This instance deploys the module with the large set of possible parameters. +This instance deploys the module with the minimum set of required parameters.

@@ -559,4 +559,8 @@ The ID(s) to assign to the resource. ## Cross-referenced modules -_None_ +This section gives you an overview of all local-referenced module files (i.e., other CARML modules that are referenced in this module) and all remote-referenced files (i.e., Bicep modules that are referenced from a Bicep Registry or Template Specs). + +| Reference | Type | +| :-- | :-- | +| `modules/network/private-endpoint` | Local reference | diff --git a/modules/app/container-app/.test/common/main.test.bicep b/modules/app/container-app/.test/common/main.test.bicep index f9066abc21..9667da2fbe 100644 --- a/modules/app/container-app/.test/common/main.test.bicep +++ b/modules/app/container-app/.test/common/main.test.bicep @@ -1,7 +1,7 @@ targetScope = 'subscription' -metadata name = 'Using a large set of parameters' -metadata description = 'This instance deploys the module with a large set of possible parameters.' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' // ========== // // Parameters // diff --git a/modules/app/container-app/README.md b/modules/app/container-app/README.md index 84b6f9d314..e89d34f250 100644 --- a/modules/app/container-app/README.md +++ b/modules/app/container-app/README.md @@ -27,12 +27,12 @@ The following module usage examples are retrieved from the content of the files >**Note**: To reference the module, please use the following syntax `br:bicep/modules/app.container-app:1.0.0`. -- [Using only defaults](#example-1-using-only-defaults) -- [Using Maximum Parameters](#example-2-using-maximum-parameters) +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -### Example 1: _Using only defaults_ +### Example 1: _Using large parameter set_ -This instance deploys the module with the minimum set of required parameters. +This instance deploys the module with most of its features enabled.
@@ -182,9 +182,9 @@ module containerApp 'br:bicep/modules/app.container-app:1.0.0' = {

-### Example 2: _Using Maximum Parameters_ +### Example 2: _Using only defaults_ -This instance deploys the module with the large set of possible parameters. +This instance deploys the module with the minimum set of required parameters.

diff --git a/modules/app/managed-environment/.test/common/main.test.bicep b/modules/app/managed-environment/.test/common/main.test.bicep index 8df9011bb6..6a3a769e96 100644 --- a/modules/app/managed-environment/.test/common/main.test.bicep +++ b/modules/app/managed-environment/.test/common/main.test.bicep @@ -1,7 +1,7 @@ targetScope = 'subscription' -metadata name = 'Using a large set of parameters' -metadata description = 'This instance deploys the module with a large set of possible parameters.' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' // ========== // // Parameters // diff --git a/modules/app/managed-environment/README.md b/modules/app/managed-environment/README.md index f12da955fd..c998bbb2ae 100644 --- a/modules/app/managed-environment/README.md +++ b/modules/app/managed-environment/README.md @@ -27,12 +27,12 @@ The following module usage examples are retrieved from the content of the files >**Note**: To reference the module, please use the following syntax `br:bicep/modules/app.managed-environment:1.0.0`. -- [Using only defaults](#example-1-using-only-defaults) -- [Using Maximum Parameters](#example-2-using-maximum-parameters) +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -### Example 1: _Using only defaults_ +### Example 1: _Using large parameter set_ -This instance deploys the module with the minimum set of required parameters. +This instance deploys the module with most of its features enabled.
@@ -124,9 +124,9 @@ module managedEnvironment 'br:bicep/modules/app.managed-environment:1.0.0' = {

-### Example 2: _Using Maximum Parameters_ +### Example 2: _Using only defaults_ -This instance deploys the module with the large set of possible parameters. +This instance deploys the module with the minimum set of required parameters.

