diff --git a/.vscode/extensions.json b/.vscode/extensions.json index b6e76c35ad..b36c59714e 100644 --- a/.vscode/extensions.json +++ b/.vscode/extensions.json @@ -4,4 +4,4 @@ "editorconfig.editorconfig", "ms-vscode.powershell" ] -} \ No newline at end of file +} diff --git a/avm/res/app/managed-environment/README.md b/avm/res/app/managed-environment/README.md index be4b522543..1884561a9a 100644 --- a/avm/res/app/managed-environment/README.md +++ b/avm/res/app/managed-environment/README.md @@ -15,8 +15,8 @@ This module deploys an App Managed Environment (also known as a Container App En | Resource Type | API Version | | :-- | :-- | -| `Microsoft.App/managedEnvironments` | [2023-11-02-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.App/2023-11-02-preview/managedEnvironments) | -| `Microsoft.App/managedEnvironments/storages` | [2023-11-02-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.App/2023-11-02-preview/managedEnvironments/storages) | +| `Microsoft.App/managedEnvironments` | [2024-02-02-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.App/2024-02-02-preview/managedEnvironments) | +| `Microsoft.App/managedEnvironments/storages` | [2024-02-02-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.App/2024-02-02-preview/managedEnvironments/storages) | | `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | @@ -171,6 +171,7 @@ module managedEnvironment 'br/public:avm/res/app/managed-environment:' ] } } + peerTrafficEncryption: true platformReservedCidr: '172.17.17.0/24' platformReservedDnsIP: '172.17.17.17' roleAssignments: [ @@ -288,6 +289,9 @@ module managedEnvironment 'br/public:avm/res/app/managed-environment:' } } }, + "peerTrafficEncryption": { + "value": true + }, "platformReservedCidr": { "value": "172.17.17.0/24" }, @@ -542,6 +546,7 @@ module managedEnvironment 'br/public:avm/res/app/managed-environment:' | [`logsDestination`](#parameter-logsdestination) | string | Logs destination. | | [`managedIdentities`](#parameter-managedidentities) | object | The managed identity definition for this resource. | | [`openTelemetryConfiguration`](#parameter-opentelemetryconfiguration) | object | Open Telemetry configuration. | +| [`peerTrafficEncryption`](#parameter-peertrafficencryption) | bool | Whether or not to encrypt peer traffic. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignments to create. | | [`storages`](#parameter-storages) | array | The list of storages to mount on the environment. | | [`tags`](#parameter-tags) | object | Tags of the resource. | @@ -761,6 +766,14 @@ Open Telemetry configuration. - Type: object - Default: `{}` +### Parameter: `peerTrafficEncryption` + +Whether or not to encrypt peer traffic. + +- Required: No +- Type: bool +- Default: `True` + ### Parameter: `roleAssignments` Array of role assignments to create. diff --git a/avm/res/app/managed-environment/main.bicep b/avm/res/app/managed-environment/main.bicep index 6b6b49c5c6..07c6dc33af 100644 --- a/avm/res/app/managed-environment/main.bicep +++ b/avm/res/app/managed-environment/main.bicep @@ -53,6 +53,9 @@ param platformReservedCidr string = '' @description('Conditional. An IP address from the IP range defined by "platformReservedCidr" that will be reserved for the internal DNS server. It must not be the first address in the range and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform. Required if zoneRedundant is set to true to make the resource WAF compliant.') param platformReservedDnsIP string = '' +@description('Optional. Whether or not to encrypt peer traffic.') +param peerTrafficEncryption bool = true + @description('Optional. Whether or not this Managed Environment is zone-redundant.') param zoneRedundant bool = true @@ -146,7 +149,7 @@ resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2023-09 scope: resourceGroup(split(logAnalyticsWorkspaceResourceId, '/')[2], split(logAnalyticsWorkspaceResourceId, '/')[4]) } -resource managedEnvironment 'Microsoft.App/managedEnvironments@2023-11-02-preview' = { +resource managedEnvironment 'Microsoft.App/managedEnvironments@2024-02-02-preview' = { name: name location: location tags: tags @@ -170,6 +173,11 @@ resource managedEnvironment 'Microsoft.App/managedEnvironments@2023-11-02-previe dnsSuffix: dnsSuffix } openTelemetryConfiguration: !empty(openTelemetryConfiguration) ? openTelemetryConfiguration : null + peerTrafficConfiguration: { + encryption: { + enabled: peerTrafficEncryption + } + } vnetConfiguration: { internal: internal infrastructureSubnetId: !empty(infrastructureSubnetId) ? infrastructureSubnetId : null diff --git a/avm/res/app/managed-environment/main.json b/avm/res/app/managed-environment/main.json index 4786bb06a8..ed0df72869 100644 --- a/avm/res/app/managed-environment/main.json +++ b/avm/res/app/managed-environment/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "364014764379639426" + "templateHash": "13961196804563097956" }, "name": "App ManagedEnvironments", "description": "This module deploys an App Managed Environment (also known as a Container App Environment).", @@ -285,6 +285,13 @@ "description": "Conditional. An IP address from the IP range defined by \"platformReservedCidr\" that will be reserved for the internal DNS server. It must not be the first address in the range and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform. Required if zoneRedundant is set to true to make the resource WAF compliant." } }, + "peerTrafficEncryption": { + "type": "bool", + "defaultValue": true, + "metadata": { + "description": "Optional. Whether or not to encrypt peer traffic." + } + }, "zoneRedundant": { "type": "bool", "defaultValue": true, @@ -372,7 +379,7 @@ "count": "[length(coalesce(parameters('storages'), createArray()))]" }, "type": "Microsoft.App/managedEnvironments/storages", - "apiVersion": "2023-11-02-preview", + "apiVersion": "2024-02-02-preview", "name": "[format('{0}/{1}', parameters('name'), coalesce(parameters('storages'), createArray())[copyIndex()].shareName)]", "properties": { "nfsAzureFile": "[if(equals(coalesce(parameters('storages'), createArray())[copyIndex()].kind, 'NFS'), createObject('accessMode', coalesce(parameters('storages'), createArray())[copyIndex()].accessMode, 'server', format('{0}.file.