Update to latest

Azure · Dec 27, 2024 · 2625c7d · 2625c7d
1 parent 1c6f376
commit 2625c7d
Show file tree

Hide file tree

Showing 8 changed files with 58 additions and 28 deletions.
diff --git a/avm/ptn/virtual-machine-images/azure-image-builder/README.md b/avm/ptn/virtual-machine-images/azure-image-builder/README.md
@@ -249,6 +249,7 @@ module azureImageBuilder 'br/public:avm/ptn/virtual-machine-images/azure-image-b
     // Non-required parameters
     assetsStorageAccountContainerName: '<assetsStorageAccountContainerName>'
     assetsStorageAccountName: '<assetsStorageAccountName>'
+    customAIBRoleDefinitionName: 'Custom Azure Image Builder Image Definition (apvmiaibal - )'
     deploymentsToPerform: '<deploymentsToPerform>'
     imageTemplateCustomizationSteps: [
       {
@@ -336,6 +337,9 @@ module azureImageBuilder 'br/public:avm/ptn/virtual-machine-images/azure-image-b
     "assetsStorageAccountName": {
       "value": "<assetsStorageAccountName>"
     },
+    "customAIBRoleDefinitionName": {
+      "value": "Custom Azure Image Builder Image Definition (apvmiaibal - )"
+    },
     "deploymentsToPerform": {
       "value": "<deploymentsToPerform>"
     },
@@ -419,6 +423,7 @@ param imageTemplateImageSource = {
 // Non-required parameters
 param assetsStorageAccountContainerName = '<assetsStorageAccountContainerName>'
 param assetsStorageAccountName = '<assetsStorageAccountName>'
+param customAIBRoleDefinitionName = 'Custom Azure Image Builder Image Definition (apvmiaibal - )'
 param deploymentsToPerform = '<deploymentsToPerform>'
 param imageTemplateCustomizationSteps = [
   {
@@ -496,6 +501,7 @@ module azureImageBuilder 'br/public:avm/ptn/virtual-machine-images/azure-image-b
     // Non-required parameters
     assetsStorageAccountContainerName: '<assetsStorageAccountContainerName>'
     assetsStorageAccountName: '<assetsStorageAccountName>'
+    customAIBRoleDefinitionName: 'Custom Azure Image Builder Image Definition (apvmiaibaw - )'
     deploymentsToPerform: '<deploymentsToPerform>'
     imageTemplateCustomizationSteps: [
       {
@@ -584,6 +590,9 @@ module azureImageBuilder 'br/public:avm/ptn/virtual-machine-images/azure-image-b
     "assetsStorageAccountName": {
       "value": "<assetsStorageAccountName>"
     },
+    "customAIBRoleDefinitionName": {
+      "value": "Custom Azure Image Builder Image Definition (apvmiaibaw - )"
+    },
     "deploymentsToPerform": {
       "value": "<deploymentsToPerform>"
     },
@@ -670,6 +679,7 @@ param imageTemplateImageSource = {
 // Non-required parameters
 param assetsStorageAccountContainerName = '<assetsStorageAccountContainerName>'
 param assetsStorageAccountName = '<assetsStorageAccountName>'
+param customAIBRoleDefinitionName = 'Custom Azure Image Builder Image Definition (apvmiaibaw - )'
 param deploymentsToPerform = '<deploymentsToPerform>'
 param imageTemplateCustomizationSteps = [
   {
@@ -736,6 +746,7 @@ module azureImageBuilder 'br/public:avm/ptn/virtual-machine-images/azure-image-b
     // Non-required parameters
     assetsStorageAccountContainerName: '<assetsStorageAccountContainerName>'
     assetsStorageAccountName: '<assetsStorageAccountName>'
+    customAIBRoleDefinitionName: 'Custom Azure Image Builder Image Definition (apvmiaiboaai - )'
     deploymentScriptManagedIdentityName: '<deploymentScriptManagedIdentityName>'
     deploymentScriptStorageAccountName: '<deploymentScriptStorageAccountName>'
     deploymentScriptSubnetName: '<deploymentScriptSubnetName>'
