From fb77b430b65c1c4fa0e4afb08272541913a4da47 Mon Sep 17 00:00:00 2001 From: Alexander Sehr Date: Thu, 12 Dec 2024 17:24:52 +0100 Subject: [PATCH] feat: StorageAccount - Added allowed tier value, updated local user authorized key interface, added udts (#3645) ## Description - Added tier 'Cold' - Updated local user authorized key handling (secureList) - Added udts for local user & sub-objects Depends on https://github.com/microsoft/PSRule/issues/2591 & Release https://github.com/Azure/PSRule.Rules.Azure/milestone/127 Closes #3640 Closes #3629 ## Pipeline Reference | Pipeline | | -------- | | [![avm.res.storage.storage-account](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.storage.storage-account.yml/badge.svg?branch=users%2Falsehr%2FsaUpdates20241026)](https://github.com/Azure/bicep-registry-modules/actions/workflows/avm.res.storage.storage-account.yml) | ## Type of Change - [ ] Update to CI Environment or utilities (Non-module affecting changes) - [ ] Azure Verified Module updates: - [ ] Bugfix containing backwards-compatible bug fixes, and I have NOT bumped the MAJOR or MINOR version in `version.json`: - [ ] Someone has opened a bug report issue, and I have included "Closes #{bug_report_issue_number}" in the PR description. - [ ] The bug was found by the module author, and no one has opened an issue to report it yet. - [x] Feature update backwards compatible feature updates, and I have bumped the MINOR version in `version.json`. - [ ] Breaking changes and I have bumped the MAJOR version in `version.json`. - [ ] Update to documentation --- avm/res/storage/storage-account/README.md | 137 ++- .../container/immutability-policy/main.json | 4 +- .../blob-service/container/main.json | 21 +- .../storage-account/blob-service/main.json | 28 +- .../storage-account/file-service/main.json | 27 +- .../file-service/share/main.json | 18 +- .../storage-account/local-user/README.md | 59 +- .../storage-account/local-user/main.bicep | 33 +- .../storage-account/local-user/main.json | 83 +- avm/res/storage/storage-account/main.bicep | 70 +- avm/res/storage/storage-account/main.json | 917 +++++++++++------- .../management-policy/main.json | 4 +- .../storage-account/queue-service/main.json | 28 +- .../queue-service/queue/main.json | 14 +- .../storage-account/table-service/main.json | 28 +- .../table-service/table/main.json | 14 +- .../tests/e2e/max/main.test.bicep | 1 - .../tests/e2e/waf-aligned/main.test.bicep | 1 - 18 files changed, 931 insertions(+), 556 deletions(-) diff --git a/avm/res/storage/storage-account/README.md b/avm/res/storage/storage-account/README.md index bf133494b5..a89d996c3d 100644 --- a/avm/res/storage/storage-account/README.md +++ b/avm/res/storage/storage-account/README.md @@ -603,7 +603,6 @@ module storageAccount 'br/public:avm/res/storage/storage-account:' = { service: 'blob' } ] - storageAccountName: 'ssamax001' } ] location: '' @@ -1059,8 +1058,7 @@ module storageAccount 'br/public:avm/res/storage/storage-account:' = { "resourceName": "avdscripts", "service": "blob" } - ], - "storageAccountName": "ssamax001" + ] } ] }, @@ -1523,7 +1521,6 @@ param localUsers = [ service: 'blob' } ] - storageAccountName: 'ssamax001' } ] param location = '' @@ -2431,7 +2428,6 @@ module storageAccount 'br/public:avm/res/storage/storage-account:' = { service: 'blob' } ] - storageAccountName: 'ssawaf001' } ] location: '' @@ -2705,8 +2701,7 @@ module storageAccount 'br/public:avm/res/storage/storage-account:' = { "resourceName": "avdscripts", "service": "blob" } - ], - "storageAccountName": "ssawaf001" + ] } ] }, @@ -2983,7 +2978,6 @@ param localUsers = [ service: 'blob' } ] - storageAccountName: 'ssawaf001' } ] param location = '' @@ -3202,6 +3196,7 @@ Required if the Storage Account kind is set to BlobStorage. The access tier is u - Allowed: ```Bicep [ + 'Cold' 'Cool' 'Hot' 'Premium' @@ -3608,7 +3603,127 @@ Local users to deploy for SFTP authentication. - Required: No - Type: array -- Default: `[]` + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`hasSshKey`](#parameter-localusershassshkey) | bool | Indicates whether SSH key exists. Set it to false to remove existing SSH key. | +| [`hasSshPassword`](#parameter-localusershassshpassword) | bool | Indicates whether SSH password exists. Set it to false to remove existing SSH password. | +| [`name`](#parameter-localusersname) | string | The name of the local user used for SFTP Authentication. | +| [`permissionScopes`](#parameter-localuserspermissionscopes) | array | The permission scopes of the local user. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`hasSharedKey`](#parameter-localusershassharedkey) | bool | Indicates whether shared key exists. Set it to false to remove existing shared key. | +| [`homeDirectory`](#parameter-localusershomedirectory) | string | The local user home directory. | +| [`sshAuthorizedKeys`](#parameter-localuserssshauthorizedkeys) | array | The local user SSH authorized keys for SFTP. | + +### Parameter: `localUsers.hasSshKey` + +Indicates whether SSH key exists. Set it to false to remove existing SSH key. + +- Required: Yes +- Type: bool + +### Parameter: `localUsers.hasSshPassword` + +Indicates whether SSH password exists. Set it to false to remove existing SSH password. + +- Required: Yes +- Type: bool + +### Parameter: `localUsers.name` + +The name of the local user used for SFTP Authentication. + +- Required: Yes +- Type: string + +### Parameter: `localUsers.permissionScopes` + +The permission scopes of the local user. + +- Required: Yes +- Type: array + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`permissions`](#parameter-localuserspermissionscopespermissions) | string | The permissions for the local user. Possible values include: Read (r), Write (w), Delete (d), List (l), and Create (c). | +| [`resourceName`](#parameter-localuserspermissionscopesresourcename) | string | The name of resource, normally the container name or the file share name, used by the local user. | +| [`service`](#parameter-localuserspermissionscopesservice) | string | The service used by the local user, e.g. blob, file. | + +### Parameter: `localUsers.permissionScopes.permissions` + +The permissions for the local user. Possible values include: Read (r), Write (w), Delete (d), List (l), and Create (c). + +- Required: Yes +- Type: string + +### Parameter: `localUsers.permissionScopes.resourceName` + +The name of resource, normally the container name or the file share name, used by the local user. + +- Required: Yes +- Type: string + +### Parameter: `localUsers.permissionScopes.service` + +The service used by the local user, e.g. blob, file. + +- Required: Yes +- Type: string + +### Parameter: `localUsers.hasSharedKey` + +Indicates whether shared key exists. Set it to false to remove existing shared key. + +- Required: No +- Type: bool + +### Parameter: `localUsers.homeDirectory` + +The local user home directory. + +- Required: No +- Type: string + +### Parameter: `localUsers.sshAuthorizedKeys` + +The local user SSH authorized keys for SFTP. + +- Required: No +- Type: array + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`key`](#parameter-localuserssshauthorizedkeyskey) | securestring | SSH public key base64 encoded. The format should be: '{keyType} {keyData}', e.g. ssh-rsa AAAABBBB. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`description`](#parameter-localuserssshauthorizedkeysdescription) | string | Description used to store the function/usage of the key. | + +### Parameter: `localUsers.sshAuthorizedKeys.key` + +SSH public key base64 encoded. The format should be: '{keyType} {keyData}', e.g. ssh-rsa AAAABBBB. + +- Required: Yes +- Type: securestring + +### Parameter: `localUsers.sshAuthorizedKeys.description` + +Description used to store the function/usage of the key. + +- Required: No +- Type: string ### Parameter: `location` @@ -4109,7 +4224,7 @@ Array of role assignments to create. - `'Owner'` - `'Private DNS Zone Contributor'` - `'Reader'` - - `'Role Based Access Control Administrator (Preview)'` + - `'Role Based Access Control Administrator'` **Required parameters** @@ -4491,7 +4606,7 @@ This section gives you an overview of all local-referenced module files (i.e., o | Reference | Type | | :-- | :-- | -| `br/public:avm/res/network/private-endpoint:0.7.1` | Remote reference | +| `br/public:avm/res/network/private-endpoint:0.9.0` | Remote reference | | `br/public:avm/utl/types/avm-common-types:0.2.1` | Remote reference | | `br/public:avm/utl/types/avm-common-types:0.4.0` | Remote reference | diff --git a/avm/res/storage/storage-account/blob-service/container/immutability-policy/main.json b/avm/res/storage/storage-account/blob-service/container/immutability-policy/main.json index f5566a6be2..d2094a57af 100644 --- a/avm/res/storage/storage-account/blob-service/container/immutability-policy/main.json +++ b/avm/res/storage/storage-account/blob-service/container/immutability-policy/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.31.92.45157", - "templateHash": "377117240673904242" + "version": "0.32.4.45862", + "templateHash": "13544771409253577128" }, "name": "Storage Account Blob Container Immutability Policies", "description": "This module deploys a Storage Account Blob Container Immutability Policy.", diff --git a/avm/res/storage/storage-account/blob-service/container/main.json b/avm/res/storage/storage-account/blob-service/container/main.json index 