diff --git a/modules/authorization/lock/.test/common/main.test.bicep b/modules/authorization/lock/.test/common/main.test.bicep index c77b977511..aa9099f4a9 100644 --- a/modules/authorization/lock/.test/common/main.test.bicep +++ b/modules/authorization/lock/.test/common/main.test.bicep @@ -1,7 +1,7 @@ targetScope = 'subscription' -metadata name = 'Using a large set of parameters' -metadata description = 'This instance deploys the module with a large set of possible parameters.' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' // ========== // // Parameters // diff --git a/modules/authorization/lock/README.md b/modules/authorization/lock/README.md index 2cc23f129d..9e8471cdc8 100644 --- a/modules/authorization/lock/README.md +++ b/modules/authorization/lock/README.md @@ -25,11 +25,11 @@ The following module usage examples are retrieved from the content of the files >**Note**: To reference the module, please use the following syntax `br:bicep/modules/authorization.lock:1.0.0`. -- [Using only defaults](#example-1-using-only-defaults) +- [Using large parameter set](#example-1-using-large-parameter-set) -### Example 1: _Using only defaults_ +### Example 1: _Using large parameter set_ -This instance deploys the module with the minimum set of required parameters. +This instance deploys the module with most of its features enabled.
diff --git a/modules/automation/automation-account/.test/common/main.test.bicep b/modules/automation/automation-account/.test/common/main.test.bicep index ff5f89d57a..7bfe9ab16b 100644 --- a/modules/automation/automation-account/.test/common/main.test.bicep +++ b/modules/automation/automation-account/.test/common/main.test.bicep @@ -1,7 +1,7 @@ targetScope = 'subscription' -metadata name = 'Using a large set of parameters' -metadata description = 'This instance deploys the module with a large set of possible parameters.' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' // ========== // // Parameters // diff --git a/modules/automation/automation-account/README.md b/modules/automation/automation-account/README.md index 6f5088347e..135a8206dc 100644 --- a/modules/automation/automation-account/README.md +++ b/modules/automation/automation-account/README.md @@ -38,13 +38,13 @@ The following module usage examples are retrieved from the content of the files >**Note**: To reference the module, please use the following syntax `br:bicep/modules/automation.automation-account:1.0.0`. -- [Using only defaults](#example-1-using-only-defaults) +- [Using large parameter set](#example-1-using-large-parameter-set) - [Encr](#example-2-encr) -- [Using Maximum Parameters](#example-3-using-maximum-parameters) +- [Using only defaults](#example-3-using-only-defaults) -### Example 1: _Using only defaults_ +### Example 1: _Using large parameter set_ -This instance deploys the module with the minimum set of required parameters. +This instance deploys the module with most of its features enabled.
@@ -553,9 +553,9 @@ module automationAccount 'br:bicep/modules/automation.automation-account:1.0.0'

-### Example 3: _Using Maximum Parameters_ +### Example 3: _Using only defaults_ -This instance deploys the module with the large set of possible parameters. +This instance deploys the module with the minimum set of required parameters.

diff --git a/modules/batch/batch-account/.test/common/main.test.bicep b/modules/batch/batch-account/.test/common/main.test.bicep index 2947bb7589..b81a0e4036 100644 --- a/modules/batch/batch-account/.test/common/main.test.bicep +++ b/modules/batch/batch-account/.test/common/main.test.bicep @@ -1,7 +1,7 @@ targetScope = 'subscription' -metadata name = 'Using a large set of parameters' -metadata description = 'This instance deploys the module with a large set of possible parameters.' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' // ========== // // Parameters // diff --git a/modules/batch/batch-account/README.md b/modules/batch/batch-account/README.md index f51dc01ad5..a38576d4dd 100644 --- a/modules/batch/batch-account/README.md +++ b/modules/batch/batch-account/README.md @@ -30,13 +30,13 @@ The following module usage examples are retrieved from the content of the files >**Note**: To reference the module, please use the following syntax `br:bicep/modules/batch.batch-account:1.0.0`. -- [Using only defaults](#example-1-using-only-defaults) +- [Using large parameter set](#example-1-using-large-parameter-set) - [Encr](#example-2-encr) -- [Using Maximum Parameters](#example-3-using-maximum-parameters) +- [Using only defaults](#example-3-using-only-defaults) -### Example 1: _Using only defaults_ +### Example 1: _Using large parameter set_ -This instance deploys the module with the minimum set of required parameters. +This instance deploys the module with most of its features enabled.
@@ -309,9 +309,9 @@ module batchAccount 'br:bicep/modules/batch.batch-account:1.0.0' = {

