Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Remove Orphan file and Correct Linter issues - avm/res/sql/server #3023

Closed
wants to merge 30 commits into from
Closed

fix: Remove Orphan file and Correct Linter issues - avm/res/sql/server #3023

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
30 commits
Select commit Hold shift + click to select a range
f9af1cb
alter main.bicep; main.test.bicep; readme
Jul 11, 2024
c780326
push new json file
Jul 11, 2024
5a8bd67
Alter readme file
Jul 12, 2024
a5e6211
alter readme file
Jul 12, 2024
1422605
update readme
Jul 12, 2024
35f7aef
update readme
Jul 12, 2024
60cc42a
remove extra space in read me
Jul 12, 2024
d284309
Set-AVMModule update
Jul 12, 2024
5708e35
Updated version
Jul 12, 2024
abdd91b
Update avm/res/insights/scheduled-query-rule/main.bicep
emichellecarter Aug 8, 2024
94ce402
altered per recommendations
Aug 8, 2024
66d6387
Merge branch 'main' into main
emichellecarter Aug 8, 2024
9957fd1
Remove orphan file
Aug 8, 2024
7f36687
Pushing readme to trigger workflow
Aug 8, 2024
efaf66d
read me corrected
Aug 8, 2024
3db474b
Revert "Remove orphan file"
Aug 8, 2024
f6d1fd4
Correct bicep version
Aug 8, 2024
c5412a0
Removing Orphaned file
Aug 9, 2024
32df79f
Correct linter warnings
Aug 9, 2024
65c230b
Test addition of disbled Alerts to waf test
Aug 9, 2024
7ae73cf
Alter WAF test for missing email addresses
Aug 9, 2024
f689883
Update README
Aug 9, 2024
ceb9cae
Alter parameter to trigger workflow
Aug 9, 2024
a01c13d
Alter storage name for waf test
Aug 9, 2024
a12e33f
Push new test files for storage account duplicate
Aug 9, 2024
f99ae87
Altering tests to prevent duplicates
Aug 9, 2024
30b3c42
Alter test files and readme
Aug 9, 2024
6eacd44
Alter Security alert policies and vulnerability arrays
Aug 10, 2024
2f23539
Merge branch 'Azure:main' into main
emichellecarter Aug 10, 2024
876d6b0
Merge branch 'main' into main
oZakari Aug 13, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
42 changes: 36 additions & 6 deletions avm/res/sql/server/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ module server 'br/public:avm/res/sql/server:<version>' = {
name: 'serverDeployment'
params: {
// Required parameters
name: 'sqlsadmin'
name: 'sqladmin'
// Non-required parameters
administrators: {
azureADOnlyAuthentication: true
Expand All @@ -91,7 +91,7 @@ module server 'br/public:avm/res/sql/server:<version>' = {
"parameters": {
// Required parameters
"name": {
"value": "sqlsadmin"
"value": "sqladmin"
},
// Non-required parameters
"administrators": {
Expand Down Expand Up @@ -369,7 +369,12 @@ module server 'br/public:avm/res/sql/server:<version>' = {
]
securityAlertPolicies: [
{
disabledAlerts: []
emailAccountAdmins: true
emailAddresses: [
'[email protected]'
'[email protected]'
]
name: 'Default'
state: 'Enabled'
}
Expand Down Expand Up @@ -551,7 +556,12 @@ module server 'br/public:avm/res/sql/server:<version>' = {
"securityAlertPolicies": {
"value": [
{
"disabledAlerts": [],
"emailAccountAdmins": true,
"emailAddresses": [
"[email protected]",
"[email protected]"
],
"name": "Default",
"state": "Enabled"
}
Expand Down Expand Up @@ -606,7 +616,7 @@ module server 'br/public:avm/res/sql/server:<version>' = {
name: 'serverDeployment'
params: {
// Required parameters
name: 'sqlsec-sec'
name: 'sqlsc-sec'
// Non-required parameters
administratorLogin: 'adminUserName'
administratorLoginPassword: '<administratorLoginPassword>'
Expand Down Expand Up @@ -644,7 +654,7 @@ module server 'br/public:avm/res/sql/server:<version>' = {
"parameters": {
// Required parameters
"name": {
"value": "sqlsec-sec"
"value": "sqlsc-sec"
},
// Non-required parameters