{1}', coalesce(parameters('storages'), createArray())[copyIndex()].storageAccountName, environment().suffixes.storage), 'shareName', format('/{0}/{1}', coalesce(parameters('storages'), createArray())[copyIndex()].storageAccountName, coalesce(parameters('storages'), createArray())[copyIndex()].shareName)), null())]", @@ -413,7 +420,7 @@ }, "managedEnvironment": { "type": "Microsoft.App/managedEnvironments", - "apiVersion": "2023-11-02-preview", + "apiVersion": "2024-02-02-preview", "name": "[parameters('name')]", "location": "[parameters('location')]", "tags": "[parameters('tags')]", @@ -437,6 +444,11 @@ "dnsSuffix": "[parameters('dnsSuffix')]" }, "openTelemetryConfiguration": "[if(not(empty(parameters('openTelemetryConfiguration'))), parameters('openTelemetryConfiguration'), null())]", + "peerTrafficConfiguration": { + "encryption": { + "enabled": "[parameters('peerTrafficEncryption')]" + } + }, "vnetConfiguration": { "internal": "[parameters('internal')]", "infrastructureSubnetId": "[if(not(empty(parameters('infrastructureSubnetId'))), parameters('infrastructureSubnetId'), null())]", @@ -502,7 +514,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference('managedEnvironment', '2023-11-02-preview', 'full').location]" + "value": "[reference('managedEnvironment', '2024-02-02-preview', 'full').location]" }, "name": { "type": "string", @@ -523,7 +535,7 @@ "metadata": { "description": "The principal ID of the system assigned identity." }, - "value": "[coalesce(tryGet(tryGet(reference('managedEnvironment', '2023-11-02-preview', 'full'), 'identity'), 'principalId'), '')]" + "value": "[coalesce(tryGet(tryGet(reference('managedEnvironment', '2024-02-02-preview', 'full'), 'identity'), 'principalId'), '')]" }, "defaultDomain": { "type": "string", diff --git a/avm/res/app/managed-environment/tests/e2e/max/dependencies.bicep b/avm/res/app/managed-environment/tests/e2e/max/dependencies.bicep index f47f815af6..6c836f75d6 100644 --- a/avm/res/app/managed-environment/tests/e2e/max/dependencies.bicep +++ b/avm/res/app/managed-environment/tests/e2e/max/dependencies.bicep @@ -55,7 +55,7 @@ resource virtualNetwork 'Microsoft.Network/virtualNetworks@2023-04-01' = { { name: 'defaultSubnet' properties: { - addressPrefix: cidrSubnet(addressPrefix, 16, 0) + addressPrefix: cidrSubnet(addressPrefix, 23, 0) delegations: [ { name: 'Microsoft.App.environments' @@ -138,4 +138,4 @@ output managedIdentityResourceId string = managedIdentity.id output appInsightsConnectionString string = appInsightsComponent.properties.ConnectionString @description('The name of the created Storage Account.') -output storageAccountName string = storageAccount.name \ No newline at end of file +output storageAccountName string = storageAccount.name diff --git a/avm/res/app/managed-environment/tests/e2e/max/main.test.bicep b/avm/res/app/managed-environment/tests/e2e/max/main.test.bicep index cf2aa74145..582c1734c7 100644 --- a/avm/res/app/managed-environment/tests/e2e/max/main.test.bicep +++ b/avm/res/app/managed-environment/tests/e2e/max/main.test.bicep @@ -67,6 +67,7 @@ module testDeployment '../../../main.bicep' = [ ] internal: true dockerBridgeCidr: '172.16.0.1/28' + peerTrafficEncryption: true platformReservedCidr: '172.17.17.0/24' platformReservedDnsIP: '172.17.17.17' infrastructureSubnetId: nestedDependencies.outputs.subnetResourceId diff --git a/avm/res/app/managed-environment/version.json b/avm/res/app/managed-environment/version.json index e42c3d9e5f..35040975ae 100644 --- a/avm/res/app/managed-environment/version.json +++ b/avm/res/app/managed-environment/version.json @@ -1,7 +1,7 @@ { "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.6", + "version": "0.7", "pathFilters": [ "./main.json" ] -} \ No newline at end of file +} diff --git a/avm/res/db-for-my-sql/flexible-server/README.md b/avm/res/db-for-my-sql/flexible-server/README.md index f318fec9b2..e28b5db4f8 100644 --- a/avm/res/db-for-my-sql/flexible-server/README.md +++ b/avm/res/db-for-my-sql/flexible-server/README.md @@ -178,7 +178,7 @@ module flexibleServer 'br/public:avm/res/db-for-my-sql/flexible-server: } ] geoRedundantBackup: 'Enabled' - highAvailability: 'SameZone' + highAvailability: 'ZoneRedundant' location: '' lock: { kind: 'CanNotDelete' @@ -323,7 +323,7 @@ module flexibleServer 'br/public:avm/res/db-for-my-sql/flexible-server: "value": "Enabled" }, "highAvailability": { - "value": "SameZone" + "value": "ZoneRedundant" }, "location": { "value": "" diff --git a/avm/res/db-for-my-sql/flexible-server/main.json b/avm/res/db-for-my-sql/flexible-server/main.json index be16a52fcc..ce118494a1 100644 --- a/avm/res/db-for-my-sql/flexible-server/main.json +++ b/avm/res/db-for-my-sql/flexible-server/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "13929385437976763418" + "version": "0.29.47.4906", + "templateHash": "12125422157581852477" }, "name": "DBforMySQL Flexible Servers", "description": "This module deploys a DBforMySQL Flexible Server.", diff --git a/avm/res/db-for-my-sql/flexible-server/tests/e2e/max/main.test.bicep b/avm/res/db-for-my-sql/flexible-server/tests/e2e/max/main.test.bicep index 34a88c3a37..0255def79e 100644 --- a/avm/res/db-for-my-sql/flexible-server/tests/e2e/max/main.test.bicep +++ b/avm/res/db-for-my-sql/flexible-server/tests/e2e/max/main.test.bicep @@ -157,7 +157,7 @@ module testDeployment '../../../main.bicep' = [ startIpAddress: '100.100.100.1' } ] - highAvailability: 'SameZone' + highAvailability: 'ZoneRedundant' storageAutoGrow: 'Enabled' version: '8.0.21' customerManagedKey: { diff --git a/avm/res/db-for-postgre-sql/flexible-server/README.md b/avm/res/db-for-postgre-sql/flexible-server/README.md index 6986b8fee6..9bcd1bf2a3 100644 --- a/avm/res/db-for-postgre-sql/flexible-server/README.md +++ b/avm/res/db-for-postgre-sql/flexible-server/README.md @@ -53,12 +53,18 @@ module flexibleServer 'br/public:avm/res/db-for-postgre-sql/flexible-server:' + administrators: [ + { + objectId: '' + principalName: '' + principalType: 'ServicePrincipal' + } + ] geoRedundantBackup: 'Enabled' + highAvailability: 'ZoneRedundant' location: '' } } @@ -81,21 +87,27 @@ module flexibleServer 'br/public:avm/res/db-for-postgre-sql/flexible-server:" + "administrators": { + "value": [ + { + "objectId": "", + "principalName": "", + "principalType": "ServicePrincipal" + } + ] }, "geoRedundantBackup": { "value": "Enabled" }, + "highAvailability": { + "value": "ZoneRedundant" + }, "location": { "value": "" } @@ -697,7 +709,14 @@ module flexibleServer 'br/public:avm/res/db-for-postgre-sql/flexible-server:' + maintenanceWindow: { + customWindow: 'Enabled' + dayOfWeek: 0 + startHour: 1 + startMinute: 0 + } privateDnsZoneArmResourceId: '' tags: { Environment: 'Non-Prod' @@ -782,9 +801,20 @@ module flexibleServer 'br/public:avm/res/db-for-postgre-sql/flexible-server:" }, + "maintenanceWindow": { + "value": { + "customWindow": "Enabled", + "dayOfWeek": 0, + "startHour": 1, + "startMinute": 0 + } + }, "privateDnsZoneArmResourceId": { "value": "" }, @@ -1314,7 +1344,15 @@ Properties for the maintenence window. If provided, 'customWindow' property must - Required: No - Type: object -- Default: `{}` +- Default: + ```Bicep + { + customWindow: 'Enabled' + dayOfWeek: 0 + startHour: 1 + startMinute: 0 + } + ``` ### Parameter: `passwordAuth` @@ -1361,6 +1399,7 @@ Array of role assignments to create. | [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | | [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | | [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`name`](#parameter-roleassignmentsname) | string | The name (as GUID) of the role assignment. If not provided, a GUID will be generated. | | [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | ### Parameter: `roleAssignments.principalId` @@ -1411,6 +1450,13 @@ The description of the role assignment. - Required: No - Type: string +### Parameter: `roleAssignments.name` + +The name (as GUID) of the role assignment. If not provided, a GUID will be generated. + +- Required: No +- Type: string + ### Parameter: `roleAssignments.principalType` The principal type of the assigned principal ID. @@ -1472,7 +1518,7 @@ PostgreSQL Server version. - Required: No - Type: string -- Default: `'15'` +- Default: `'16'` - Allowed: ```Bicep [ @@ -1481,6 +1527,7 @@ PostgreSQL Server version. '13' '14' '15' + '16' ] ``` diff --git a/avm/res/db-for-postgre-sql/flexible-server/administrator/main.json b/avm/res/db-for-postgre-sql/flexible-server/administrator/main.json index 69197e9646..b7337b4766 100644 --- a/avm/res/db-for-postgre-sql/flexible-server/administrator/main.json +++ b/avm/res/db-for-postgre-sql/flexible-server/administrator/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "17302939650459446486" + "version": "0.29.47.4906", + "templateHash": "9786947819042824705" }, "name": "DBforPostgreSQL Flexible Server Administrators", "description": "This module deploys a DBforPostgreSQL Flexible Server Administrator.", diff --git a/avm/res/db-for-postgre-sql/flexible-server/configuration/main.json b/avm/res/db-for-postgre-sql/flexible-server/configuration/main.json index 82ff31c783..8903e9ef21 100644 --- a/avm/res/db-for-postgre-sql/flexible-server/configuration/main.json +++ b/avm/res/db-for-postgre-sql/flexible-server/configuration/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "4808844582468160626" + "version": "0.29.47.4906", + "templateHash": "3802666632340288344" }, "name": "DBforPostgreSQL Flexible Server Configurations", "description": "This module deploys a DBforPostgreSQL Flexible Server Configuration.", diff --git a/avm/res/db-for-postgre-sql/flexible-server/database/main.json b/avm/res/db-for-postgre-sql/flexible-server/database/main.json index a628aabe2a..1b15b5c7a4 100644 --- a/avm/res/db-for-postgre-sql/flexible-server/database/main.json +++ b/avm/res/db-for-postgre-sql/flexible-server/database/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "12256776332622303948" + "version": "0.29.47.4906", + "templateHash": "17501165975344742322" }, "name": "DBforPostgreSQL Flexible Server Databases", "description": "This module deploys a DBforPostgreSQL Flexible Server Database.", diff --git a/avm/res/db-for-postgre-sql/flexible-server/firewall-rule/main.json b/avm/res/db-for-postgre-sql/flexible-server/firewall-rule/main.json index b7c6ec5209..572f886bfe 100644 --- a/avm/res/db-for-postgre-sql/flexible-server/firewall-rule/main.json +++ b/avm/res/db-for-postgre-sql/flexible-server/firewall-rule/main.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.26.170.59819", - "templateHash": "12309357869547394167" + "version": "0.29.47.4906", + "templateHash": "5110779562094536429" }, "name": "DBforPostgreSQL Flexible Server Firewall Rules", "description": "This module deploys a DBforPostgreSQL Flexible Server Firewall Rule.", diff --git a/avm/res/db-for-postgre-sql/flexible-server/main.bicep b/avm/res/db-for-postgre-sql/flexible-server/main.bicep index 58f76dcdfe..fc8b5d923c 100644 --- a/avm/res/db-for-postgre-sql/flexible-server/main.bicep +++ b/avm/res/db-for-postgre-sql/flexible-server/main.bicep @@ -89,9 +89,10 @@ param storageSizeGB int = 32 '13' '14' '15' + '16' ]) @description('Optional. PostgreSQL Server version.') -param version string = '15' +param version string = '16' @allowed([ 'Disabled' @@ -117,7 +118,12 @@ param managedIdentities managedIdentitiesType param customerManagedKey customerManagedKeyType @description('Optional. Properties for the maintenence window. If provided, \'customWindow\' property must exist and set to \'Enabled\'.') -param maintenanceWindow object = {} +param maintenanceWindow object = { + customWindow: 'Enabled' + dayOfWeek: 0 + startHour: 1 + startMinute: 0 +} @description('Conditional. Required if \'createMode\' is set to \'PointInTimeRestore\'.') param pointInTimeUTC string = '' @@ -182,6 +188,17 @@ var builtInRoleNames = { ) } +var formattedRoleAssignments = [ + for (roleAssignment, index) in (roleAssignments ?? []): union(roleAssignment, { + roleDefinitionId: builtInRoleNames[?roleAssignment.roleDefinitionIdOrName] ?? (contains( + roleAssignment.roleDefinitionIdOrName, + '/providers/Microsoft.Authorization/roleDefinitions/' + ) + ? roleAssignment.roleDefinitionIdOrName + : subscriptionResourceId('Microsoft.Authorization/roleDefinitions', roleAssignment.roleDefinitionIdOrName)) + }) +] + #disable-next-line no-deployments-resources resource avmTelemetry 'Microsoft.Resources/deployments@2024-03-01' = if (enableTelemetry) { name: '46d3xbcp.res.dbforpostgresql-flexibleserver.