@@ -801,6 +812,9 @@ module azureImageBuilder 'br/public:avm/ptn/virtual-machine-images/azure-image-b
     "assetsStorageAccountName": {
       "value": "<assetsStorageAccountName>"
     },
+    "customAIBRoleDefinitionName": {
+      "value": "Custom Azure Image Builder Image Definition (apvmiaiboaai - )"
+    },
     "deploymentScriptManagedIdentityName": {
       "value": "<deploymentScriptManagedIdentityName>"
     },
@@ -876,6 +890,7 @@ param imageTemplateImageSource = {
 // Non-required parameters
 param assetsStorageAccountContainerName = '<assetsStorageAccountContainerName>'
 param assetsStorageAccountName = '<assetsStorageAccountName>'
+param customAIBRoleDefinitionName = 'Custom Azure Image Builder Image Definition (apvmiaiboaai - )'
 param deploymentScriptManagedIdentityName = '<deploymentScriptManagedIdentityName>'
 param deploymentScriptStorageAccountName = '<deploymentScriptStorageAccountName>'
 param deploymentScriptSubnetName = '<deploymentScriptSubnetName>'
@@ -942,6 +957,7 @@ module azureImageBuilder 'br/public:avm/ptn/virtual-machine-images/azure-image-b
     }
     // Non-required parameters
     assetsStorageAccountName: 'stapvmiaibob'
+    customAIBRoleDefinitionName: 'Custom Azure Image Builder Image Definition (apvmiaibob - )'
     deploymentsToPerform: 'Only base'
     imageManagedIdentityName: 'msi-it-apvmiaibob'
     location: '<location>'
@@ -997,6 +1013,9 @@ module azureImageBuilder 'br/public:avm/ptn/virtual-machine-images/azure-image-b
     "assetsStorageAccountName": {
       "value": "stapvmiaibob"
     },
+    "customAIBRoleDefinitionName": {
+      "value": "Custom Azure Image Builder Image Definition (apvmiaibob - )"
+    },
     "deploymentsToPerform": {
       "value": "Only base"
     },
@@ -1048,6 +1067,7 @@ param imageTemplateImageSource = {
 }
 // Non-required parameters
 param assetsStorageAccountName = 'stapvmiaibob'
+param customAIBRoleDefinitionName = 'Custom Azure Image Builder Image Definition (apvmiaibob - )'
 param deploymentsToPerform = 'Only base'
 param imageManagedIdentityName = 'msi-it-apvmiaibob'
 param location = '<location>'
@@ -1082,6 +1102,7 @@ module azureImageBuilder 'br/public:avm/ptn/virtual-machine-images/azure-image-b
       version: 'latest'
     }
     // Non-required parameters
+    customAIBRoleDefinitionName: 'Custom Azure Image Builder Image Definition (apvmiaiboi - )'
     deploymentScriptManagedIdentityName: '<deploymentScriptManagedIdentityName>'
     deploymentScriptStorageAccountName: '<deploymentScriptStorageAccountName>'
     deploymentScriptSubnetName: '<deploymentScriptSubnetName>'
@@ -1135,6 +1156,9 @@ module azureImageBuilder 'br/public:avm/ptn/virtual-machine-images/azure-image-b
       }
     },
     // Non-required parameters
+    "customAIBRoleDefinitionName": {
+      "value": "Custom Azure Image Builder Image Definition (apvmiaiboi - )"
+    },
     "deploymentScriptManagedIdentityName": {
       "value": "<deploymentScriptManagedIdentityName>"
     },
@@ -1200,6 +1224,7 @@ param imageTemplateImageSource = {
   version: 'latest'
 }
 // Non-required parameters
+param customAIBRoleDefinitionName = 'Custom Azure Image Builder Image Definition (apvmiaiboi - )'
 param deploymentScriptManagedIdentityName = '<deploymentScriptManagedIdentityName>'
 param deploymentScriptStorageAccountName = '<deploymentScriptStorageAccountName>'
 param deploymentScriptSubnetName = '<deploymentScriptSubnetName>'
@@ -1237,10 +1262,10 @@ param virtualNetworkName = '<virtualNetworkName>'
 