"administratorLogin": {
Expand Down Expand Up @@ -696,7 +706,7 @@ module server 'br/public:avm/res/sql/server:<version>' = {
name: 'serverDeployment'
params: {
// Required parameters
name: 'sqlsvln'
name: 'sqlvln'
// Non-required parameters
administratorLogin: 'adminUserName'
administratorLoginPassword: '<administratorLoginPassword>'
Expand All @@ -710,7 +720,12 @@ module server 'br/public:avm/res/sql/server:<version>' = {
primaryUserAssignedIdentityId: '<primaryUserAssignedIdentityId>'
securityAlertPolicies: [
{
disabledAlerts: []
emailAccountAdmins: true
emailAddresses: [
'[email protected]'
'[email protected]'
]
name: 'Default'
state: 'Enabled'
}
Expand Down Expand Up @@ -750,7 +765,7 @@ module server 'br/public:avm/res/sql/server:<version>' = {
"parameters": {
// Required parameters
"name": {
"value": "sqlsvln"
"value": "sqlvln"
},
// Non-required parameters
"administratorLogin": {
Expand All @@ -776,7 +791,12 @@ module server 'br/public:avm/res/sql/server:<version>' = {
"securityAlertPolicies": {
"value": [
{
"disabledAlerts": [],
"emailAccountAdmins": true,
"emailAddresses": [
"[email protected]",
"[email protected]"
],
"name": "Default",
"state": "Enabled"
}
Expand Down Expand Up @@ -904,7 +924,12 @@ module server 'br/public:avm/res/sql/server:<version>' = {
restrictOutboundNetworkAccess: 'Disabled'
securityAlertPolicies: [
{
disabledAlerts: []
emailAccountAdmins: true
emailAddresses: [
'[email protected]'
'[email protected]'
]
name: 'Default'
state: 'Enabled'
}
Expand Down Expand Up @@ -1047,7 +1072,12 @@ module server 'br/public:avm/res/sql/server:<version>' = {
"securityAlertPolicies": {
"value": [
{
"disabledAlerts": [],
"emailAccountAdmins": true,
"emailAddresses": [
"[email protected]",
"[email protected]"
],
"name": "Default",
"state": "Enabled"
}
Expand Down
22 changes: 6 additions & 16 deletions avm/res/sql/server/database/main.bicep
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -211,12 +211,8 @@ module database_backupShortTermRetentionPolicy 'backup-short-term-retention-poli
params: {
serverName: serverName
databaseName: database.name
diffBackupIntervalInHours: contains(backupShortTermRetentionPolicy, 'diffBackupIntervalInHours')
? backupShortTermRetentionPolicy.diffBackupIntervalInHours
: 24
retentionDays: contains(backupShortTermRetentionPolicy, 'retentionDays')
? backupShortTermRetentionPolicy.retentionDays
: 7
diffBackupIntervalInHours: backupShortTermRetentionPolicy.?backupShortTermRetentionPolicy.diffBackupIntervalInHours ?? 24
retentionDays: backupShortTermRetentionPolicy.?backupShortTermRetentionPolicy.retentionDays ?? 7
}
}

Expand All @@ -225,16 +221,10 @@ module database_backupLongTermRetentionPolicy 'backup-long-term-retention-policy
params: {
serverName: serverName
databaseName: database.name
weeklyRetention: contains(backupLongTermRetentionPolicy, 'weeklyRetention')
? backupLongTermRetentionPolicy.weeklyRetention
: ''
monthlyRetention: contains(backupLongTermRetentionPolicy, 'monthlyRetention')
? backupLongTermRetentionPolicy.monthlyRetention
: ''
yearlyRetention: contains(backupLongTermRetentionPolicy, 'yearlyRetention')
? backupLongTermRetentionPolicy.yearlyRetention
: ''
weekOfYear: contains(backupLongTermRetentionPolicy, 'weekOfYear') ? backupLongTermRetentionPolicy.weekOfYear : 1
weeklyRetention: backupLongTermRetentionPolicy.?backupLongTermRetentionPolicy.weeklyRetention ?? ''
monthlyRetention: backupLongTermRetentionPolicy.?backupLongTermRetentionPolicy.monthlyRetention ?? ''
yearlyRetention: backupLongTermRetentionPolicy.?backupLongTermRetentionPolicy.yearlyRetention ?? ''