49933a8a5e..760fba6594 100644 --- a/avm/res/storage/storage-account/blob-service/container/main.json +++ b/avm/res/storage/storage-account/blob-service/container/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.31.92.45157", - "templateHash": "13866122608356514480" + "version": "0.32.4.45862", + "templateHash": "8294501714202659478" }, "name": "Storage Account Blob Containers", "description": "This module deploys a Storage Account Blob Container.", @@ -218,10 +218,7 @@ "existing": true, "type": "Microsoft.Storage/storageAccounts/blobServices", "apiVersion": "2022-09-01", - "name": "[format('{0}/{1}', parameters('storageAccountName'), parameters('blobServiceName'))]", - "dependsOn": [ - "storageAccount" - ] + "name": "[format('{0}/{1}', parameters('storageAccountName'), parameters('blobServiceName'))]" }, "storageAccount": { "existing": true, @@ -241,10 +238,7 @@ "immutableStorageWithVersioning": "[if(equals(parameters('immutableStorageWithVersioningEnabled'), true()), createObject('enabled', parameters('immutableStorageWithVersioningEnabled')), null())]", "metadata": "[parameters('metadata')]", "publicAccess": "[parameters('publicAccess')]" - }, - "dependsOn": [ - "storageAccount::blobServices" - ] + } }, "container_roleAssignments": { "copy": { @@ -301,8 +295,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.31.92.45157", - "templateHash": "377117240673904242" + "version": "0.32.4.45862", + "templateHash": "13544771409253577128" }, "name": "Storage Account Blob Container Immutability Policies", "description": "This module deploys a Storage Account Blob Container Immutability Policy.", @@ -382,8 +376,7 @@ } }, "dependsOn": [ - "container", - "storageAccount" + "container" ] } }, diff --git a/avm/res/storage/storage-account/blob-service/main.json b/avm/res/storage/storage-account/blob-service/main.json index 36977044b5..71c57a51a4 100644 --- a/avm/res/storage/storage-account/blob-service/main.json +++ b/avm/res/storage/storage-account/blob-service/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.31.92.45157", - "templateHash": "13498928590492156888" + "version": "0.32.4.45862", + "templateHash": "17622492193190468017" }, "name": "Storage Account blob Services", "description": "This module deploys a Storage Account Blob Service.", @@ -412,8 +412,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.31.92.45157", - "templateHash": "13866122608356514480" + "version": "0.32.4.45862", + "templateHash": "8294501714202659478" }, "name": "Storage Account Blob Containers", "description": "This module deploys a Storage Account Blob Container.", @@ -625,10 +625,7 @@ "existing": true, "type": "Microsoft.Storage/storageAccounts/blobServices", "apiVersion": "2022-09-01", - "name": "[format('{0}/{1}', parameters('storageAccountName'), parameters('blobServiceName'))]", - "dependsOn": [ - "storageAccount" - ] + "name": "[format('{0}/{1}', parameters('storageAccountName'), parameters('blobServiceName'))]" }, "storageAccount": { "existing": true, @@ -648,10 +645,7 @@ "immutableStorageWithVersioning": "[if(equals(parameters('immutableStorageWithVersioningEnabled'), true()), createObject('enabled', parameters('immutableStorageWithVersioningEnabled')), null())]", "metadata": "[parameters('metadata')]", "publicAccess": "[parameters('publicAccess')]" - }, - "dependsOn": [ - "storageAccount::blobServices" - ] + } }, "container_roleAssignments": { "copy": { @@ -708,8 +702,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.31.92.45157", - "templateHash": "377117240673904242" + "version": "0.32.4.45862", + "templateHash": "13544771409253577128" }, "name": "Storage Account Blob Container Immutability Policies", "description": "This module deploys a Storage Account Blob Container Immutability Policy.", @@ -789,8 +783,7 @@ } }, "dependsOn": [ - "container", - "storageAccount" + "container" ] } }, @@ -820,8 +813,7 @@ } }, "dependsOn": [ - "blobServices", - "storageAccount" + "blobServices" ] } }, diff --git a/avm/res/storage/storage-account/file-service/main.json b/avm/res/storage/storage-account/file-service/main.json index 52ae62a8dd..a4a90b88b7 100644 --- a/avm/res/storage/storage-account/file-service/main.json +++ b/avm/res/storage/storage-account/file-service/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.31.92.45157", - "templateHash": "652717210213575792" + "version": "0.32.4.45862", + "templateHash": "16770140342047484752" }, "name": "Storage Account File Share Services", "description": "This module deploys a Storage Account File Share Service.", @@ -200,10 +200,7 @@ "properties": { "protocolSettings": "[parameters('protocolSettings')]", "shareDeleteRetentionPolicy": "[parameters('shareDeleteRetentionPolicy')]" - }, - "dependsOn": [ - "storageAccount" - ] + } }, "fileServices_diagnosticSettings": { "copy": { @@ -292,8 +289,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.31.92.45157", - "templateHash": "647440482037193710" + "version": "0.32.4.45862", + "templateHash": "14754019327939013287" }, "name": "Storage Account File Shares", "description": "This module deploys a Storage Account File Share.", @@ -456,10 +453,7 @@ "existing": true, "type": "Microsoft.Storage/storageAccounts/fileServices", "apiVersion": "2023-04-01", - "name": "[format('{0}/{1}', parameters('storageAccountName'), parameters('fileServicesName'))]", - "dependsOn": [ - "storageAccount" - ] + "name": "[format('{0}/{1}', parameters('storageAccountName'), parameters('fileServicesName'))]" }, "storageAccount": { "existing": true, @@ -476,10 +470,7 @@ "shareQuota": "[parameters('shareQuota')]", "rootSquash": "[if(equals(parameters('enabledProtocols'), 'NFS'), parameters('rootSquash'), null())]", "enabledProtocols": "[parameters('enabledProtocols')]" - }, - "dependsOn": [ - "storageAccount::fileService" - ] + } }, "fileShare_roleAssignments": { "condition": "[not(empty(parameters('roleAssignments')))]", @@ -505,8 +496,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.31.92.45157", - "templateHash": "9505259635631318962" + "version": "0.32.4.45862", + "templateHash": "15649989472241817249" } }, "parameters": { diff --git a/avm/res/storage/storage-account/file-service/share/main.json b/avm/res/storage/storage-account/file-service/share/main.json index 3c19d320cb..1d6c04141d 100644 --- a/avm/res/storage/storage-account/file-service/share/main.json +++ b/avm/res/storage/storage-account/file-service/share/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.31.92.45157", - "templateHash": "647440482037193710" + "version": "0.32.4.45862", + "templateHash": "14754019327939013287" }, "name": "Storage Account File Shares", "description": "This module deploys a Storage Account File Share.", @@ -169,10 +169,7 @@ "existing": true, "type": "Microsoft.Storage/storageAccounts/fileServices", "apiVersion": "2023-04-01", - "name": "[format('{0}/{1}', parameters('storageAccountName'), parameters('fileServicesName'))]", - "dependsOn": [ - "storageAccount" - ] + "name": "[format('{0}/{1}', parameters('storageAccountName'), parameters('fileServicesName'))]" }, "storageAccount": { "existing": true, @@ -189,10 +186,7 @@ "shareQuota": "[parameters('shareQuota')]", "rootSquash": "[if(equals(parameters('enabledProtocols'), 'NFS'), parameters('rootSquash'), null())]", "enabledProtocols": "[parameters('enabledProtocols')]" - }, - "dependsOn": [ - "storageAccount::fileService" - ] + } }, "fileShare_roleAssignments": { "condition": "[not(empty(parameters('roleAssignments')))]", @@ -218,8 +212,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.31.92.45157", - "templateHash": "9505259635631318962" + "version": "0.32.4.45862", + "templateHash": "15649989472241817249" } }, "parameters": { diff --git a/avm/res/storage/storage-account/local-user/README.md b/avm/res/storage/storage-account/local-user/README.md index b311040c23..31246477de 100644 --- a/avm/res/storage/storage-account/local-user/README.md +++ b/avm/res/storage/storage-account/local-user/README.md @@ -37,7 +37,7 @@ This module deploys a Storage Account Local User, which is used for SFTP authent | :-- | :-- | :-- | | [`hasSharedKey`](#parameter-hassharedkey) | bool | Indicates whether shared key exists. Set it to false to remove existing shared key. | | [`homeDirectory`](#parameter-homedirectory) | string | The local user home directory. | -| [`sshAuthorizedKeys`](#parameter-sshauthorizedkeys) | secureObject | The local user SSH authorized keys for SFTP. | +| [`sshAuthorizedKeys`](#parameter-sshauthorizedkeys) | array | The local user SSH authorized keys for SFTP. | ### Parameter: `hasSshKey` @@ -67,6 +67,35 @@ The permission scopes of the local user. - Required: Yes - Type: array +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`permissions`](#parameter-permissionscopespermissions) | string | The permissions for the local user. Possible values include: Read (r), Write (w), Delete (d), List (l), and Create (c). | +| [`resourceName`](#parameter-permissionscopesresourcename) | string | The name of resource, normally the container name or the file share name, used by the local user. | +| [`service`](#parameter-permissionscopesservice) | string | The service used by the local user, e.g. blob, file. | + +### Parameter: `permissionScopes.permissions` + +The permissions for the local user. Possible values include: Read (r), Write (w), Delete (d), List (l), and Create (c). + +- Required: Yes +- Type: string + +### Parameter: `permissionScopes.resourceName` + +The name of resource, normally the container name or the file share name, used by the local user. + +- Required: Yes +- Type: string + +### Parameter: `permissionScopes.service` + +The service used by the local user, e.g. blob, file. + +- Required: Yes +- Type: string + ### Parameter: `storageAccountName` The name of the parent Storage Account. Required if the template is used in a standalone deployment. @@ -95,7 +124,33 @@ The local user home directory. The local user SSH authorized keys for SFTP. - Required: No -- Type: secureObject +- Type: array + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`key`](#parameter-sshauthorizedkeyskey) | securestring | SSH public key base64 encoded. The format should be: '{keyType} {keyData}', e.g. ssh-rsa AAAABBBB. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`description`](#parameter-sshauthorizedkeysdescription) | string | Description used to store the function/usage of the key. | + +### Parameter: `sshAuthorizedKeys.key` + +SSH public key base64 encoded. The format should be: '{keyType} {keyData}', e.g. ssh-rsa AAAABBBB. + +- Required: Yes +- Type: securestring + +### Parameter: `sshAuthorizedKeys.description` + +Description used to store the function/usage of the key. + +- Required: No +- Type: string ## Outputs diff --git a/avm/res/storage/storage-account/local-user/main.bicep b/avm/res/storage/storage-account/local-user/main.bicep index 95dab99998..6fc7809cb4 100644 --- a/avm/res/storage/storage-account/local-user/main.bicep +++ b/avm/res/storage/storage-account/local-user/main.bicep @@ -22,10 +22,10 @@ param hasSshPassword bool param homeDirectory string = '' @description('Required. The permission scopes of the local user.') -param permissionScopes array +param permissionScopes permissionScopeType[] @description('Optional. The local user SSH authorized keys for SFTP.') -param sshAuthorizedKeys sshAuthorizedKeysType? +param sshAuthorizedKeys sshAuthorizedKeyType[]? resource storageAccount 'Microsoft.Storage/storageAccounts@2023-04-01' existing = { name: storageAccountName @@ -40,7 +40,7 @@ resource localUsers 'Microsoft.Storage/storageAccounts/localUsers@2023-04-01' = hasSshPassword: hasSshPassword homeDirectory: homeDirectory permissionScopes: permissionScopes - sshAuthorizedKeys: sshAuthorizedKeys.?secureList + sshAuthorizedKeys: sshAuthorizedKeys } } @@ -56,15 +56,24 @@ output resourceId string = localUsers.id // =============== // // Definitions // // =============== // +@export() +type sshAuthorizedKeyType = { + @description('Optional. Description used to store the function/usage of the key.') + description: string? + + @secure() + @description('Required. SSH public key base64 encoded. The format should be: \'{keyType} {keyData}\', e.g. ssh-rsa AAAABBBB.') + key: string +} + +@export() +type permissionScopeType = { + @description('Required. The permissions for the local user. Possible values include: Read (r), Write (w), Delete (d), List (l), and Create (c).') + permissions: string -@secure() -type sshAuthorizedKeysType = { - @description('Optional. The list of SSH authorized keys.') - secureList: { - @description('Optional. Description used to store the function/usage of the key.') - description: string? + @description('Required. The name of resource, normally the container name or the file share name, used by the local user.') + resourceName: string - @description('Required. SSH public key base64 encoded. The format should be: \'{keyType} {keyData}\', e.g. ssh-rsa AAAABBBB.') - key: string - }[] + @description('Required. The service used by the local user, e.g. blob, file.') + service: string } diff --git a/avm/res/storage/storage-account/local-user/main.json b/avm/res/storage/storage-account/local-user/main.json index 7c9a47658a..8f331208d0 100644 --- a/avm/res/storage/storage-account/local-user/main.json +++ b/avm/res/storage/storage-account/local-user/main.json @@ -5,41 +5,59 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.31.92.45157", - "templateHash": "13871524692494146314" + "version": "0.32.4.45862", + "templateHash": "10324618530995904011" }, "name": "Storage Account Local Users", "description": "This module deploys a Storage Account Local User, which is used for SFTP authentication.", "owner": "Azure/module-maintainers" }, "definitions": { - "sshAuthorizedKeysType": { - "type": "secureObject", + "sshAuthorizedKeyType": { + "type": "object", "properties": { - "secureList": { - "type": "array", - "items": { - "type": "object", - "properties": { - "description": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. Description used to store the function/usage of the key." - } - }, - "key": { - "type": "string", - "metadata": { - "description": "Required. SSH public key base64 encoded. The format should be: '{keyType} {keyData}', e.g. ssh-rsa AAAABBBB." - } - } - } - }, + "description": { + "type": "string", + "nullable": true, "metadata": { - "description": "Optional. The list of SSH authorized keys." + "description": "Optional. Description used to store the function/usage of the key." + } + }, + "key": { + "type": "securestring", + "metadata": { + "description": "Required. SSH public key base64 encoded. The format should be: '{keyType} {keyData}', e.g. ssh-rsa AAAABBBB." } } + }, + "metadata": { + "__bicep_export!": true + } + }, + "permissionScopeType": { + "type": "object", + "properties": { + "permissions": { + "type": "string", + "metadata": { + "description": "Required. The permissions for the local user. Possible values include: Read (r), Write (w), Delete (d), List (l), and Create (c)." + } + }, + "resourceName": { + "type": "string", + "metadata": { + "description": "Required. The name of resource, normally the container name or the file share name, used by the local user." + } + }, + "service": { + "type": "string", + "metadata": { + "description": "Required. The service used by the local user, e.g. blob, file." + } + } + }, + "metadata": { + "__bicep_export!": true } } }, @@ -85,12 +103,18 @@ }, "permissionScopes": { "type": "array", + "items": { + "$ref": "#/definitions/permissionScopeType" + }, "metadata": { "description": "Required. The permission scopes of the local user." } }, "sshAuthorizedKeys": { - "$ref": "#/definitions/sshAuthorizedKeysType", + "type": "array", + "items": { + "$ref": "#/definitions/sshAuthorizedKeyType" + }, "nullable": true, "metadata": { "description": "Optional. The local user SSH authorized keys for SFTP." @@ -114,11 +138,8 @@ "hasSshPassword": "[parameters('hasSshPassword')]", "homeDirectory": "[parameters('homeDirectory')]", "permissionScopes": "[parameters('permissionScopes')]", - "sshAuthorizedKeys": "[tryGet(parameters('sshAuthorizedKeys'), 'secureList')]" - }, - "dependsOn": [ - "storageAccount" - ] + "sshAuthorizedKeys": "[parameters('sshAuthorizedKeys')]" + } } }, "outputs": { diff --git a/avm/res/storage/storage-account/main.bicep b/avm/res/storage/storage-account/main.bicep index 9606338046..8451427c1b 100644 --- a/avm/res/storage/storage-account/main.bicep +++ b/avm/res/storage/storage-account/main.bicep @@ -44,6 +44,7 @@ param skuName string = 'Standard_GRS' 'Premium' 'Hot' 'Cool' + 'Cold' ]) @description('Conditional. Required if the Storage Account kind is set to BlobStorage. The access tier is used for billing. The "Premium" access tier is the default value for premium block blobs storage account type and it cannot be changed for the premium block blobs storage account type.') param accessTier string = 'Hot' @@ -130,7 +131,7 @@ param enableHierarchicalNamespace bool = false param enableSftp bool = false @description('Optional. Local users to deploy for SFTP authentication.') -param localUsers array = [] +param localUsers localUserType[]? @description('Optional. Enables local users feature, if set to true.') param isLocalUserEnabled bool = false @@ -499,7 +500,7 @@ resource storageAccount_roleAssignments 'Microsoft.Authorization/roleAssignments } ] -module storageAccount_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.7.1' = [ +module storageAccount_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.9.0' = [ for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-storageAccount-PrivateEndpoint-${index}' scope: resourceGroup(privateEndpoint.?resourceGroupName ?? '') @@ -565,7 +566,7 @@ module storageAccount_managementPolicies 'management-policy/main.bicep' = if (!e // SFTP user settings module storageAccount_localUsers 'local-user/main.bicep' = [ - for (localUser, index) in localUsers: { + for (localUser, index) in (localUsers ?? []): { name: '${uniqueString(deployment().name, location)}-Storage-LocalUsers-${index}' params: { storageAccountName: storageAccount.name @@ -707,13 +708,13 @@ output location string = storageAccount.location output serviceEndpoints object = storageAccount.properties.primaryEndpoints @description('The private endpoints of the Storage Account.') -output privateEndpoints array = [ - for (pe, i) in (!empty(privateEndpoints) ? array(privateEndpoints) : []): { - name: storageAccount_privateEndpoints[i].outputs.name - resourceId: storageAccount_privateEndpoints[i].outputs.resourceId - groupId: storageAccount_privateEndpoints[i].outputs.groupId - customDnsConfig: storageAccount_privateEndpoints[i].outputs.customDnsConfig - networkInterfaceIds: storageAccount_privateEndpoints[i].outputs.networkInterfaceIds +output privateEndpoints privateEndpointOutputType[] = [ + for (item, index) in (privateEndpoints ?? []): { + name: storageAccount_privateEndpoints[index].outputs.name + resourceId: storageAccount_privateEndpoints[index].outputs.resourceId + groupId: storageAccount_privateEndpoints[index].outputs.groupId + customDnsConfigs: storageAccount_privateEndpoints[index].outputs.customDnsConfig + networkInterfaceResourceIds: storageAccount_privateEndpoints[index].outputs.networkInterfaceResourceIds } ] @@ -727,6 +728,30 @@ output exportedSecrets secretsOutputType = (secretsExportConfiguration != null) // Definitions // // =============== // +@export() +type privateEndpointOutputType = { + @description('The name of the private endpoint.') + name: string + + @description('The resource ID of the private endpoint.') + resourceId: string + + @description('The group Id for the private endpoint Group.') + groupId: string? + + @description('The custom DNS configurations of the private endpoint.') + customDnsConfigs: { + @description('FQDN that resolves to private endpoint IP address.') + fqdn: string? + + @description('A list of private IP addresses of the private endpoint.') + ipAddresses: string[] + }[] + + @description('The IDs of the network interfaces associated with the private endpoint.') + networkInterfaceResourceIds: string[] +} + @export() type networkAclsType = { @description('Optional. Sets the resource access rules. Array entries must consist of "tenantId" and "resourceId" fields only.') @@ -776,3 +801,28 @@ type secretsExportConfigurationType = { @description('Optional. The connectionString2 secret name to create.') connectionString2: string? } + +import { sshAuthorizedKeyType, permissionScopeType } from 'local-user/main.bicep' +@export() +type localUserType = { + @description('Required. The name of the local user used for SFTP Authentication.') + name: string + + @description('Optional. Indicates whether shared key exists. Set it to false to remove existing shared key.') + hasSharedKey: bool? + + @description('Required. Indicates whether SSH key exists. Set it to false to remove existing SSH key.') + hasSshKey: bool + + @description('Required. Indicates whether SSH password exists. Set it to false to remove existing SSH password.') + hasSshPassword: bool + + @description('Optional. The local user home directory.') + homeDirectory: string? + + @description('Required. The permission scopes of the local user.') + permissionScopes: permissionScopeType[] + + @description('Optional. The local user SSH authorized keys for SFTP.') + sshAuthorizedKeys: sshAuthorizedKeyType[]? +} diff --git a/avm/res/storage/storage-account/main.json b/avm/res/storage/storage-account/main.json index 226ead349d..c1e2b45623 100644 --- a/avm/res/storage/storage-account/main.json +++ b/avm/res/storage/storage-account/main.json @@ -5,14 +5,77 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.31.92.45157", - "templateHash": "16204410426980964213" + "version": "0.32.4.45862", + "templateHash": "7321024759975852947" }, "name": "Storage Accounts", "description": "This module deploys a Storage Account.", "owner": "Azure/module-maintainers" }, "definitions": { + "privateEndpointOutputType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "The name of the private endpoint." + } + }, + "resourceId": { + "type": "string", + "metadata": { + "description": "The resource ID of the private endpoint." + } + }, + "groupId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "The group Id for the private endpoint Group." + } + }, + "customDnsConfigs": { + "type": "array", + "items": { + "type": "object", + "properties": { + "fqdn": { + "type": "string", + "nullable": true, + "metadata": { + "description": "FQDN that resolves to private endpoint IP address." + } + }, + "ipAddresses": { + "type": "array", + "items": { + "type": "string" + }, + "metadata": { + "description": "A list of private IP addresses of the private endpoint." + } + } + } + }, + "metadata": { + "description": "The custom DNS configurations of the private endpoint." + } + }, + "networkInterfaceResourceIds": { + "type": "array", + "items": { + "type": "string" + }, + "metadata": { + "description": "The IDs of the network interfaces associated with the private endpoint." + } + } + }, + "metadata": { + "__bicep_export!": true + } + }, "networkAclsType": { "type": "object", "properties": { @@ -129,6 +192,65 @@ "__bicep_export!": true } }, + "localUserType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the local user used for SFTP Authentication." + } + }, + "hasSharedKey": { + "type": "bool", + "nullable": true, + "metadata": { + "description": "Optional. Indicates whether shared key exists. Set it to false to remove existing shared key." + } + }, + "hasSshKey": { + "type": "bool", + "metadata": { + "description": "Required. Indicates whether SSH key exists. Set it to false to remove existing SSH key." + } + }, + "hasSshPassword": { + "type": "bool", + "metadata": { + "description": "Required. Indicates whether SSH password exists. Set it to false to remove existing SSH password." + } + }, + "homeDirectory": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The local user home directory." + } + }, + "permissionScopes": { + "type": "array", + "items": { + "$ref": "#/definitions/permissionScopeType" + }, + "metadata": { + "description": "Required. The permission scopes of the local user." + } + }, + "sshAuthorizedKeys": { + "type": "array", + "items": { + "$ref": "#/definitions/sshAuthorizedKeyType" + }, + "nullable": true, + "metadata": { + "description": "Optional. The local user SSH authorized keys for SFTP." + } + } + }, + "metadata": { + "__bicep_export!": true + } + }, "_1.secretSetOutputType": { "type": "object", "properties": { @@ -491,6 +613,34 @@ } } }, + "permissionScopeType": { + "type": "object", + "properties": { + "permissions": { + "type": "string", + "metadata": { + "description": "Required. The permissions for the local user. Possible values include: Read (r), Write (w), Delete (d), List (l), and Create (c)." + } + }, + "resourceName": { + "type": "string", + "metadata": { + "description": "Required. The name of resource, normally the container name or the file share name, used by the local user." + } + }, + "service": { + "type": "string", + "metadata": { + "description": "Required. The service used by the local user, e.g. blob, file." + } + } + }, + "metadata": { + "__bicep_imported_from!": { + "sourceTemplate": "local-user/main.bicep" + } + } + }, "privateEndpointMultiServiceType": { "type": "object", "properties": { @@ -722,6 +872,29 @@ "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.2.1" } } + }, + "sshAuthorizedKeyType": { + "type": "object", + "properties": { + "description": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Description used to store the function/usage of the key." + } + }, + "key": { + "type": "securestring", + "metadata": { + "description": "Required. SSH public key base64 encoded. The format should be: '{keyType} {keyData}', e.g. ssh-rsa AAAABBBB." + } + } + }, + "metadata": { + "__bicep_imported_from!": { + "sourceTemplate": "local-user/main.bicep" + } + } } }, "parameters": { @@ -793,7 +966,8 @@ "allowedValues": [ "Premium", "Hot", - "Cool" + "Cool", + "Cold" ], "metadata": { "description": "Conditional. Required if the Storage Account kind is set to BlobStorage. The access tier is used for billing. The \"Premium\" access tier is the default value for premium block blobs storage account type and it cannot be changed for the premium block blobs storage account type." @@ -957,7 +1131,10 @@ }, "localUsers": { "type": "array", - "defaultValue": [], + "items": { + "$ref": "#/definitions/localUserType" + }, + "nullable": true, "metadata": { "description": "Optional. Local users to deploy for SFTP authentication." } @@ -1118,10 +1295,7 @@ "apiVersion": "2023-02-01", "subscriptionId": "[split(coalesce(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId'), '//'), '/')[2]]", "resourceGroup": "[split(coalesce(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId'), '////'), '/')[4]]", - "name": "[format('{0}/{1}', last(split(coalesce(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId'), 'dummyVault'), '/')), coalesce(tryGet(parameters('customerManagedKey'), 'keyName'), 'dummyKey'))]", - "dependsOn": [ - "cMKKeyVault" - ] + "name": "[format('{0}/{1}', last(split(coalesce(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId'), 'dummyVault'), '/')), coalesce(tryGet(parameters('customerManagedKey'), 'keyName'), 'dummyKey'))]" }, "avmTelemetry": { "condition": "[parameters('enableTelemetry')]", @@ -1198,8 +1372,8 @@ "azureFilesIdentityBasedAuthentication": "[if(not(empty(parameters('azureFilesIdentityBasedAuthentication'))), parameters('azureFilesIdentityBasedAuthentication'), null())]" }, "dependsOn": [ - "cMKKeyVault", - "cMKUserAssignedIdentity" + "cMKKeyVault::cMKKey", + "cMKKeyVault" ] }, "storageAccount_diagnosticSettings": { @@ -1331,8 +1505,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.29.47.4906", - "templateHash": "1277254088602407590" + "version": "0.30.23.60470", + "templateHash": "6724714132049298262" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", @@ -1358,259 +1532,192 @@ "description": "Required. The private DNS zone groups to associate the private endpoint. A DNS zone group can support up to 5 DNS zones." } } - } - }, - "roleAssignmentType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The