-### Example 3: _Using Maximum Parameters_ +### Example 3: _Using only defaults_ -This instance deploys the module with the large set of possible parameters. +This instance deploys the module with the minimum set of required parameters.

diff --git a/modules/cache/redis-enterprise/.test/common/main.test.bicep b/modules/cache/redis-enterprise/.test/common/main.test.bicep index d1b34f5219..70adc46f2c 100644 --- a/modules/cache/redis-enterprise/.test/common/main.test.bicep +++ b/modules/cache/redis-enterprise/.test/common/main.test.bicep @@ -1,7 +1,7 @@ targetScope = 'subscription' -metadata name = 'Using a large set of parameters' -metadata description = 'This instance deploys the module with a large set of possible parameters.' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' // ========== // // Parameters // diff --git a/modules/cache/redis-enterprise/README.md b/modules/cache/redis-enterprise/README.md index 1d1016e511..3bb04f1949 100644 --- a/modules/cache/redis-enterprise/README.md +++ b/modules/cache/redis-enterprise/README.md @@ -31,13 +31,13 @@ The following module usage examples are retrieved from the content of the files >**Note**: To reference the module, please use the following syntax `br:bicep/modules/cache.redis-enterprise:1.0.0`. -- [Using only defaults](#example-1-using-only-defaults) +- [Using large parameter set](#example-1-using-large-parameter-set) - [Geo](#example-2-geo) -- [Using Maximum Parameters](#example-3-using-maximum-parameters) +- [Using only defaults](#example-3-using-only-defaults) -### Example 1: _Using only defaults_ +### Example 1: _Using large parameter set_ -This instance deploys the module with the minimum set of required parameters. +This instance deploys the module with most of its features enabled.
@@ -344,9 +344,9 @@ module redisEnterprise 'br:bicep/modules/cache.redis-enterprise:1.0.0' = {

-### Example 3: _Using Maximum Parameters_ +### Example 3: _Using only defaults_ -This instance deploys the module with the large set of possible parameters. +This instance deploys the module with the minimum set of required parameters.

diff --git a/modules/cache/redis/.test/common/main.test.bicep b/modules/cache/redis/.test/common/main.test.bicep index d997cb81a8..5428f2e9cb 100644 --- a/modules/cache/redis/.test/common/main.test.bicep +++ b/modules/cache/redis/.test/common/main.test.bicep @@ -1,7 +1,7 @@ targetScope = 'subscription' -metadata name = 'Using a large set of parameters' -metadata description = 'This instance deploys the module with a large set of possible parameters.' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' // ========== // // Parameters // diff --git a/modules/cache/redis/README.md b/modules/cache/redis/README.md index b2ac99a06d..3db14990e1 100644 --- a/modules/cache/redis/README.md +++ b/modules/cache/redis/README.md @@ -31,12 +31,12 @@ The following module usage examples are retrieved from the content of the files >**Note**: To reference the module, please use the following syntax `br:bicep/modules/cache.redis:1.0.0`. -- [Using only defaults](#example-1-using-only-defaults) -- [Using Maximum Parameters](#example-2-using-maximum-parameters) +- [Using large parameter set](#example-1-using-large-parameter-set) +- [Using only defaults](#example-2-using-only-defaults) -### Example 1: _Using only defaults_ +### Example 1: _Using large parameter set_ -This instance deploys the module with the minimum set of required parameters. +This instance deploys the module with most of its features enabled.
@@ -196,9 +196,9 @@ module redis 'br:bicep/modules/cache.redis:1.0.0' = {

-### Example 2: _Using Maximum Parameters_ +### Example 2: _Using only defaults_ -This instance deploys the module with the large set of possible parameters. +This instance deploys the module with the minimum set of required parameters.