weekOfYear: backupLongTermRetentionPolicy.?backupLongTermRetentionPolicy.weekOfYear ?? 1
}
}

Expand Down
143 changes: 52 additions & 91 deletions avm/res/sql/server/main.bicep
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -238,48 +238,34 @@ module server_databases 'database/main.bicep' = [
params: {
name: database.name
serverName: server.name
skuTier: contains(database, 'skuTier') ? database.skuTier : 'GeneralPurpose'
skuName: contains(database, 'skuName') ? database.skuName : 'GP_Gen5_2'
skuTier: database.?skuTier ?? 'GeneralPurpose'
skuName: database.?skuName ?? 'GP_Gen5_2'
skuCapacity: database.?skuCapacity
skuFamily: contains(database, 'skuFamily') ? database.skuFamily : ''
skuSize: contains(database, 'skuSize') ? database.skuSize : ''
collation: contains(database, 'collation') ? database.collation : 'SQL_Latin1_General_CP1_CI_AS'
maxSizeBytes: contains(database, 'maxSizeBytes') ? database.maxSizeBytes : 34359738368
autoPauseDelay: contains(database, 'autoPauseDelay') ? database.autoPauseDelay : 0
skuFamily: database.?skuFamily ?? ''
skuSize: database.?skuSize ?? ''
collation: database.?collation ?? 'SQL_Latin1_General_CP1_CI_AS'
maxSizeBytes: database.?maxSizeBytes ?? 34359738368
autoPauseDelay: database.?autoPauseDelay ?? 0
diagnosticSettings: database.?diagnosticSettings
isLedgerOn: contains(database, 'isLedgerOn') ? database.isLedgerOn : false
isLedgerOn: database.?isLedgerOn ?? false
location: location
licenseType: contains(database, 'licenseType') ? database.licenseType : ''
maintenanceConfigurationId: contains(database, 'maintenanceConfigurationId')
? database.maintenanceConfigurationId
: ''
minCapacity: contains(database, 'minCapacity') ? database.minCapacity : ''
highAvailabilityReplicaCount: contains(database, 'highAvailabilityReplicaCount')
? database.highAvailabilityReplicaCount
: 0
readScale: contains(database, 'readScale') ? database.readScale : 'Disabled'
requestedBackupStorageRedundancy: contains(database, 'requestedBackupStorageRedundancy')
? database.requestedBackupStorageRedundancy
: ''
sampleName: contains(database, 'sampleName') ? database.sampleName : ''
licenseType: database.?licenseType ?? ''
maintenanceConfigurationId: database.?maintenanceConfigurationId ?? ''
minCapacity: database.?minCapacity ?? ''
highAvailabilityReplicaCount: database.?highAvailabilityReplicaCount ?? 0
readScale: database.?readScale ?? 'Disabled'
requestedBackupStorageRedundancy: database.?requestedBackupStorageRedundancy ?? ''
sampleName: database.?sampleName ?? ''
tags: database.?tags ?? tags
zoneRedundant: contains(database, 'zoneRedundant') ? database.zoneRedundant : false
elasticPoolId: contains(database, 'elasticPoolId') ? database.elasticPoolId : ''
backupShortTermRetentionPolicy: contains(database, 'backupShortTermRetentionPolicy')
? database.backupShortTermRetentionPolicy
: {}
backupLongTermRetentionPolicy: contains(database, 'backupLongTermRetentionPolicy')
? database.backupLongTermRetentionPolicy
: {}
createMode: contains(database, 'createMode') ? database.createMode : 'Default'
sourceDatabaseResourceId: contains(database, 'sourceDatabaseResourceId') ? database.sourceDatabaseResourceId : ''
sourceDatabaseDeletionDate: contains(database, 'sourceDatabaseDeletionDate')
? database.sourceDatabaseDeletionDate
: ''
recoveryServicesRecoveryPointResourceId: contains(database, 'recoveryServicesRecoveryPointResourceId')
? database.recoveryServicesRecoveryPointResourceId
: ''
restorePointInTime: contains(database, 'restorePointInTime') ? database.restorePointInTime : ''
zoneRedundant: database.?zoneRedundant ?? false
elasticPoolId: database.?elasticPoolId ?? ''