name (as GUID) of the role assignment. If not provided, a GUID will be generated." - } - }, - "roleDefinitionIdOrName": { - "type": "string", - "metadata": { - "description": "Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." - } - }, - "principalId": { - "type": "string", - "metadata": { - "description": "Required. The principal ID of the principal (user/group/identity) to assign the role to." - } - }, - "principalType": { - "type": "string", - "allowedValues": [ - "Device", - "ForeignGroup", - "Group", - "ServicePrincipal", - "User" - ], - "nullable": true, - "metadata": { - "description": "Optional. The principal type of the assigned principal ID." - } - }, - "description": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The description of the role assignment." - } - }, - "condition": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." - } - }, - "conditionVersion": { - "type": "string", - "allowedValues": [ - "2.0" - ], - "nullable": true, - "metadata": { - "description": "Optional. Version of the condition." - } - }, - "delegatedManagedIdentityResourceId": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The Resource Id of the delegated managed identity resource." - } - } - } }, - "nullable": true + "metadata": { + "__bicep_export!": true + } }, - "lockType": { + "ipConfigurationType": { "type": "object", "properties": { "name": { "type": "string", - "nullable": true, "metadata": { - "description": "Optional. Specify the name of lock." + "description": "Required. The name of the resource that is unique within a resource group." } }, - "kind": { - "type": "string", - "allowedValues": [ - "CanNotDelete", - "None", - "ReadOnly" - ], - "nullable": true, - "metadata": { - "description": "Optional. Specify the type of lock." - } - } - }, - "nullable": true - }, - "ipConfigurationsType": { - "type": "array", - "items": { - "type": "object", "properties": { - "name": { - "type": "string", - "metadata": { - "description": "Required. The name of the resource that is unique within a resource group." - } - }, + "type": "object", "properties": { - "type": "object", - "properties": { - "groupId": { - "type": "string", - "metadata": { - "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. If used with private link service connection, this property must be defined as empty string." - } - }, - "memberName": { - "type": "string", - "metadata": { - "description": "Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. If used with private link service connection, this property must be defined as empty string." - } - }, - "privateIPAddress": { - "type": "string", - "metadata": { - "description": "Required. A private IP address obtained from the private endpoint's subnet." - } + "groupId": { + "type": "string", + "metadata": { + "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. If used with private link service connection, this property must be defined as empty string." } }, - "metadata": { - "description": "Required. Properties of private endpoint IP configurations." + "memberName": { + "type": "string", + "metadata": { + "description": "Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. If used with private link service connection, this property must be defined as empty string." + } + }, + "privateIPAddress": { + "type": "string", + "metadata": { + "description": "Required. A private IP address obtained from the private endpoint's subnet." + } } + }, + "metadata": { + "description": "Required. Properties of private endpoint IP configurations." } } }, - "nullable": true + "metadata": { + "__bicep_export!": true + } }, - "manualPrivateLinkServiceConnectionsType": { - "type": "array", - "items": { - "type": "object", + "manualPrivateLinkServiceConnectionType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the private link service connection." + } + }, "properties": { - "name": { - "type": "string", - "metadata": { - "description": "Required. The name of the private link service connection." - } - }, + "type": "object", "properties": { - "type": "object", - "properties": { - "groupIds": { - "type": "array", - "items": { - "type": "string" - }, - "metadata": { - "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. If used with private link service connection, this property must be defined as empty string array `[]`." - } - }, - "privateLinkServiceId": { - "type": "string", - "metadata": { - "description": "Required. The resource id of private link service." - } + "groupIds": { + "type": "array", + "items": { + "type": "string" }, - "requestMessage": { - "type": "string", - "metadata": { - "description": "Optional. A message passed to the owner of the remote resource with this connection request. Restricted to 140 chars." - } + "metadata": { + "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. If used with private link service connection, this property must be defined as empty string array `[]`." } }, - "metadata": { - "description": "Required. Properties of private link service connection." + "privateLinkServiceId": { + "type": "string", + "metadata": { + "description": "Required. The resource id of private link service." + } + }, + "requestMessage": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. A message passed to the owner of the remote resource with this connection request. Restricted to 140 chars." + } } + }, + "metadata": { + "description": "Required. Properties of private link service connection." } } }, - "nullable": true + "metadata": { + "__bicep_export!": true + } }, - "privateLinkServiceConnectionsType": { - "type": "array", - "items": { - "type": "object", + "privateLinkServiceConnectionType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "metadata": { + "description": "Required. The name of the private link service connection." + } + }, "properties": { - "name": { - "type": "string", - "metadata": { - "description": "Required. The name of the private link service connection." - } - }, + "type": "object", "properties": { - "type": "object", - "properties": { - "groupIds": { - "type": "array", - "items": { - "type": "string" - }, - "metadata": { - "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. If used with private link service connection, this property must be defined as empty string array `[]`." - } - }, - "privateLinkServiceId": { - "type": "string", - "metadata": { - "description": "Required. The resource id of private link service." - } + "groupIds": { + "type": "array", + "items": { + "type": "string" }, - "requestMessage": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. A message passed to the owner of the remote resource with this connection request. Restricted to 140 chars." - } + "metadata": { + "description": "Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. If used with private link service connection, this property must be defined as empty string array `[]`." } }, - "metadata": { - "description": "Required. Properties of private link service connection." + "privateLinkServiceId": { + "type": "string", + "metadata": { + "description": "Required. The resource id of private link service." + } + }, + "requestMessage": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. A message passed to the owner of the remote resource with this connection request. Restricted to 140 chars." + } } + }, + "metadata": { + "description": "Required. Properties of private link service connection." } } }, - "nullable": true + "metadata": { + "__bicep_export!": true + } }, "customDnsConfigType": { - "type": "array", - "items": { - "type": "object", - "properties": { - "fqdn": { - "type": "string", - "metadata": { - "description": "Required. Fqdn that resolves to private endpoint IP address." - } + "type": "object", + "properties": { + "fqdn": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. FQDN that resolves to private endpoint IP address." + } + }, + "ipAddresses": { + "type": "array", + "items": { + "type": "string" }, - "ipAddresses": { - "type": "array", - "items": { - "type": "string" - }, - "metadata": { - "description": "Required. A list of private IP addresses of the private endpoint." - } + "metadata": { + "description": "Required. A list of private IP addresses of the private endpoint." + } + } + }, + "metadata": { + "__bicep_export!": true + } + }, + "lockType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Specify the name of lock." + } + }, + "kind": { + "type": "string", + "allowedValues": [ + "CanNotDelete", + "None", + "ReadOnly" + ], + "nullable": true, + "metadata": { + "description": "Optional. Specify the type of lock." } } }, - "nullable": true + "metadata": { + "description": "An AVM-aligned type for a lock.", + "__bicep_imported_from!": { + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.2.1" + } + } }, "privateDnsZoneGroupConfigType": { "type": "object", @@ -1634,6 +1741,81 @@ "sourceTemplate": "private-dns-zone-group/main.bicep" } } + }, + "roleAssignmentType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name (as GUID) of the role assignment. If not provided, a GUID will be generated." + } + }, + "roleDefinitionIdOrName": { + "type": "string", + "metadata": { + "description": "Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'." + } + }, + "principalId": { + "type": "string", + "metadata": { + "description": "Required. The principal ID of the principal (user/group/identity) to assign the role to." + } + }, + "principalType": { + "type": "string", + "allowedValues": [ + "Device", + "ForeignGroup", + "Group", + "ServicePrincipal", + "User" + ], + "nullable": true, + "metadata": { + "description": "Optional. The principal type of the assigned principal ID." + } + }, + "description": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The description of the role assignment." + } + }, + "condition": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase \"foo_storage_container\"." + } + }, + "conditionVersion": { + "type": "string", + "allowedValues": [ + "2.0" + ], + "nullable": true, + "metadata": { + "description": "Optional. Version of the condition." + } + }, + "delegatedManagedIdentityResourceId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The Resource Id of the delegated managed identity resource." + } + } + }, + "metadata": { + "description": "An AVM-aligned type for a role assignment.", + "__bicep_imported_from!": { + "sourceTemplate": "br:mcr.microsoft.com/bicep/avm/utl/types/avm-common-types:0.2.1" + } + } } }, "parameters": { @@ -1651,6 +1833,9 @@ }, "applicationSecurityGroupResourceIds": { "type": "array", + "items": { + "type": "string" + }, "nullable": true, "metadata": { "description": "Optional. Application security groups in which the private endpoint IP configuration is included." @@ -1664,7 +1849,11 @@ } }, "ipConfigurations": { - "$ref": "#/definitions/ipConfigurationsType", + "type": "array", + "items": { + "$ref": "#/definitions/ipConfigurationType" + }, + "nullable": true, "metadata": { "description": "Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints." } @@ -1685,12 +1874,17 @@ }, "lock": { "$ref": "#/definitions/lockType", + "nullable": true, "metadata": { "description": "Optional. The lock settings of the service." } }, "roleAssignments": { - "$ref": "#/definitions/roleAssignmentType", + "type": "array", + "items": { + "$ref": "#/definitions/roleAssignmentType" + }, + "nullable": true, "metadata": { "description": "Optional. Array of role assignments to create." } @@ -1703,19 +1897,31 @@ } }, "customDnsConfigs": { - "$ref": "#/definitions/customDnsConfigType", + "type": "array", + "items": { + "$ref": "#/definitions/customDnsConfigType" + }, + "nullable": true, "metadata": { "description": "Optional. Custom DNS configurations." } }, "manualPrivateLinkServiceConnections": { - "$ref": "#/definitions/manualPrivateLinkServiceConnectionsType", + "type": "array", + "items": { + "$ref": "#/definitions/manualPrivateLinkServiceConnectionType" + }, + "nullable": true, "metadata": { "description": "Optional. A grouping of information about the connection to the remote resource. Used when the network admin does not have access to approve connections to the remote resource." } }, "privateLinkServiceConnections": { - "$ref": "#/definitions/privateLinkServiceConnectionsType", + "type": "array", + "items": { + "$ref": "#/definitions/privateLinkServiceConnectionType" + }, + "nullable": true, "metadata": { "description": "Optional. A grouping of information about the connection to the remote resource." } @@ -1746,7 +1952,7 @@ "Owner": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635')]", "Private DNS Zone Contributor": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f')]", "Reader": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7')]", - "Role Based Access Control Administrator (Preview)": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]" + "Role Based Access Control Administrator": "[subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'f58310d9-a9f6-439a-9e8d-f62e7b41a168')]" } }, "resources": { @@ -1754,7 +1960,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.7.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.9.0', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -1860,8 +2066,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.29.47.4906", - "templateHash": "5805178546717255803" + "version": "0.30.23.60470", + "templateHash": "12329174801198479603" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", @@ -2009,25 +2215,32 @@ "value": "[reference('privateEndpoint', '2023-11-01', 'full').location]" }, "customDnsConfig": { - "$ref": "#/definitions/customDnsConfigType", + "type": "array", + "items": { + "$ref": "#/definitions/customDnsConfigType" + }, "metadata": { "description": "The custom DNS configurations of the private endpoint." }, "value": "[reference('privateEndpoint').customDnsConfigs]" }, - "networkInterfaceIds": { + "networkInterfaceResourceIds": { "type": "array", + "items": { + "type": "string" + }, "metadata": { - "description": "The IDs of the network interfaces associated with the private endpoint." + "description": "The resource IDs of the network interfaces associated with the private endpoint." }, - "value": "[reference('privateEndpoint').networkInterfaces]" + "value": "[map(reference('privateEndpoint').networkInterfaces, lambda('nic', lambdaVariables('nic').id))]" }, "groupId": { "type": "string", + "nullable": true, "metadata": { "description": "The group Id for the private endpoint Group." }, - "value": "[if(and(not(empty(reference('privateEndpoint').manualPrivateLinkServiceConnections)), greater(length(tryGet(reference('privateEndpoint').manualPrivateLinkServiceConnections[0].properties, 'groupIds')), 0)), coalesce(tryGet(reference('privateEndpoint').manualPrivateLinkServiceConnections[0].properties, 'groupIds', 0), ''), if(and(not(empty(reference('privateEndpoint').privateLinkServiceConnections)), greater(length(tryGet(reference('privateEndpoint').privateLinkServiceConnections[0].properties, 'groupIds')), 0)), coalesce(tryGet(reference('privateEndpoint').privateLinkServiceConnections[0].properties, 'groupIds', 0), ''), ''))]" + "value": "[coalesce(tryGet(tryGet(tryGet(tryGet(reference('privateEndpoint'), 'manualPrivateLinkServiceConnections'), 0, 'properties'), 'groupIds'), 0), tryGet(tryGet(tryGet(tryGet(reference('privateEndpoint'), 'privateLinkServiceConnections'), 0, 'properties'), 'groupIds'), 0))]" } } } @@ -2060,8 +2273,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.31.92.45157", - "templateHash": "4758818286358106448" + "version": "0.32.4.45862", + "templateHash": "13043152240974749163" }, "name": "Storage Account Management Policies", "description": "This module deploys a Storage Account Management Policy.", @@ -2127,7 +2340,7 @@ "storageAccount_localUsers": { "copy": { "name": "storageAccount_localUsers", - "count": "[length(parameters('localUsers'))]" + "count": "[length(coalesce(parameters('localUsers'), createArray()))]" }, "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", @@ -2142,25 +2355,25 @@ "value": "[parameters('name')]" }, "name": { - "value": "[parameters('localUsers')[copyIndex()].name]" + "value": "[coalesce(parameters('localUsers'), createArray())[copyIndex()].name]" }, "hasSshKey": { - "value": "[parameters('localUsers')[copyIndex()].hasSshKey]" + "value": "[coalesce(parameters('localUsers'), createArray())[copyIndex()].hasSshKey]" }, "hasSshPassword": { - "value": "[parameters('localUsers')[copyIndex()].hasSshPassword]" + "value": "[coalesce(parameters('localUsers'), createArray())[copyIndex()].hasSshPassword]" }, "permissionScopes": { - "value": "[parameters('localUsers')[copyIndex()].permissionScopes]" + "value": "[coalesce(parameters('localUsers'), createArray())[copyIndex()].permissionScopes]" }, "hasSharedKey": { - "value": "[tryGet(parameters('localUsers')[copyIndex()], 'hasSharedKey')]" + "value": "[tryGet(coalesce(parameters('localUsers'), createArray())[copyIndex()], 'hasSharedKey')]" }, "homeDirectory": { - "value": "[tryGet(parameters('localUsers')[copyIndex()], 'homeDirectory')]" + "value": "[tryGet(coalesce(parameters('localUsers'), createArray())[copyIndex()], 'homeDirectory')]" }, "sshAuthorizedKeys": { - "value": "[tryGet(parameters('localUsers')[copyIndex()], 'sshAuthorizedKeys')]" + "value": "[tryGet(coalesce(parameters('localUsers'), createArray())[copyIndex()], 'sshAuthorizedKeys')]" } }, "template": { @@ -2170,41 +2383,59 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.31.92.45157", - "templateHash": "13871524692494146314" + "version": "0.32.4.45862", + "templateHash": "10324618530995904011" }, "name": "Storage Account Local Users", "description": "This module deploys a Storage Account Local User, which is used for SFTP authentication.", "owner": "Azure/module-maintainers" }, "definitions": { - "sshAuthorizedKeysType": { - "type": "secureObject", + "sshAuthorizedKeyType": { + "type": "object", "properties": { - "secureList": { - "type": "array", - "items": { - "type": "object", - "properties": { - "description": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. Description used to store the function/usage of the key." - } - }, - "key": { - "type": "string", - "metadata": { - "description": "Required. SSH public key base64 encoded. The format should be: '{keyType} {keyData}', e.g. ssh-rsa AAAABBBB." - } - } - } - }, + "description": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Description used to store the function/usage of the key." + } + }, + "key": { + "type": "securestring", + "metadata": { + "description": "Required. SSH public key base64 encoded. The format should be: '{keyType} {keyData}', e.g. ssh-rsa AAAABBBB." + } + } + }, + "metadata": { + "__bicep_export!": true + } + }, + "permissionScopeType": { + "type": "object", + "properties": { + "permissions": { + "type": "string", + "metadata": { + "description": "Required. The