${replace('-..--..-', '.', '-')}.${substring(uniqueString(deployment().name, location), 0, 4)}' @@ -292,14 +309,10 @@ resource flexibleServer_lock 'Microsoft.Authorization/locks@2020-05-01' = if (!e } resource flexibleServer_roleAssignments 'Microsoft.Authorization/roleAssignments@2022-04-01' = [ - for (roleAssignment, index) in (roleAssignments ?? []): { - name: guid(flexibleServer.id, roleAssignment.principalId, roleAssignment.roleDefinitionIdOrName) + for (roleAssignment, index) in (formattedRoleAssignments ?? []): { + name: roleAssignment.?name ?? guid(flexibleServer.id, roleAssignment.principalId, roleAssignment.roleDefinitionId) properties: { - roleDefinitionId: contains(builtInRoleNames, roleAssignment.roleDefinitionIdOrName) - ? builtInRoleNames[roleAssignment.roleDefinitionIdOrName] - : contains(roleAssignment.roleDefinitionIdOrName, '/providers/Microsoft.Authorization/roleDefinitions/') - ? roleAssignment.roleDefinitionIdOrName - : subscriptionResourceId('Microsoft.Authorization/roleDefinitions', roleAssignment.roleDefinitionIdOrName) + roleDefinitionId: roleAssignment.roleDefinitionId principalId: roleAssignment.principalId description: roleAssignment.?description principalType: roleAssignment.?principalType @@ -317,8 +330,8 @@ module flexibleServer_databases 'database/main.bicep' = [ params: { name: database.name flexibleServerName: flexibleServer.name - collation: contains(database, 'collation') ? database.collation : '' - charset: contains(database, 'charset') ? database.charset : '' + collation: database.?collation ?? '' + charset: database.?charset ?? '' } } ] @@ -345,8 +358,8 @@ module flexibleServer_configurations 'configuration/main.bicep' = [ params: { name: configuration.name flexibleServerName: flexibleServer.name - source: contains(configuration, 'source') ? configuration.source : '' - value: contains(configuration, 'value') ? configuration.value : '' + source: configuration.?source ?? '' + value: configuration.?value ?? '' } dependsOn: [ flexibleServer_firewallRules @@ -362,7 +375,7 @@ module flexibleServer_administrators 'administrator/main.bicep' = [ objectId: administrator.objectId principalName: administrator.principalName principalType: administrator.principalType - tenantId: contains(administrator, 'tenantId') ? administrator.tenantId : tenant().tenantId + tenantId: administrator.?tenantId ?? tenant().tenantId } } ] @@ -429,6 +442,9 @@ type lockType = { }? type roleAssignmentType = { + @description('Optional. The name (as GUID) of the role assignment. If not provided, a GUID will be generated.') + name: string? + @description('Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') roleDefinitionIdOrName: string diff --git a/avm/res/db-for-postgre-sql/flexible-server/main.json b/avm/res/db-for-postgre-sql/flexible-server/main.json index f89dcb945d..3b358952cf 100644 --- a/avm/res/db-for-postgre-sql/flexible-server/main.json +++ b/avm/res/db-for-postgre-sql/flexible-server/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "6917599378543885817" + "version": "0.29.47.4906", + "templateHash": "6369286683210643119" }, "name": "DBforPostgreSQL Flexible Servers", "description": "This module deploys a DBforPostgreSQL Flexible Server.", @@ -58,6 +58,13 @@ "items": { "type": "object", "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name (as GUID) of the role assignment. If not provided, a GUID will be generated." + } + }, "roleDefinitionIdOrName": { "type": "string", "metadata": { @@ -406,13 +413,14 @@ }, "version": { "type": "string", - "defaultValue": "15", + "defaultValue": "16", "allowedValues": [ "11", "12", "13", "14", - "15" + "15", + "16" ], "metadata": { "description": "Optional. PostgreSQL Server version." @@ -457,7 +465,12 @@ }, "maintenanceWindow": { "type": "object", - "defaultValue": {}, + "defaultValue": { + "customWindow": "Enabled", + "dayOfWeek": 0, + "startHour": 1, + "startMinute": 0 + }, "metadata": { "description": "Optional. Properties for the maintenence window. If provided, 'customWindow' property must exist and set to 'Enabled'." } @@ -545,6 +558,13 @@ } }, "variables": { + "copy": [ + { + "name": "formattedRoleAssignments", + "count": "[length(coalesce(parameters('roleAssignments'), createArray()))]", + "input": "[union(coalesce(parameters('roleAssignments'), createArray())[copyIndex('formattedRoleAssignments')], createObject('roleDefinitionId', coalesce(tryGet(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex('formattedRoleAssignments')].roleDefinitionIdOrName), if(contains(coalesce(parameters('roleAssignments'), createArray())[copyIndex('formattedRoleAssignments')].roleDefinitionIdOrName, '/providers/Microsoft.Authorization/roleDefinitions/'), coalesce(parameters('roleAssignments'), createArray())[copyIndex('formattedRoleAssignments')].roleDefinitionIdOrName, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', coalesce(parameters('roleAssignments'), createArray())[copyIndex('formattedRoleAssignments')].roleDefinitionIdOrName)))))]" + } + ], "formattedUserAssignedIdentities": "[reduce(map(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createArray()), lambda('id', createObject(format('{0}', lambdaVariables('id')), createObject()))), createObject(), lambda('cur', 'next', union(lambdaVariables('cur'), lambdaVariables('next'))))]", "identity": "[if(not(empty(parameters('managedIdentities'))), createObject('type', if(not(empty(coalesce(tryGet(parameters('managedIdentities'), 'userAssignedResourceIds'), createObject()))), 'UserAssigned', 'None'), 'userAssignedIdentities', if(not(empty(variables('formattedUserAssignedIdentities'))), variables('formattedUserAssignedIdentities'), null())), null())]", "builtInRoleNames": { @@ -667,20 +687,20 @@ "flexibleServer_roleAssignments": { "copy": { "name": "flexibleServer_roleAssignments", - "count": "[length(coalesce(parameters('roleAssignments'), createArray()))]" + "count": "[length(coalesce(variables('formattedRoleAssignments'), createArray()))]" }, "type": "Microsoft.Authorization/roleAssignments", "apiVersion": "2022-04-01", "scope": "[format('Microsoft.DBforPostgreSQL/flexibleServers/{0}', parameters('name'))]", - "name": "[guid(resourceId('Microsoft.DBforPostgreSQL/flexibleServers', parameters('name')), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId, coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)]", + "name": "[coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'name'), guid(resourceId('Microsoft.DBforPostgreSQL/flexibleServers', parameters('name')), coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId, coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId))]", "properties": { - "roleDefinitionId": "[if(contains(variables('builtInRoleNames'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName), variables('builtInRoleNames')[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName], if(contains(coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName, '/providers/Microsoft.Authorization/roleDefinitions/'), coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName, subscriptionResourceId('Microsoft.Authorization/roleDefinitions', coalesce(parameters('roleAssignments'), createArray())[copyIndex()].roleDefinitionIdOrName)))]", - "principalId": "[coalesce(parameters('roleAssignments'), createArray())[copyIndex()].principalId]", - "description": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'description')]", - "principalType": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'principalType')]", - "condition": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition')]", - "conditionVersion": "[if(not(empty(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'condition'))), coalesce(tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'conditionVersion'), '2.0'), null())]", - "delegatedManagedIdentityResourceId": "[tryGet(coalesce(parameters('roleAssignments'), createArray())[copyIndex()], 'delegatedManagedIdentityResourceId')]" + "roleDefinitionId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].roleDefinitionId]", + "principalId": "[coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()].principalId]", + "description": "[tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'description')]", + "principalType": "[tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'principalType')]", + "condition": "[tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'condition')]", + "conditionVersion": "[if(not(empty(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'condition'))), coalesce(tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'conditionVersion'), '2.0'), null())]", + "delegatedManagedIdentityResourceId": "[tryGet(coalesce(variables('formattedRoleAssignments'), createArray())[copyIndex()], 'delegatedManagedIdentityResourceId')]" }, "dependsOn": [ "flexibleServer" @@ -747,8 +767,12 @@ "flexibleServerName": { "value": "[parameters('name')]" }, - "collation": "[if(contains(parameters('databases')[copyIndex()], 'collation'), createObject('value', parameters('databases')[copyIndex()].collation), createObject('value', ''))]", - "charset": "[if(contains(parameters('databases')[copyIndex()], 'charset'), createObject('value', parameters('databases')[copyIndex()].charset), createObject('value', ''))]" + "collation": { + "value": "[coalesce(tryGet(parameters('databases')[copyIndex()], 'collation'), '')]" + }, + "charset": { + "value": "[coalesce(tryGet(parameters('databases')[copyIndex()], 'charset'), '')]" + } }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", @@ -756,8 +780,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "6060199938382421423" + "version": "0.29.47.4906", + "templateHash": "17501165975344742322" }, "name": "DBforPostgreSQL Flexible Server Databases", "description": "This module deploys a DBforPostgreSQL Flexible Server Database.", @@ -864,8 +888,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "18047073594923038356" + "version": "0.29.47.4906", + "templateHash": "5110779562094536429" }, "name": "DBforPostgreSQL Flexible Server Firewall Rules", "description": "This module deploys a DBforPostgreSQL Flexible Server Firewall Rule.", @@ -960,8 +984,12 @@ "flexibleServerName": { "value": "[parameters('name')]" }, - "source": "[if(contains(parameters('configurations')[copyIndex()], 'source'), createObject('value', parameters('configurations')[copyIndex()].source), createObject('value', ''))]", - "value": "[if(contains(parameters('configurations')[copyIndex()], 'value'), createObject('value', parameters('configurations')[copyIndex()].value), createObject('value', ''))]" + "source": { + "value": "[coalesce(tryGet(parameters('configurations')[copyIndex()], 'source'), '')]" + }, + "value": { + "value": "[coalesce(tryGet(parameters('configurations')[copyIndex()], 'value'), '')]" + } }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", @@ -969,8 +997,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "1739518705583408324" + "version": "0.29.47.4906", + "templateHash": "3802666632340288344" }, "name": "DBforPostgreSQL Flexible Server Configurations", "description": "This module deploys a DBforPostgreSQL Flexible Server Configuration.", @@ -1071,7 +1099,9 @@ "principalType": { "value": "[parameters('administrators')[copyIndex()].principalType]" }, - "tenantId": "[if(contains(parameters('administrators')[copyIndex()], 'tenantId'), createObject('value', parameters('administrators')[copyIndex()].tenantId), createObject('value', tenant().tenantId))]" + "tenantId": { + "value": "[coalesce(tryGet(parameters('administrators')[copyIndex()], 'tenantId'), tenant().tenantId)]" + } }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", @@ -1079,8 +1109,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.28.1.47646", - "templateHash": "18164580138640455419" + "version": "0.29.47.4906", + "templateHash": "9786947819042824705" }, "name": "DBforPostgreSQL Flexible Server Administrators", "description": "This module deploys a DBforPostgreSQL Flexible Server Administrator.", diff --git a/avm/res/db-for-postgre-sql/flexible-server/tests/e2e/defaults/dependencies.bicep b/avm/res/db-for-postgre-sql/flexible-server/tests/e2e/defaults/dependencies.bicep new file mode 100644 index 0000000000..7ddc0bfb00 --- /dev/null +++ b/avm/res/db-for-postgre-sql/flexible-server/tests/e2e/defaults/dependencies.bicep @@ -0,0 +1,16 @@ +@description('Optional. The location to deploy to.') +param location string = resourceGroup().location + +@description('Required. The name of the Managed