 | Parameter | Type | Description |
 | :-- | :-- | :-- |
-| [`aibRoleDefinitionName`](#parameter-aibroledefinitionname) | string | Then name of the AIB role definition to create. |
 | [`assetsStorageAccountContainerName`](#parameter-assetsstorageaccountcontainername) | string | The name of container in the Storage Account. |
 | [`assetsStorageAccountName`](#parameter-assetsstorageaccountname) | string | The name of the storage account. Only needed if you want to upload scripts to be used during image baking. |
-| [`deployAndUseCustomRoleDefinition`](#parameter-deployandusecustomroledefinition) | bool | Define whether or not to deploy a custom, least priviledge, role for the Azure Image Builder on a subscription level and apply it to the deployed managed identities on the resource group level. If set to false, the Contributor role is applied instead. |
+| [`customAIBRoleDefinitionName`](#parameter-customaibroledefinitionname) | string | Then name of the AIB role definition to create. |
+| [`deployAndUseCustomAIBRoleDefinition`](#parameter-deployandusecustomaibroledefinition) | bool | Define whether or not to deploy a custom, least priviledge, role for the Azure Image Builder on a subscription level and apply it to the deployed managed identities on the resource group level. If set to false, the Contributor role is applied instead. |
 | [`deploymentScriptManagedIdentityName`](#parameter-deploymentscriptmanagedidentityname) | string | The name of the Managed Identity used by deployment scripts. |
 | [`deploymentScriptStorageAccountName`](#parameter-deploymentscriptstorageaccountname) | string | The name of the storage account. |
 | [`deploymentScriptSubnetName`](#parameter-deploymentscriptsubnetname) | string | The name of the Image Template Virtual Network Subnet to create. |
@@ -1593,14 +1618,6 @@ The image source to use for the Image Template.
 - Required: Yes
 - Type: object
 
-### Parameter: `aibRoleDefinitionName`
-
-Then name of the AIB role definition to create.
-
-- Required: No
-- Type: string
-- Default: `'Custom Azure Image Builder Image Definition'`
-
 ### Parameter: `assetsStorageAccountContainerName`
 
 The name of container in the Storage Account.
@@ -1616,7 +1633,15 @@ The name of the storage account. Only needed if you want to upload scripts to be
 - Required: No
 - Type: string
 
-### Parameter: `deployAndUseCustomRoleDefinition`
+### Parameter: `customAIBRoleDefinitionName`
+
+Then name of the AIB role definition to create.
+
+- Required: No
+- Type: string
+- Default: `'Custom Azure Image Builder Image Definition'`
+
+### Parameter: `deployAndUseCustomAIBRoleDefinition`
 
 Define whether or not to deploy a custom, least priviledge, role for the Azure Image Builder on a subscription level and apply it to the deployed managed identities on the resource group level. If set to false, the Contributor role is applied instead.
 

diff --git a/avm/ptn/virtual-machine-images/azure-image-builder/main.bicep b/avm/ptn/virtual-machine-images/azure-image-builder/main.bicep
@@ -32,10 +32,10 @@ param deploymentScriptManagedIdentityName string = 'msi-ds'
 param imageManagedIdentityName string = 'msi-aib'
 
 @description('Optional. Then name of the AIB role definition to create.')
-param aibRoleDefinitionName string = 'Custom Azure Image Builder Image Definition'
+param customAIBRoleDefinitionName string = 'Custom Azure Image Builder Image Definition'
 
 @description('Optional. Define whether or not to deploy a custom, least priviledge, role for the Azure Image Builder on a subscription level and apply it to the deployed managed identities on the resource group level. If set to false, the Contributor role is applied instead.')
-param deployAndUseCustomRoleDefinition bool = true
+param deployAndUseCustomAIBRoleDefinition bool = true
 