permissions for the local user. Possible values include: Read (r), Write (w), Delete (d), List (l), and Create (c)." + } + }, + "resourceName": { + "type": "string", + "metadata": { + "description": "Required. The name of resource, normally the container name or the file share name, used by the local user." + } + }, + "service": { + "type": "string", "metadata": { - "description": "Optional. The list of SSH authorized keys." + "description": "Required. The service used by the local user, e.g. blob, file." } } + }, + "metadata": { + "__bicep_export!": true } } }, @@ -2250,12 +2481,18 @@ }, "permissionScopes": { "type": "array", + "items": { + "$ref": "#/definitions/permissionScopeType" + }, "metadata": { "description": "Required. The permission scopes of the local user." } }, "sshAuthorizedKeys": { - "$ref": "#/definitions/sshAuthorizedKeysType", + "type": "array", + "items": { + "$ref": "#/definitions/sshAuthorizedKeyType" + }, "nullable": true, "metadata": { "description": "Optional. The local user SSH authorized keys for SFTP." @@ -2279,11 +2516,8 @@ "hasSshPassword": "[parameters('hasSshPassword')]", "homeDirectory": "[parameters('homeDirectory')]", "permissionScopes": "[parameters('permissionScopes')]", - "sshAuthorizedKeys": "[tryGet(parameters('sshAuthorizedKeys'), 'secureList')]" - }, - "dependsOn": [ - "storageAccount" - ] + "sshAuthorizedKeys": "[parameters('sshAuthorizedKeys')]" + } } }, "outputs": { @@ -2388,8 +2622,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.31.92.45157", - "templateHash": "13498928590492156888" + "version": "0.32.4.45862", + "templateHash": "17622492193190468017" }, "name": "Storage Account blob Services", "description": "This module deploys a Storage Account Blob Service.", @@ -2795,8 +3029,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.31.92.45157", - "templateHash": "13866122608356514480" + "version": "0.32.4.45862", + "templateHash": "8294501714202659478" }, "name": "Storage Account Blob Containers", "description": "This module deploys a Storage Account Blob Container.", @@ -3008,10 +3242,7 @@ "existing": true, "type": "Microsoft.Storage/storageAccounts/blobServices", "apiVersion": "2022-09-01", - "name": "[format('{0}/{1}', parameters('storageAccountName'), parameters('blobServiceName'))]", - "dependsOn": [ - "storageAccount" - ] + "name": "[format('{0}/{1}', parameters('storageAccountName'), parameters('blobServiceName'))]" }, "storageAccount": { "existing": true, @@ -3031,10 +3262,7 @@ "immutableStorageWithVersioning": "[if(equals(parameters('immutableStorageWithVersioningEnabled'), true()), createObject('enabled', parameters('immutableStorageWithVersioningEnabled')), null())]", "metadata": "[parameters('metadata')]", "publicAccess": "[parameters('publicAccess')]" - }, - "dependsOn": [ - "storageAccount::blobServices" - ] + } }, "container_roleAssignments": { "copy": { @@ -3091,8 +3319,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.31.92.45157", - "templateHash": "377117240673904242" + "version": "0.32.4.45862", + "templateHash": "13544771409253577128" }, "name": "Storage Account Blob Container Immutability Policies", "description": "This module deploys a Storage Account Blob Container Immutability Policy.", @@ -3172,8 +3400,7 @@ } }, "dependsOn": [ - "container", - "storageAccount" + "container" ] } }, @@ -3203,8 +3430,7 @@ } }, "dependsOn": [ - "blobServices", - "storageAccount" + "blobServices" ] } }, @@ -3271,8 +3497,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.31.92.45157", - "templateHash": "652717210213575792" + "version": "0.32.4.45862", + "templateHash": "16770140342047484752" }, "name": "Storage Account File Share Services", "description": "This module deploys a Storage Account File Share Service.", @@ -3466,10 +3692,7 @@ "properties": { "protocolSettings": "[parameters('protocolSettings')]", "shareDeleteRetentionPolicy": "[parameters('shareDeleteRetentionPolicy')]" - }, - "dependsOn": [ - "storageAccount" - ] + } }, "fileServices_diagnosticSettings": { "copy": { @@ -3558,8 +3781,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.31.92.45157", - "templateHash": "647440482037193710" + "version": "0.32.4.45862", + "templateHash": "14754019327939013287" }, "name": "Storage Account File Shares", "description": "This module deploys a Storage Account File Share.", @@ -3722,10 +3945,7 @@ "existing": true, "type": "Microsoft.Storage/storageAccounts/fileServices", "apiVersion": "2023-04-01", - "name": "[format('{0}/{1}', parameters('storageAccountName'), parameters('fileServicesName'))]", - "dependsOn": [ - "storageAccount" - ] + "name": "[format('{0}/{1}', parameters('storageAccountName'), parameters('fileServicesName'))]" }, "storageAccount": { "existing": true, @@ -3742,10 +3962,7 @@ "shareQuota": "[parameters('shareQuota')]", "rootSquash": "[if(equals(parameters('enabledProtocols'), 'NFS'), parameters('rootSquash'), null())]", "enabledProtocols": "[parameters('enabledProtocols')]" - }, - "dependsOn": [ - "storageAccount::fileService" - ] + } }, "fileShare_roleAssignments": { "condition": "[not(empty(parameters('roleAssignments')))]", @@ -3771,8 +3988,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.31.92.45157", - "templateHash": "9505259635631318962" + "version": "0.32.4.45862", + "templateHash": "15649989472241817249" } }, "parameters": { @@ -4047,8 +4264,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.31.92.45157", - "templateHash": "7019230822337955866" + "version": "0.32.4.45862", + "templateHash": "15558678445347429038" }, "name": "Storage Account Queue Services", "description": "This module deploys a Storage Account Queue Service.", @@ -4218,10 +4435,7 @@ "type": "Microsoft.Storage/storageAccounts/queueServices", "apiVersion": "2023-04-01", "name": "[format('{0}/{1}', parameters('storageAccountName'), variables('name'))]", - "properties": {}, - "dependsOn": [ - "storageAccount" - ] + "properties": {} }, "queueServices_diagnosticSettings": { "copy": { @@ -4298,8 +4512,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.31.92.45157", - "templateHash": "15204094799418239872" + "version": "0.32.4.45862", + "templateHash": "11255566639202978270" }, "name": "Storage Account Queues", "description": "This module deploys a Storage Account Queue.", @@ -4443,10 +4657,7 @@ "existing": true, "type": "Microsoft.Storage/storageAccounts/queueServices", "apiVersion": "2023-04-01", - "name": "[format('{0}/{1}', parameters('storageAccountName'), 'default')]", - "dependsOn": [ - "storageAccount" - ] + "name": "[format('{0}/{1}', parameters('storageAccountName'), 'default')]" }, "storageAccount": { "existing": true, @@ -4460,10 +4671,7 @@ "name": "[format('{0}/{1}/{2}', parameters('storageAccountName'), 'default', parameters('name'))]", "properties": { "metadata": "[parameters('metadata')]" - }, - "dependsOn": [ - "storageAccount::queueServices" - ] + } }, "queue_roleAssignments": { "copy": { @@ -4512,10 +4720,7 @@ } } } - }, - "dependsOn": [ - "storageAccount" - ] + } } }, "outputs": { @@ -4575,8 +4780,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.31.92.45157", - "templateHash": "3872868238795839712" + "version": "0.32.4.45862", + "templateHash": "3329223749131374550" }, "name": "Storage Account Table Services", "description": "This module deploys a Storage Account Table Service.", @@ -4746,10 +4951,7 @@ "type": "Microsoft.Storage/storageAccounts/tableServices", "apiVersion": "2023-04-01", "name": "[format('{0}/{1}', parameters('storageAccountName'), variables('name'))]", - "properties": {}, - "dependsOn": [ - "storageAccount" - ] + "properties": {} }, "tableServices_diagnosticSettings": { "copy": { @@ -4823,8 +5025,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.31.92.45157", - "templateHash": "443267280546424371" + "version": "0.32.4.45862", + "templateHash": "10161610446497418516" }, "name": "Storage Account Table", "description": "This module deploys a Storage Account Table.", @@ -4959,10 +5161,7 @@ "existing": true, "type": "Microsoft.Storage/storageAccounts/tableServices", "apiVersion": "2023-04-01", - "name": "[format('{0}/{1}', parameters('storageAccountName'), 'default')]", - "dependsOn": [ - "storageAccount" - ] + "name": "[format('{0}/{1}', parameters('storageAccountName'), 'default')]" }, "storageAccount": { "existing": true, @@ -4973,10 +5172,7 @@ "table": { "type": "Microsoft.Storage/storageAccounts/tableServices/tables", "apiVersion": "2023-04-01", - "name": "[format('{0}/{1}/{2}', parameters('storageAccountName'), 'default', parameters('name'))]", - "dependsOn": [ - "storageAccount::tableServices" - ] + "name": "[format('{0}/{1}/{2}', parameters('storageAccountName'), 'default', parameters('name'))]" }, "table_roleAssignments": { "copy": { @@ -5025,10 +5221,7 @@ } } } - }, - "dependsOn": [ - "storageAccount" - ] + } } }, "outputs": { @@ -5087,8 +5280,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.31.92.45157", - "templateHash": "11923198665150594620" + "version": "0.32.4.45862", + "templateHash": "7228569789039191996" } }, "definitions": { @@ -5179,10 +5372,7 @@ "name": "[format('{0}/{1}', parameters('keyVaultName'), parameters('secretsToSet')[copyIndex()].name)]", "properties": { "value": "[parameters('secretsToSet')[copyIndex()].value]" - }, - "dependsOn": [ - "keyVault" - ] + } } }, "outputs": { @@ -5264,17 +5454,20 @@ }, "privateEndpoints": { "type": "array", + "items": { + "$ref": "#/definitions/privateEndpointOutputType" + }, "metadata": { "description": "The