diff --git a/modules/cdn/profile/.test/common/main.test.bicep b/modules/cdn/profile/.test/common/main.test.bicep index e42c4fccfd..d8dcf730f7 100644 --- a/modules/cdn/profile/.test/common/main.test.bicep +++ b/modules/cdn/profile/.test/common/main.test.bicep @@ -1,7 +1,7 @@ targetScope = 'subscription' -metadata name = 'Using a large set of parameters' -metadata description = 'This instance deploys the module with a large set of possible parameters.' +metadata name = 'Using large parameter set' +metadata description = 'This instance deploys the module with most of its features enabled.' // ========== // // Parameters // diff --git a/modules/cdn/profile/README.md b/modules/cdn/profile/README.md index 942a3553a2..c6f5f8df2c 100644 --- a/modules/cdn/profile/README.md +++ b/modules/cdn/profile/README.md @@ -38,7 +38,7 @@ The following module usage examples are retrieved from the content of the files >**Note**: To reference the module, please use the following syntax `br:bicep/modules/cdn.profile:1.0.0`. - [Afd](#example-1-afd) -- [Using only defaults](#example-2-using-only-defaults) +- [Using large parameter set](#example-2-using-large-parameter-set) ### Example 1: _Afd_ @@ -255,9 +255,9 @@ module profile 'br:bicep/modules/cdn.profile:1.0.0' = {

-### Example 2: _Using only defaults_ +### Example 2: _Using large parameter set_ -This instance deploys the module with the minimum set of required parameters. +This instance deploys the module with most of its features enabled.