 // Azure Compute Gallery Parameters
 @description('Required. The name of the Azure Compute Gallery.')
@@ -182,10 +182,10 @@ module imageMSI 'br/public:avm/res/managed-identity/user-assigned-identity:0.4.0
 }
 
 // Custom role
-resource aibRoleDefinition 'Microsoft.Authorization/roleDefinitions@2022-04-01' = if (deployAndUseCustomRoleDefinition) {
-  name: guid(subscription().id, aibRoleDefinitionName)
+resource aibRoleDefinition 'Microsoft.Authorization/roleDefinitions@2022-04-01' = if (deployAndUseCustomAIBRoleDefinition) {
+  name: guid(subscription().id, customAIBRoleDefinitionName)
   properties: {
-    roleName: aibRoleDefinitionName
+    roleName: customAIBRoleDefinitionName
     description: 'Image Builder access to create & access resources for the image build.'
     type: 'customRole'
     permissions: [
@@ -216,7 +216,7 @@ resource aibRoleDefinition 'Microsoft.Authorization/roleDefinitions@2022-04-01'
 }
 
 // MSI RG contributor assignment
-resource contributorRole 'Microsoft.Authorization/roleDefinitions@2022-04-01' existing = if (!deployAndUseCustomRoleDefinition) {
+resource contributorRole 'Microsoft.Authorization/roleDefinitions@2022-04-01' existing = if (!deployAndUseCustomAIBRoleDefinition) {
   name: 'b24988ac-6180-42a0-ab88-20f7382dd24c' // Contributor
   scope: tenant()
 }
@@ -228,7 +228,7 @@ module imageMSI_rg_rbac 'modules/msi_rbac.bicep' = if (deploymentsToPerform == '
     msiResourceId: (deploymentsToPerform == 'All' || deploymentsToPerform == 'Only base')
       ? imageMSI.outputs.resourceId
       : ''
-    roleDefinitionId: deployAndUseCustomRoleDefinition ? aibRoleDefinition.id : contributorRole.id
+    roleDefinitionId: deployAndUseCustomAIBRoleDefinition ? aibRoleDefinition.id : contributorRole.id
   }
 }
 module imageMSI_aib_rg_rbac 'modules/msi_rbac.bicep' = if ((deploymentsToPerform == 'All' || deploymentsToPerform == 'Only base') && !empty(imageTemplateResourceGroupName)) {
@@ -239,7 +239,7 @@ module imageMSI_aib_rg_rbac 'modules/msi_rbac.bicep' = if ((deploymentsToPerform
     msiResourceId: (deploymentsToPerform == 'All' || deploymentsToPerform == 'Only base')
       ? imageMSI.outputs.resourceId
       : ''
-    roleDefinitionId: deployAndUseCustomRoleDefinition ? aibRoleDefinition.id : contributorRole.id
+    roleDefinitionId: deployAndUseCustomAIBRoleDefinition ? aibRoleDefinition.id : contributorRole.id
   }
 }
 