Identity to create.') +param managedIdentityName string + +resource managedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = { + name: managedIdentityName + location: location +} + +@description('The client ID of the created Managed Identity.') +output managedIdentityClientId string = managedIdentity.properties.clientId + +@description('The name of the created Managed Identity.') +output managedIdentityName string = managedIdentity.name diff --git a/avm/res/db-for-postgre-sql/flexible-server/tests/e2e/defaults/main.test.bicep b/avm/res/db-for-postgre-sql/flexible-server/tests/e2e/defaults/main.test.bicep index f7848f4b41..6c56f5b441 100644 --- a/avm/res/db-for-postgre-sql/flexible-server/tests/e2e/defaults/main.test.bicep +++ b/avm/res/db-for-postgre-sql/flexible-server/tests/e2e/defaults/main.test.bicep @@ -17,10 +17,6 @@ param resourceLocation string = deployment().location @description('Optional. A short identifier for the kind of deployment. Should be kept short to not run into resource-name length-constraints.') param serviceShort string = 'dfpsfsmin' -@description('Optional. The password to leverage for the login.') -@secure() -param password string = newGuid() - @description('Optional. A token to inject into the name of each resource.') param namePrefix string = '#_namePrefix_#' @@ -35,21 +31,37 @@ resource resourceGroup 'Microsoft.Resources/resourceGroups@2023-07-01' = { location: resourceLocation } +module nestedDependencies 'dependencies.bicep' = { + scope: resourceGroup + name: '${uniqueString(deployment().name, resourceLocation)}-nestedDependencies' + params: { + managedIdentityName: 'dep-${namePrefix}-msi-${serviceShort}' + location: resourceLocation + } +} // ============== // // Test Execution // // ============== // @batchSize(1) -module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' ]: { - scope: resourceGroup - name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}' - params: { - name: '${namePrefix}${serviceShort}001' - location: resourceLocation - administratorLogin: 'adminUserName' - administratorLoginPassword: password - skuName: 'Standard_B2s' - tier: 'Burstable' - geoRedundantBackup: 'Enabled' +module testDeployment '../../../main.bicep' = [ + for iteration in ['init', 'idem']: { + scope: resourceGroup + name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}' + params: { + name: '${namePrefix}${serviceShort}001' + location: resourceLocation + administrators: [ + { + objectId: nestedDependencies.outputs.managedIdentityClientId + principalName: nestedDependencies.outputs.managedIdentityName + principalType: 'ServicePrincipal' + } + ] + skuName: 'Standard_D2s_v3' + tier: 'GeneralPurpose' + geoRedundantBackup: 'Enabled' + highAvailability: 'ZoneRedundant' + } } -}] +] diff --git a/avm/res/db-for-postgre-sql/flexible-server/tests/e2e/public/main.test.bicep b/avm/res/db-for-postgre-sql/flexible-server/tests/e2e/public/main.test.bicep index 834c02cbb9..01b6ee55cc 100644 --- a/avm/res/db-for-postgre-sql/flexible-server/tests/e2e/public/main.test.bicep +++ b/avm/res/db-for-postgre-sql/flexible-server/tests/e2e/public/main.test.bicep @@ -59,99 +59,100 @@ module diagnosticDependencies '../../../../../../utilities/e2e-template-assets/t // ============== // @batchSize(1) -module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' ]: { - scope: resourceGroup - name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}' - params: { - name: '${namePrefix}${serviceShort}001' - administrators: [ - { - objectId: nestedDependencies.outputs.managedIdentityClientId - principalName: nestedDependencies.outputs.managedIdentityName - principalType: 'ServicePrincipal' - } - ] - skuName: 'Standard_D2s_v3' - tier: 'GeneralPurpose' - backupRetentionDays: 20 - configurations: [ - { - name: 'log_min_messages' - source: 'user-override' - value: 'INFO' - } - ] - databases: [ - { - charset: 'UTF8' - collation: 'en_US.utf8' - name: 'testdb1' - } - { - name: 'testdb2' - } - ] - roleAssignments: [ - { - roleDefinitionIdOrName: 'Owner' - principalId: nestedDependencies.outputs.managedIdentityPrincipalId - principalType: 'ServicePrincipal' - } - { - roleDefinitionIdOrName: 'b24988ac-6180-42a0-ab88-20f7382dd24c' - principalId: nestedDependencies.outputs.managedIdentityPrincipalId - principalType: 'ServicePrincipal' +module testDeployment '../../../main.bicep' = [ + for iteration in ['init', 'idem']: { + scope: resourceGroup + name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}' + params: { + name: '${namePrefix}${serviceShort}001' + administrators: [ + { + objectId: nestedDependencies.outputs.managedIdentityClientId + principalName: nestedDependencies.outputs.managedIdentityName + principalType: 'ServicePrincipal' + } + ] + skuName: 'Standard_D2s_v3' + tier: 'GeneralPurpose' + backupRetentionDays: 20 + configurations: [ + { + name: 'log_min_messages' + source: 'user-override' + value: 'INFO' + } + ] + databases: [ + { + charset: 'UTF8' + collation: 'en_US.utf8' + name: 'testdb1' + } + { + name: 'testdb2' + } + ] + roleAssignments: [ + { + roleDefinitionIdOrName: 'Owner' + principalId: nestedDependencies.outputs.managedIdentityPrincipalId + principalType: 'ServicePrincipal' + } + { + roleDefinitionIdOrName: 'b24988ac-6180-42a0-ab88-20f7382dd24c' + principalId: nestedDependencies.outputs.managedIdentityPrincipalId + principalType: 'ServicePrincipal' + } + { + roleDefinitionIdOrName: subscriptionResourceId( + 'Microsoft.Authorization/roleDefinitions', + 'acdd72a7-3385-48ef-bd42-f606fba81ae7' + ) + principalId: nestedDependencies.outputs.managedIdentityPrincipalId + principalType: 'ServicePrincipal' + } + ] + diagnosticSettings: [ + { + name: 'customSetting' + metricCategories: [ + { + category: 'AllMetrics' + } + ] + eventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName + eventHubAuthorizationRuleResourceId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId + storageAccountResourceId: diagnosticDependencies.outputs.storageAccountResourceId + workspaceResourceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId + } + ] + firewallRules: [ + { + endIpAddress: '0.0.0.0' + name: 'AllowAllWindowsAzureIps' + startIpAddress: '0.0.0.0' + } + { + endIpAddress: '10.10.10.10' + name: 'test-rule1' + startIpAddress: '10.10.10.1' + } + { + endIpAddress: '100.100.100.10' + name: 'test-rule2' + startIpAddress: '100.100.100.1' + } + ] + geoRedundantBackup: 'Disabled' + highAvailability: 'SameZone' + location: resourceLocation + storageSizeGB: 1024 + version: '14' + tags: { + 'hidden-title': 'This is visible in the resource name' + Environment: 'Non-Prod' + Role: 'DeploymentValidation' } - { - roleDefinitionIdOrName: subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - principalId: nestedDependencies.outputs.managedIdentityPrincipalId - principalType: 'ServicePrincipal' - } - ] - diagnosticSettings: [ - { - name: 'customSetting' - metricCategories: [ - { - category: 'AllMetrics' - } - ] - eventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName - eventHubAuthorizationRuleResourceId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId - storageAccountResourceId: diagnosticDependencies.outputs.storageAccountResourceId - workspaceResourceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId - } - ] - firewallRules: [ - { - endIpAddress: '0.0.0.0' - name: 'AllowAllWindowsAzureIps' - startIpAddress: '0.0.0.0' - } - { - endIpAddress: '10.10.10.10' - name: 'test-rule1' - startIpAddress: '10.10.10.1' - } - { - endIpAddress: '100.100.100.10' - name: 'test-rule2' - startIpAddress: '100.100.100.1' - } - ] - geoRedundantBackup: 'Disabled' - highAvailability: 'SameZone' - location: resourceLocation - storageSizeGB: 1024 - version: '14' - tags: { - 'hidden-title': 'This is visible in the resource name' - Environment: 'Non-Prod' - Role: 'DeploymentValidation' } } - dependsOn: [ - nestedDependencies - diagnosticDependencies - ] -}] +] diff --git a/avm/res/db-for-postgre-sql/flexible-server/tests/e2e/waf-aligned/main.test.bicep b/avm/res/db-for-postgre-sql/flexible-server/tests/e2e/waf-aligned/main.test.bicep index 395890f8fb..f33e849678 100644 --- a/avm/res/db-for-postgre-sql/flexible-server/tests/e2e/waf-aligned/main.test.bicep +++ b/avm/res/db-for-postgre-sql/flexible-server/tests/e2e/waf-aligned/main.test.bicep @@ -62,62 +62,71 @@ module diagnosticDependencies '../../../../../../utilities/e2e-template-assets/t // ============== // @batchSize(1) -module testDeployment '../../../main.bicep' = [for iteration in [ 'init', 'idem' ]: { - scope: resourceGroup - name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}' - params: { - name: '${namePrefix}${serviceShort}001' - location: resourceLocation - administrators: [ - { - objectId: nestedDependencies.outputs.managedIdentityClientId - principalName: nestedDependencies.outputs.managedIdentityName - principalType: 'ServicePrincipal' - } - ] - skuName: 'Standard_D2s_v3' - tier: 'GeneralPurpose' - configurations: [ - { - name: 'log_min_messages' - source: 'user-override' - value: 'INFO' - } - { - name: 'autovacuum_naptime' - source: 'user-override' - value: '80' +module testDeployment '../../../main.bicep' = [ + for iteration in ['init', 'idem']: { + scope: resourceGroup + name: '${uniqueString(deployment().name, resourceLocation)}-test-${serviceShort}-${iteration}' + params: { + name: '${namePrefix}${serviceShort}001' + location: resourceLocation + administrators: [ + { + objectId: nestedDependencies.outputs.managedIdentityClientId + principalName: nestedDependencies.outputs.managedIdentityName + principalType: 'ServicePrincipal' + } + ] + skuName: 'Standard_D2s_v3' + tier: 'GeneralPurpose' + configurations: [ + { + name: 'log_min_messages' + source: 'user-override' + value: 'INFO' + } + { + name: 'autovacuum_naptime' + source: 'user-override' + value: '80' + } + ] + databases: [ + { + charset: 'UTF8' + collation: 'en_US.utf8' + name: 'testdb1' + } + { + name: 'testdb2' + } + ] + delegatedSubnetResourceId: nestedDependencies.outputs.subnetResourceId + diagnosticSettings: [ + { + eventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName + eventHubAuthorizationRuleResourceId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId + storageAccountResourceId: diagnosticDependencies.outputs.storageAccountResourceId + workspaceResourceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId + } + ] + geoRedundantBackup: 'Enabled' + privateDnsZoneArmResourceId: nestedDependencies.outputs.privateDNSZoneResourceId + tags: { + 'hidden-title': 'This is visible in the resource name' + Environment: 'Non-Prod' + Role: 'DeploymentValidation' } - ] - databases: [ - { - charset: 'UTF8' - collation: 'en_US.utf8' - name: 'testdb1' - } - { - name: 'testdb2' - } - ] - delegatedSubnetResourceId: nestedDependencies.outputs.subnetResourceId - diagnosticSettings: [ - { - eventHubName: diagnosticDependencies.outputs.eventHubNamespaceEventHubName - eventHubAuthorizationRuleResourceId: diagnosticDependencies.outputs.eventHubAuthorizationRuleId - storageAccountResourceId: diagnosticDependencies.outputs.storageAccountResourceId - workspaceResourceId: diagnosticDependencies.outputs.logAnalyticsWorkspaceResourceId + maintenanceWindow: { + customWindow: 'Enabled' + dayOfWeek: 0 + startHour: 1 + startMinute: 0 } - ] - geoRedundantBackup: 'Enabled' - privateDnsZoneArmResourceId: nestedDependencies.outputs.privateDNSZoneResourceId - tags: { - 'hidden-title': 'This is visible in the resource name' - Environment: 'Non-Prod' - Role: 'DeploymentValidation' + highAvailability: 'ZoneRedundant' } + dependsOn: [ + nestedDependencies + diagnosticDependencies + ] } - dependsOn: [ - nestedDependencies - diagnosticDependencies - ] -}] +] diff --git a/avm/res/net-app/net-app-account/README.md b/avm/res/net-app/net-app-account/README.md index 20b14b9cb3..50233d816c 100644 --- a/avm/res/net-app/net-app-account/README.md +++ b/avm/res/net-app/net-app-account/README.md @@ -17,12 +17,13 @@ This module deploys an Azure NetApp