From 088227785e803fbc038496c6222fea6a26b0df25 Mon Sep 17 00:00:00 2001 From: AlexanderSehr Date: Mon, 16 Oct 2023 12:55:21 +0200 Subject: [PATCH 5/5] Renamed header --- modules/aad/domain-service/README.md | 2 +- modules/analysis-services/server/README.md | 2 +- modules/api-management/service/README.md | 2 +- modules/app-configuration/configuration-store/README.md | 2 +- modules/app/container-app/README.md | 2 +- modules/app/managed-environment/README.md | 2 +- modules/authorization/lock/README.md | 2 +- modules/authorization/policy-assignment/README.md | 2 +- modules/authorization/policy-definition/README.md | 2 +- modules/authorization/policy-exemption/README.md | 2 +- modules/authorization/policy-set-definition/README.md | 2 +- modules/authorization/role-assignment/README.md | 2 +- modules/authorization/role-definition/README.md | 2 +- modules/automation/automation-account/README.md | 2 +- modules/batch/batch-account/README.md | 2 +- modules/cache/redis-enterprise/README.md | 2 +- modules/cache/redis/README.md | 2 +- modules/cdn/profile/README.md | 2 +- 18 files changed, 18 insertions(+), 18 deletions(-) diff --git a/modules/aad/domain-service/README.md b/modules/aad/domain-service/README.md index 2259267cb5..8803a840aa 100644 --- a/modules/aad/domain-service/README.md +++ b/modules/aad/domain-service/README.md @@ -22,7 +22,7 @@ This module deploys an Azure Active Directory Domain Services (AADDS). ## Usage examples -The following module usage examples are retrieved from the content of the files hosted in the module's `tests` folder. +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. >**Note**: The name of each example is based on the name of the file from which it is taken. >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. diff --git a/modules/analysis-services/server/README.md b/modules/analysis-services/server/README.md index 12ee712f96..e51e44040a 100644 --- a/modules/analysis-services/server/README.md +++ b/modules/analysis-services/server/README.md @@ -21,7 +21,7 @@ This module deploys an Analysis Services Server. ## Usage examples -The following module usage examples are retrieved from the content of the files hosted in the module's `tests` folder. +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. >**Note**: The name of each example is based on the name of the file from which it is taken. >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. diff --git a/modules/api-management/service/README.md b/modules/api-management/service/README.md index fa6eabd17b..a5e33b4cae 100644 --- a/modules/api-management/service/README.md +++ b/modules/api-management/service/README.md @@ -36,7 +36,7 @@ This module deploys an API Management Service. ## Usage examples -The following module usage examples are retrieved from the content of the files hosted in the module's `tests` folder. +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. >**Note**: The name of each example is based on the name of the file from which it is taken. >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. diff --git a/modules/app-configuration/configuration-store/README.md b/modules/app-configuration/configuration-store/README.md index ed60cb9ef7..eb65704810 100644 --- a/modules/app-configuration/configuration-store/README.md +++ b/modules/app-configuration/configuration-store/README.md @@ -24,7 +24,7 @@ This module deploys an App Configuration Store. ## Usage examples -The following module usage examples are retrieved from the content of the files hosted in the module's `tests` folder. +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. >**Note**: The name of each example is based on the name of the file from which it is taken. >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. diff --git a/modules/app/container-app/README.md b/modules/app/container-app/README.md index e89d34f250..5b3b27ad5c 100644 --- a/modules/app/container-app/README.md +++ b/modules/app/container-app/README.md @@ -20,7 +20,7 @@ This module deploys a Container App. ## Usage examples -The following module usage examples are retrieved from the content of the files hosted in the module's `tests` folder. +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. >**Note**: The name of each example is based on the name of the file from which it is taken. >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. diff --git a/modules/app/managed-environment/README.md b/modules/app/managed-environment/README.md index c998bbb2ae..980eb7a04c 100644 --- a/modules/app/managed-environment/README.md +++ b/modules/app/managed-environment/README.md @@ -20,7 +20,7 @@ This module deploys an App Managed Environment (also known as a Container App En ## Usage examples -The following module usage examples are retrieved from the content of the files hosted in the module's `tests` folder. +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. >**Note**: The name of each example is based on the name of the file from which it is taken. >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. diff --git a/modules/authorization/lock/README.md b/modules/authorization/lock/README.md index 9e8471cdc8..abc4f9706c 100644 --- a/modules/authorization/lock/README.md +++ b/modules/authorization/lock/README.md @@ -18,7 +18,7 @@ This module deploys an Authorization Lock at a Subscription or Resource Group sc ## Usage examples -The following module usage examples are retrieved from the content of the files hosted in the module's `tests` folder. +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. >**Note**: The name of each example is based on the name of the file from which it is taken. >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. diff --git a/modules/authorization/policy-assignment/README.md b/modules/authorization/policy-assignment/README.md index ca9b521a61..a74ad84ead 100644 --- a/modules/authorization/policy-assignment/README.md +++ b/modules/authorization/policy-assignment/README.md @@ -20,7 +20,7 @@ This module deploys a Policy Assignment at a Management Group, Subscription or R ## Usage examples -The following module usage examples are retrieved from the content of the files hosted in the module's `tests` folder. +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. >**Note**: The name of each example is based on the name of the file from which it is taken. >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. diff --git a/modules/authorization/policy-definition/README.md b/modules/authorization/policy-definition/README.md index fd75694735..0ab10d1680 100644 --- a/modules/authorization/policy-definition/README.md +++ b/modules/authorization/policy-definition/README.md @@ -19,7 +19,7 @@ This module deploys a Policy Definition at a Management Group or Subscription sc ## Usage examples -The following module usage examples are retrieved from the content of the files hosted in the module's `tests` folder. +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. >**Note**: The name of each example is based on the name of the file from which it is taken. >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. diff --git a/modules/authorization/policy-exemption/README.md b/modules/authorization/policy-exemption/README.md index 948638c525..8fc662328a 100644 --- a/modules/authorization/policy-exemption/README.md +++ b/modules/authorization/policy-exemption/README.md @@ -19,7 +19,7 @@ This module deploys a Policy Exemption at a Management Group, Subscription or Re ## Usage examples -The following module usage examples are retrieved from the content of the files hosted in the module's `tests` folder. +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. >**Note**: The name of each example is based on the name of the file from which it is taken. >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. diff --git a/modules/authorization/policy-set-definition/README.md b/modules/authorization/policy-set-definition/README.md index 1022488350..fdedfe70d8 100644 --- a/modules/authorization/policy-set-definition/README.md +++ b/modules/authorization/policy-set-definition/README.md @@ -19,7 +19,7 @@ This module deploys a Policy Set Definition (Initiative) at a Management Group o ## Usage examples -The following module usage examples are retrieved from the content of the files hosted in the module's `tests` folder. +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. >**Note**: The name of each example is based on the name of the file from which it is taken. >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. diff --git a/modules/authorization/role-assignment/README.md b/modules/authorization/role-assignment/README.md index 6db1e43c7f..5d881fcdaf 100644 --- a/modules/authorization/role-assignment/README.md +++ b/modules/authorization/role-assignment/README.md @@ -19,7 +19,7 @@ This module deploys a Role Assignment at a Management Group, Subscription or Res ## Usage examples -The following module usage examples are retrieved from the content of the files hosted in the module's `tests` folder. +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. >**Note**: The name of each example is based on the name of the file from which it is taken. >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. diff --git a/modules/authorization/role-definition/README.md b/modules/authorization/role-definition/README.md index e0cb4fe512..ca8b5c2988 100644 --- a/modules/authorization/role-definition/README.md +++ b/modules/authorization/role-definition/README.md @@ -19,7 +19,7 @@ This module deploys a Role Definition at a Management Group, Subscription or Res ## Usage examples -The following module usage examples are retrieved from the content of the files hosted in the module's `tests` folder. +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. >**Note**: The name of each example is based on the name of the file from which it is taken. >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. diff --git a/modules/automation/automation-account/README.md b/modules/automation/automation-account/README.md index 135a8206dc..524df37508 100644 --- a/modules/automation/automation-account/README.md +++ b/modules/automation/automation-account/README.md @@ -31,7 +31,7 @@ This module deploys an Azure Automation Account. ## Usage examples -The following module usage examples are retrieved from the content of the files hosted in the module's `tests` folder. +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. >**Note**: The name of each example is based on the name of the file from which it is taken. >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. diff --git a/modules/batch/batch-account/README.md b/modules/batch/batch-account/README.md index a38576d4dd..423bfa5d8d 100644 --- a/modules/batch/batch-account/README.md +++ b/modules/batch/batch-account/README.md @@ -23,7 +23,7 @@ This module deploys a Batch Account. ## Usage examples -The following module usage examples are retrieved from the content of the files hosted in the module's `tests` folder. +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. >**Note**: The name of each example is based on the name of the file from which it is taken. >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. diff --git a/modules/cache/redis-enterprise/README.md b/modules/cache/redis-enterprise/README.md index 3bb04f1949..ed678b193a 100644 --- a/modules/cache/redis-enterprise/README.md +++ b/modules/cache/redis-enterprise/README.md @@ -24,7 +24,7 @@ This module deploys a Redis Cache Enterprise. ## Usage examples -The following module usage examples are retrieved from the content of the files hosted in the module's `tests` folder. +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. >**Note**: The name of each example is based on the name of the file from which it is taken. >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. diff --git a/modules/cache/redis/README.md b/modules/cache/redis/README.md index 3db14990e1..1666649d27 100644 --- a/modules/cache/redis/README.md +++ b/modules/cache/redis/README.md @@ -24,7 +24,7 @@ This module deploys a Redis Cache. ## Usage examples -The following module usage examples are retrieved from the content of the files hosted in the module's `tests` folder. +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. >**Note**: The name of each example is based on the name of the file from which it is taken. >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order. diff --git a/modules/cdn/profile/README.md b/modules/cdn/profile/README.md index c6f5f8df2c..a30f5236fa 100644 --- a/modules/cdn/profile/README.md +++ b/modules/cdn/profile/README.md @@ -30,7 +30,7 @@ This module deploys a CDN Profile. ## Usage examples -The following module usage examples are retrieved from the content of the files hosted in the module's `tests` folder. +The following section provides usage examples for the module, which were used to validate and deploy the module successfully. For a full reference, please review the module's test folder in its repository. >**Note**: The name of each example is based on the name of the file from which it is taken. >**Note**: Each example lists all the required parameters first, followed by the rest - each in alphabetical order.