backupShortTermRetentionPolicy: database.?backupShortTermRetentionPolicy ?? {}
backupLongTermRetentionPolicy: database.?backupLongTermRetentionPolicy ?? {}
createMode: database.?createMode ?? 'Default'
sourceDatabaseResourceId: database.?sourceDatabaseResourceId ?? ''
sourceDatabaseDeletionDate: database.?sourceDatabaseDeletionDate ?? ''
recoveryServicesRecoveryPointResourceId: database.?recoveryServicesRecoveryPointResourceId ?? ''
restorePointInTime: database.?restorePointInTime ?? ''
}
dependsOn: [
server_elasticPools // Enables us to add databases to existing elastic pools
Expand All @@ -293,19 +279,17 @@ module server_elasticPools 'elastic-pool/main.bicep' = [
params: {
name: elasticPool.name
serverName: server.name
databaseMaxCapacity: contains(elasticPool, 'databaseMaxCapacity') ? elasticPool.databaseMaxCapacity : 2
databaseMinCapacity: contains(elasticPool, 'databaseMinCapacity') ? elasticPool.databaseMinCapacity : 0
databaseMaxCapacity: elasticPool.?databaseMaxCapacity ?? 2
databaseMinCapacity: elasticPool.?databaseMinCapacity ?? 0
highAvailabilityReplicaCount: elasticPool.?highAvailabilityReplicaCount
licenseType: contains(elasticPool, 'licenseType') ? elasticPool.licenseType : 'LicenseIncluded'
maintenanceConfigurationId: contains(elasticPool, 'maintenanceConfigurationId')
? elasticPool.maintenanceConfigurationId
: ''
maxSizeBytes: contains(elasticPool, 'maxSizeBytes') ? elasticPool.maxSizeBytes : 34359738368
licenseType: elasticPool.?licenseType ?? 'LicenseIncluded'
maintenanceConfigurationId: elasticPool.?maintenanceConfigurationId ?? ''
maxSizeBytes: elasticPool.?maxSizeBytes ?? 34359738368
minCapacity: elasticPool.?minCapacity
skuCapacity: contains(elasticPool, 'skuCapacity') ? elasticPool.skuCapacity : 2
skuName: contains(elasticPool, 'skuName') ? elasticPool.skuName : 'GP_Gen5'
skuTier: contains(elasticPool, 'skuTier') ? elasticPool.skuTier : 'GeneralPurpose'
zoneRedundant: contains(elasticPool, 'zoneRedundant') ? elasticPool.zoneRedundant : false
skuCapacity: elasticPool.?skuCapacity ?? 2
skuName: elasticPool.?skuName ?? 'GP_Gen5'
skuTier: elasticPool.?skuTier ?? 'GeneralPurpose'
zoneRedundant: elasticPool.?zoneRedundant ?? false
location: location
tags: elasticPool.?tags ?? tags
}
Expand Down Expand Up @@ -371,8 +355,8 @@ module server_firewallRules 'firewall-rule/main.bicep' = [
params: {
name: firewallRule.name
serverName: server.name
endIpAddress: contains(firewallRule, 'endIpAddress') ? firewallRule.endIpAddress : '0.0.0.0'
startIpAddress: contains(firewallRule, 'startIpAddress') ? firewallRule.startIpAddress : '0.0.0.0'
endIpAddress: firewallRule.?endIpAddress ?? '0.0.0.0'
startIpAddress: firewallRule.?startIpAddress ?? '0.0.0.0'
}
}
]
Expand All @@ -383,9 +367,7 @@ module server_virtualNetworkRules 'virtual-network-rule/main.bicep' = [
params: {
name: virtualNetworkRule.name
serverName: server.name
ignoreMissingVnetServiceEndpoint: contains(virtualNetworkRule, 'ignoreMissingVnetServiceEndpoint')
? virtualNetworkRule.ignoreMissingVnetServiceEndpoint
: false
ignoreMissingVnetServiceEndpoint: virtualNetworkRule.?ignoreMissingVnetServiceEndpoint ?? false
virtualNetworkSubnetId: virtualNetworkRule.virtualNetworkSubnetId
}
}
Expand All @@ -397,17 +379,13 @@ module server_securityAlertPolicies 'security-alert-policy/main.bicep' = [
params: {
name: securityAlertPolicy.name
serverName: server.name
disabledAlerts: contains(securityAlertPolicy, 'disabledAlerts') ? securityAlertPolicy.disabledAlerts : []
emailAccountAdmins: contains(securityAlertPolicy, 'emailAccountAdmins')
? securityAlertPolicy.emailAccountAdmins
: false
emailAddresses: contains(securityAlertPolicy, 'emailAddresses') ? securityAlertPolicy.emailAddresses : []