diff --git a/avm/ptn/virtual-machine-images/azure-image-builder/main.json b/avm/ptn/virtual-machine-images/azure-image-builder/main.json
@@ -6,7 +6,7 @@
     "_generator": {
       "name": "bicep",
       "version": "0.32.4.45862",
-      "templateHash": "11227891723786387080"
+      "templateHash": "11778294758856890530"
     },
     "name": "Custom Images using Azure Image Builder",
     "description": "This module provides you with a packaged solution to create custom images using the Azure Image Builder service publishing to an Azure Compute Gallery.",
@@ -327,14 +327,14 @@
         "description": "Optional. The name of the Managed Identity used by the Azure Image Builder."
       }
     },
-    "aibRoleDefinitionName": {
+    "customAIBRoleDefinitionName": {
       "type": "string",
       "defaultValue": "Custom Azure Image Builder Image Definition",
       "metadata": {
         "description": "Optional. Then name of the AIB role definition to create."
       }
     },
-    "deployAndUseCustomRoleDefinition": {
+    "deployAndUseCustomAIBRoleDefinition": {
       "type": "bool",
       "defaultValue": true,
       "metadata": {
@@ -555,12 +555,12 @@
       "location": "[parameters('location')]"
     },
     "aibRoleDefinition": {
-      "condition": "[parameters('deployAndUseCustomRoleDefinition')]",
+      "condition": "[parameters('deployAndUseCustomAIBRoleDefinition')]",
       "type": "Microsoft.Authorization/roleDefinitions",
       "apiVersion": "2022-04-01",
-      "name": "[guid(subscription().id, parameters('aibRoleDefinitionName'))]",
+      "name": "[guid(subscription().id, parameters('customAIBRoleDefinitionName'))]",
       "properties": {
-        "roleName": "[parameters('aibRoleDefinitionName')]",
+        "roleName": "[parameters('customAIBRoleDefinitionName')]",
         "description": "Image Builder access to create & access resources for the image build.",
         "type": "customRole",
         "permissions": [
@@ -585,7 +585,7 @@
       }
     },
     "contributorRole": {
-      "condition": "[not(parameters('deployAndUseCustomRoleDefinition'))]",
+      "condition": "[not(parameters('deployAndUseCustomAIBRoleDefinition'))]",
       "existing": true,
       "type": "Microsoft.Authorization/roleDefinitions",
       "apiVersion": "2022-04-01",
@@ -1560,7 +1560,7 @@
         "mode": "Incremental",
         "parameters": {
           "msiResourceId": "[if(or(equals(parameters('deploymentsToPerform'), 'All'), equals(parameters('deploymentsToPerform'), 'Only base')), createObject('value', reference('imageMSI').outputs.resourceId.value), createObject('value', ''))]",
-          "roleDefinitionId": "[if(parameters('deployAndUseCustomRoleDefinition'), createObject('value', subscriptionResourceId('Microsoft.Authorization/roleDefinitions', guid(subscription().id, parameters('aibRoleDefinitionName')))), createObject('value', tenantResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')))]"
+          "roleDefinitionId": "[if(parameters('deployAndUseCustomAIBRoleDefinition'), createObject('value', subscriptionResourceId('Microsoft.Authorization/roleDefinitions', guid(subscription().id, parameters('customAIBRoleDefinitionName')))), createObject('value', tenantResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')))]"
         },
         "template": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
@@ -1619,7 +1619,7 @@
         "mode": "Incremental",
         "parameters": {
           "msiResourceId": "[if(or(equals(parameters('deploymentsToPerform'), 'All'), equals(parameters('deploymentsToPerform'), 'Only base')), createObject('value', reference('imageMSI').outputs.resourceId.value), createObject('value', ''))]",
-          "roleDefinitionId": "[if(parameters('deployAndUseCustomRoleDefinition'), createObject('value', subscriptionResourceId('Microsoft.Authorization/roleDefinitions', guid(subscription().id, parameters('aibRoleDefinitionName')))), createObject('value', tenantResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')))]"
+          "roleDefinitionId": "[if(parameters('deployAndUseCustomAIBRoleDefinition'), createObject('value', subscriptionResourceId('Microsoft.Authorization/roleDefinitions', guid(subscription().id, parameters('customAIBRoleDefinitionName')))), createObject('value', tenantResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c')))]"
         },
         "template": {
           "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",

diff --git a/avm/ptn/virtual-machine-images/azure-image-builder/tests/e2e/deployAll.linux/main.test.bicep b/avm/ptn/virtual-machine-images/azure-image-builder/tests/e2e/deployAll.linux/main.test.bicep
@@ -37,6 +37,7 @@ module testDeployment '../../../main.bicep' = [
       deploymentsToPerform: iteration == 'init' ? 'All' : 'Only base' // Restricting to only infra on re-run as we don't want to back 2 images but only test idempotency
       resourceGroupName: resourceGroupName
       location: resourceLocation
+      customAIBRoleDefinitionName: 'Custom Azure Image Builder Image Definition (${serviceShort} - ${namePrefix})'
       assetsStorageAccountName: assetsStorageAccountName
       assetsStorageAccountContainerName: assetsStorageAccountContainerName
       computeGalleryName: 'gal${namePrefix}${serviceShort}'