private endpoints of the Storage Account." }, "copy": { - "count": "[length(if(not(empty(parameters('privateEndpoints'))), array(parameters('privateEndpoints')), createArray()))]", + "count": "[length(coalesce(parameters('privateEndpoints'), createArray()))]", "input": { "name": "[reference(format('storageAccount_privateEndpoints[{0}]', copyIndex())).outputs.name.value]", "resourceId": "[reference(format('storageAccount_privateEndpoints[{0}]', copyIndex())).outputs.resourceId.value]", "groupId": "[reference(format('storageAccount_privateEndpoints[{0}]', copyIndex())).outputs.groupId.value]", - "customDnsConfig": "[reference(format('storageAccount_privateEndpoints[{0}]', copyIndex())).outputs.customDnsConfig.value]", - "networkInterfaceIds": "[reference(format('storageAccount_privateEndpoints[{0}]', copyIndex())).outputs.networkInterfaceIds.value]" + "customDnsConfigs": "[reference(format('storageAccount_privateEndpoints[{0}]', copyIndex())).outputs.customDnsConfig.value]", + "networkInterfaceResourceIds": "[reference(format('storageAccount_privateEndpoints[{0}]', copyIndex())).outputs.networkInterfaceResourceIds.value]" } } }, diff --git a/avm/res/storage/storage-account/management-policy/main.json b/avm/res/storage/storage-account/management-policy/main.json index 44ae8478b6..31a8fd0033 100644 --- a/avm/res/storage/storage-account/management-policy/main.json +++ b/avm/res/storage/storage-account/management-policy/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.31.92.45157", - "templateHash": "4758818286358106448" + "version": "0.32.4.45862", + "templateHash": "13043152240974749163" }, "name": "Storage Account Management Policies", "description": "This module deploys a Storage Account Management Policy.", diff --git a/avm/res/storage/storage-account/queue-service/main.json b/avm/res/storage/storage-account/queue-service/main.json index ee041706b4..84f2e69daf 100644 --- a/avm/res/storage/storage-account/queue-service/main.json +++ b/avm/res/storage/storage-account/queue-service/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.31.92.45157", - "templateHash": "7019230822337955866" + "version": "0.32.4.45862", + "templateHash": "15558678445347429038" }, "name": "Storage Account Queue Services", "description": "This module deploys a Storage Account Queue Service.", @@ -176,10 +176,7 @@ "type": "Microsoft.Storage/storageAccounts/queueServices", "apiVersion": "2023-04-01", "name": "[format('{0}/{1}', parameters('storageAccountName'), variables('name'))]", - "properties": {}, - "dependsOn": [ - "storageAccount" - ] + "properties": {} }, "queueServices_diagnosticSettings": { "copy": { @@ -256,8 +253,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.31.92.45157", - "templateHash": "15204094799418239872" + "version": "0.32.4.45862", + "templateHash": "11255566639202978270" }, "name": "Storage Account Queues", "description": "This module deploys a Storage Account Queue.", @@ -401,10 +398,7 @@ "existing": true, "type": "Microsoft.Storage/storageAccounts/queueServices", "apiVersion": "2023-04-01", - "name": "[format('{0}/{1}', parameters('storageAccountName'), 'default')]", - "dependsOn": [ - "storageAccount" - ] + "name": "[format('{0}/{1}', parameters('storageAccountName'), 'default')]" }, "storageAccount": { "existing": true, @@ -418,10 +412,7 @@ "name": "[format('{0}/{1}/{2}', parameters('storageAccountName'), 'default', parameters('name'))]", "properties": { "metadata": "[parameters('metadata')]" - }, - "dependsOn": [ - "storageAccount::queueServices" - ] + } }, "queue_roleAssignments": { "copy": { @@ -470,10 +461,7 @@ } } } - }, - "dependsOn": [ - "storageAccount" - ] + } } }, "outputs": { diff --git a/avm/res/storage/storage-account/queue-service/queue/main.json b/avm/res/storage/storage-account/queue-service/queue/main.json index cea9977925..9c828e4f46 100644 --- a/avm/res/storage/storage-account/queue-service/queue/main.json +++ b/avm/res/storage/storage-account/queue-service/queue/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.31.92.45157", - "templateHash": "15204094799418239872" + "version": "0.32.4.45862", + "templateHash": "11255566639202978270" }, "name": "Storage Account Queues", "description": "This module deploys a Storage Account Queue.", @@ -150,10 +150,7 @@ "existing": true, "type": "Microsoft.Storage/storageAccounts/queueServices", "apiVersion": "2023-04-01", - "name": "[format('{0}/{1}', parameters('storageAccountName'), 'default')]", - "dependsOn": [ - "storageAccount" - ] + "name": "[format('{0}/{1}', parameters('storageAccountName'), 'default')]" }, "storageAccount": { "existing": true, @@ -167,10 +164,7 @@ "name": "[format('{0}/{1}/{2}', parameters('storageAccountName'), 'default', parameters('name'))]", "properties": { "metadata": "[parameters('metadata')]" - }, - "dependsOn": [ - "storageAccount::queueServices" - ] + } }, "queue_roleAssignments": { "copy": { diff --git a/avm/res/storage/storage-account/table-service/main.json b/avm/res/storage/storage-account/table-service/main.json index 005638be20..5acaed4231 100644 --- a/avm/res/storage/storage-account/table-service/main.json +++ b/avm/res/storage/storage-account/table-service/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.31.92.45157", - "templateHash": "3872868238795839712" + "version": "0.32.4.45862", + "templateHash": "3329223749131374550" }, "name": "Storage Account Table Services", "description": "This module deploys a Storage Account Table Service.", @@ -176,10 +176,7 @@ "type": "Microsoft.Storage/storageAccounts/tableServices", "apiVersion": "2023-04-01", "name": "[format('{0}/{1}', parameters('storageAccountName'), variables('name'))]", - "properties": {}, - "dependsOn": [ - "storageAccount" - ] + "properties": {} }, "tableServices_diagnosticSettings": { "copy": { @@ -253,8 +250,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.31.92.45157", - "templateHash": "443267280546424371" + "version": "0.32.4.45862", + "templateHash": "10161610446497418516" }, "name": "Storage Account Table", "description": "This module deploys a Storage Account Table.", @@ -389,10 +386,7 @@ "existing": true, "type": "Microsoft.Storage/storageAccounts/tableServices", "apiVersion": "2023-04-01", - "name": "[format('{0}/{1}', parameters('storageAccountName'), 'default')]", - "dependsOn": [ - "storageAccount" - ] + "name": "[format('{0}/{1}', parameters('storageAccountName'), 'default')]" }, "storageAccount": { "existing": true, @@ -403,10 +397,7 @@ "table": { "type": "Microsoft.Storage/storageAccounts/tableServices/tables", "apiVersion": "2023-04-01", - "name": "[format('{0}/{1}/{2}', parameters('storageAccountName'), 'default', parameters('name'))]", - "dependsOn": [ - "storageAccount::tableServices" - ] + "name": "[format('{0}/{1}/{2}', parameters('storageAccountName'), 'default', parameters('name'))]" }, "table_roleAssignments": { "copy": { @@ -455,10 +446,7 @@ } } } - }, - "dependsOn": [ - "storageAccount" - ] + } } }, "outputs": { diff --git a/avm/res/storage/storage-account/table-service/table/main.json b/avm/res/storage/storage-account/table-service/table/main.json index c6e002440b..84d83e1d3e 100644 --- a/avm/res/storage/storage-account/table-service/table/main.json +++ b/avm/res/storage/storage-account/table-service/table/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.31.92.45157", - "templateHash": "443267280546424371" + "version": "0.32.4.45862", + "templateHash": "10161610446497418516" }, "name": "Storage Account Table", "description": "This module deploys a Storage Account Table.", @@ -141,10 +141,7 @@ "existing": true, "type": "Microsoft.Storage/storageAccounts/tableServices", "apiVersion": "2023-04-01", - "name": "[format('{0}/{1}', parameters('storageAccountName'), 'default')]", - "dependsOn": [ - "storageAccount" - ] + "name": "[format('{0}/{1}', parameters('storageAccountName'), 'default')]" }, "storageAccount": { "existing": true, @@ -155,10 +152,7 @@ "table": { "type": "Microsoft.Storage/storageAccounts/tableServices/tables", "apiVersion": "2023-04-01", - "name": "[format('{0}/{1}/{2}', parameters('storageAccountName'), 'default', parameters('name'))]", - "dependsOn": [ - "storageAccount::tableServices" - ] + "name": "[format('{0}/{1}/{2}', parameters('storageAccountName'), 'default', parameters('name'))]" }, "table_roleAssignments": { "copy": { diff --git a/avm/res/storage/storage-account/tests/e2e/max/main.test.bicep b/avm/res/storage/storage-account/tests/e2e/max/main.test.bicep index 8d781c4b09..c4f6afe382 100644 --- a/avm/res/storage/storage-account/tests/e2e/max/main.test.bicep +++ b/avm/res/storage/storage-account/tests/e2e/max/main.test.bicep @@ -186,7 +186,6 @@ module testDeployment '../../../main.bicep' = [ } localUsers: [ { - storageAccountName: '${namePrefix}${serviceShort}001' name: 'testuser' hasSharedKey: false hasSshKey: true diff --git a/avm/res/storage/storage-account/tests/e2e/waf-aligned/main.test.bicep b/avm/res/storage/storage-account/tests/e2e/waf-aligned/main.test.bicep index 7792611a5f..4e10b9c897 100644 --- a/avm/res/storage/storage-account/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/storage/storage-account/tests/e2e/waf-aligned/main.test.bicep @@ -110,7 +110,6 @@ module testDeployment '../../../main.bicep' = [ } localUsers: [ { - storageAccountName: '${namePrefix}${serviceShort}001' name: 'testuser' hasSharedKey: false hasSshKey: true