retentionDays: contains(securityAlertPolicy, 'retentionDays') ? securityAlertPolicy.retentionDays : 0
state: contains(securityAlertPolicy, 'state') ? securityAlertPolicy.state : 'Disabled'
storageAccountAccessKey: contains(securityAlertPolicy, 'storageAccountAccessKey')
? securityAlertPolicy.storageAccountAccessKey
: ''
storageEndpoint: contains(securityAlertPolicy, 'storageEndpoint') ? securityAlertPolicy.storageEndpoint : ''
disabledAlerts: securityAlertPolicy.?securityAlertPolicy.disabledAlerts ?? []
emailAccountAdmins: securityAlertPolicy.?securityAlertPolicy.emailAccountAdmins ?? false
emailAddresses: securityAlertPolicy.?securityAlertPolicy.emailAddresses ?? []
retentionDays: securityAlertPolicy.?retentionDays ?? 0
state: securityAlertPolicy.?state ?? 'Disabled'
storageAccountAccessKey: securityAlertPolicy.?storageAccountAccessKey ?? ''
storageEndpoint: securityAlertPolicy.?storageEndpoint ?? ''
}
}
]
Expand All @@ -417,25 +395,12 @@ module server_vulnerabilityAssessment 'vulnerability-assessment/main.bicep' = if
params: {
serverName: server.name
name: vulnerabilityAssessmentsObj.name
recurringScansEmails: contains(vulnerabilityAssessmentsObj, 'recurringScansEmails')
? vulnerabilityAssessmentsObj.recurringScansEmails
: []
recurringScansEmailSubscriptionAdmins: contains(
vulnerabilityAssessmentsObj,
'recurringScansEmailSubscriptionAdmins'
)
? vulnerabilityAssessmentsObj.recurringScansEmailSubscriptionAdmins
: false
recurringScansIsEnabled: contains(vulnerabilityAssessmentsObj, 'recurringScansIsEnabled')
? vulnerabilityAssessmentsObj.recurringScansIsEnabled
: false
recurringScansEmails: vulnerabilityAssessmentsObj.?vulnerabilityAssessmentsObj.recurringScansEmails ?? []
recurringScansEmailSubscriptionAdmins: vulnerabilityAssessmentsObj.?vulnerabilityAssessmentsObj.recurringScansEmailSubscriptionAdmins ?? false
recurringScansIsEnabled: vulnerabilityAssessmentsObj.?recurringScansIsEnabled ?? false
storageAccountResourceId: vulnerabilityAssessmentsObj.storageAccountResourceId
useStorageAccountAccessKey: contains(vulnerabilityAssessmentsObj, 'useStorageAccountAccessKey')
? vulnerabilityAssessmentsObj.useStorageAccountAccessKey
: false
createStorageRoleAssignment: contains(vulnerabilityAssessmentsObj, 'createStorageRoleAssignment')
? vulnerabilityAssessmentsObj.createStorageRoleAssignment
: true
useStorageAccountAccessKey: vulnerabilityAssessmentsObj.?useStorageAccountAccessKey ?? false
createStorageRoleAssignment: vulnerabilityAssessmentsObj.?createStorageRoleAssignment ?? true
}
dependsOn: [
server_securityAlertPolicies
Expand All @@ -448,8 +413,8 @@ module server_keys 'key/main.bicep' = [
params: {
name: key.?name
serverName: server.name
serverKeyType: contains(key, 'serverKeyType') ? key.serverKeyType : 'ServiceManaged'
uri: contains(key, 'uri') ? key.uri : ''
serverKeyType: key.?serverKeyType ?? 'ServiceManaged'
uri: key.?uri ?? ''
}
}
]
Expand All @@ -459,12 +424,8 @@ module server_encryptionProtector 'encryption-protector/main.bicep' = if (!empty
params: {
sqlServerName: server.name
serverKeyName: encryptionProtectorObj.serverKeyName
serverKeyType: contains(encryptionProtectorObj, 'serverKeyType')
? encryptionProtectorObj.serverKeyType
: 'ServiceManaged'
autoRotationEnabled: contains(encryptionProtectorObj, 'autoRotationEnabled')
? encryptionProtectorObj.autoRotationEnabled
: true
serverKeyType: encryptionProtectorObj.?encryptionProtectorObj.serverKeyType ?? 'ServiceManaged'
autoRotationEnabled: encryptionProtectorObj.?encryptionProtectorObj.autoRotationEnabled ?? true
}
dependsOn: [
server_keys
Expand Down
Loading