diff --git a/...tn/virtual-machine-images/azure-image-builder/tests/e2e/deployAll.windows/main.test.bicep b/...tn/virtual-machine-images/azure-image-builder/tests/e2e/deployAll.windows/main.test.bicep
@@ -38,6 +38,7 @@ module testDeployment '../../../main.bicep' = [
       resourceGroupName: resourceGroupName
       imageTemplateResourceGroupName: '' // Setting to empty as a custom staging resource group currently fails the creation of a windows image for an unknown reason
       location: resourceLocation
+      customAIBRoleDefinitionName: 'Custom Azure Image Builder Image Definition (${serviceShort} - ${namePrefix})'
       assetsStorageAccountName: assetsStorageAccountName
       assetsStorageAccountContainerName: assetsStorageAccountContainerName
       computeGalleryName: 'gal${namePrefix}${serviceShort}'

diff --git a/...ual-machine-images/azure-image-builder/tests/e2e/deployOnlyAssetsAndImage/main.test.bicep b/...ual-machine-images/azure-image-builder/tests/e2e/deployOnlyAssetsAndImage/main.test.bicep
@@ -54,6 +54,7 @@ module testDeployment '../../../main.bicep' = {
     deploymentsToPerform: 'Only assets & image'
     resourceGroupName: nestedDependencies.outputs.resourceGroupName
     location: resourceLocation
+    customAIBRoleDefinitionName: 'Custom Azure Image Builder Image Definition (${serviceShort} - ${namePrefix})'
     computeGalleryName: nestedDependencies.outputs.computeGalleryName
     computeGalleryImageDefinitionName: nestedDependencies.outputs.computeGalleryImageDefinitions[0].name
     computeGalleryImageDefinitions: nestedDependencies.outputs.computeGalleryImageDefinitions

diff --git a/avm/ptn/virtual-machine-images/azure-image-builder/tests/e2e/deployOnlyBase/main.test.bicep b/avm/ptn/virtual-machine-images/azure-image-builder/tests/e2e/deployOnlyBase/main.test.bicep
@@ -33,6 +33,7 @@ module testDeployment '../../../main.bicep' = [
       deploymentsToPerform: 'Only base'
       resourceGroupName: resourceGroupName
       location: resourceLocation
+      customAIBRoleDefinitionName: 'Custom Azure Image Builder Image Definition (${serviceShort} - ${namePrefix})'
       assetsStorageAccountName: 'st${namePrefix}${serviceShort}'
       imageManagedIdentityName: 'msi-it-${namePrefix}-${serviceShort}'
       computeGalleryName: 'gal${namePrefix}${serviceShort}'

diff --git a/avm/ptn/virtual-machine-images/azure-image-builder/tests/e2e/deployOnlyImage/main.test.bicep b/avm/ptn/virtual-machine-images/azure-image-builder/tests/e2e/deployOnlyImage/main.test.bicep
@@ -59,6 +59,7 @@ module testDeployment '../../../main.bicep' = {
     deploymentsToPerform: 'Only image'
     resourceGroupName: nestedDependencies.outputs.resourceGroupName
     location: resourceLocation
+    customAIBRoleDefinitionName: 'Custom Azure Image Builder Image Definition (${serviceShort} - ${namePrefix})'
     computeGalleryName: nestedDependencies.outputs.computeGalleryName
     computeGalleryImageDefinitions: nestedDependencies.outputs.computeGalleryImageDefinitions
     computeGalleryImageDefinitionName: nestedDependencies.outputs.computeGalleryImageDefinitions[0].name