File. | :-- | :-- | | `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) | | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | -| `Microsoft.NetApp/netAppAccounts` | [2023-07-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2023-07-01/netAppAccounts) | -| `Microsoft.NetApp/netAppAccounts/backupPolicies` | [2023-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2023-11-01/netAppAccounts/backupPolicies) | -| `Microsoft.NetApp/netAppAccounts/backupVaults` | [2023-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2023-05-01-preview/netAppAccounts/backupVaults) | -| `Microsoft.NetApp/netAppAccounts/backupVaults/backups` | [2023-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2023-05-01-preview/netAppAccounts/backupVaults/backups) | -| `Microsoft.NetApp/netAppAccounts/capacityPools` | [2023-07-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2023-07-01/netAppAccounts/capacityPools) | -| `Microsoft.NetApp/netAppAccounts/capacityPools/volumes` | [2023-07-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2023-07-01/netAppAccounts/capacityPools/volumes) | +| `Microsoft.NetApp/netAppAccounts` | [2024-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2024-03-01/netAppAccounts) | +| `Microsoft.NetApp/netAppAccounts/backupPolicies` | [2024-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2024-03-01/netAppAccounts/backupPolicies) | +| `Microsoft.NetApp/netAppAccounts/backupVaults` | [2024-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2024-03-01/netAppAccounts/backupVaults) | +| `Microsoft.NetApp/netAppAccounts/backupVaults/backups` | [2024-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2024-03-01/netAppAccounts/backupVaults/backups) | +| `Microsoft.NetApp/netAppAccounts/capacityPools` | [2024-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2024-03-01/netAppAccounts/capacityPools) | +| `Microsoft.NetApp/netAppAccounts/capacityPools/volumes` | [2024-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2024-03-01/netAppAccounts/capacityPools/volumes) | +| `Microsoft.NetApp/netAppAccounts/snapshotPolicies` | [2024-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2024-03-01/netAppAccounts/snapshotPolicies) | ## Usage examples @@ -115,6 +116,7 @@ module netAppAccount 'br/public:avm/res/net-app/net-app-account:' = { size: 4398046511104 volumes: [ { + encryptionKeySource: '' exportPolicyRules: [ { allowedClients: '0.0.0.0/0' @@ -144,6 +146,7 @@ module netAppAccount 'br/public:avm/res/net-app/net-app-account:' = { ] } { + encryptionKeySource: '' exportPolicyRules: [ { allowedClients: '0.0.0.0/0' @@ -251,6 +254,7 @@ module netAppAccount 'br/public:avm/res/net-app/net-app-account:' = { "size": 4398046511104, "volumes": [ { + "encryptionKeySource": "", "exportPolicyRules": [ { "allowedClients": "0.0.0.0/0", @@ -280,6 +284,7 @@ module netAppAccount 'br/public:avm/res/net-app/net-app-account:' = { ] }, { + "encryptionKeySource": "", "exportPolicyRules": [ { "allowedClients": "0.0.0.0/0", @@ -397,6 +402,7 @@ module netAppAccount 'br/public:avm/res/net-app/net-app-account:' = { size: 4398046511104 volumes: [ { + encryptionKeySource: '' exportPolicyRules: [ { allowedClients: '0.0.0.0/0' @@ -426,6 +432,7 @@ module netAppAccount 'br/public:avm/res/net-app/net-app-account:' = { ] } { + encryptionKeySource: '' name: 'nanaanfs3-vol-002' networkFeatures: 'Standard' protocolTypes: [ @@ -520,6 +527,7 @@ module netAppAccount 'br/public:avm/res/net-app/net-app-account:' = { "size": 4398046511104, "volumes": [ { + "encryptionKeySource": "", "exportPolicyRules": [ { "allowedClients": "0.0.0.0/0", @@ -549,6 +557,7 @@ module netAppAccount 'br/public:avm/res/net-app/net-app-account:' = { ] }, { + "encryptionKeySource": "", "name": "nanaanfs3-vol-002", "networkFeatures": "Standard", "protocolTypes": [ diff --git a/avm/res/net-app/net-app-account/capacity-pool/README.md b/avm/res/net-app/net-app-account/capacity-pool/README.md index 96f2a0f7e9..b0b9dae0d9 100644 --- a/avm/res/net-app/net-app-account/capacity-pool/README.md +++ b/avm/res/net-app/net-app-account/capacity-pool/README.md @@ -15,11 +15,12 @@ This module deploys an Azure NetApp Files Capacity Pool. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | -| `Microsoft.NetApp/netAppAccounts/backupPolicies` | [2023-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2023-11-01/netAppAccounts/backupPolicies) | -| `Microsoft.NetApp/netAppAccounts/backupVaults` | [2023-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2023-05-01-preview/netAppAccounts/backupVaults) | -| `Microsoft.NetApp/netAppAccounts/backupVaults/backups` | [2023-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2023-05-01-preview/netAppAccounts/backupVaults/backups) | -| `Microsoft.NetApp/netAppAccounts/capacityPools` | [2023-07-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2023-07-01/netAppAccounts/capacityPools) | -| `Microsoft.NetApp/netAppAccounts/capacityPools/volumes` | [2023-07-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2023-07-01/netAppAccounts/capacityPools/volumes) | +| `Microsoft.NetApp/netAppAccounts/backupPolicies` | [2024-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2024-03-01/netAppAccounts/backupPolicies) | +| `Microsoft.NetApp/netAppAccounts/backupVaults` | [2024-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2024-03-01/netAppAccounts/backupVaults) | +| `Microsoft.NetApp/netAppAccounts/backupVaults/backups` | [2024-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2024-03-01/netAppAccounts/backupVaults/backups) | +| `Microsoft.NetApp/netAppAccounts/capacityPools` | [2024-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2024-03-01/netAppAccounts/capacityPools) | +| `Microsoft.NetApp/netAppAccounts/capacityPools/volumes` | [2024-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2024-03-01/netAppAccounts/capacityPools/volumes) | +| `Microsoft.NetApp/netAppAccounts/snapshotPolicies` | [2024-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2024-03-01/netAppAccounts/snapshotPolicies) | ## Parameters diff --git a/avm/res/net-app/net-app-account/capacity-pool/main.bicep b/avm/res/net-app/net-app-account/capacity-pool/main.bicep index 921c478b84..60125cc62f 100644 --- a/avm/res/net-app/net-app-account/capacity-pool/main.bicep +++ b/avm/res/net-app/net-app-account/capacity-pool/main.bicep @@ -77,11 +77,11 @@ var formattedRoleAssignments = [ }) ] -resource netAppAccount 'Microsoft.NetApp/netAppAccounts@2023-07-01' existing = { +resource netAppAccount 'Microsoft.NetApp/netAppAccounts@2024-03-01' existing = { name: netAppAccountName } -resource capacityPool 'Microsoft.NetApp/netAppAccounts/capacityPools@2023-07-01' = { +resource capacityPool 'Microsoft.NetApp/netAppAccounts/capacityPools@2024-03-01' = { name: name parent: netAppAccount location: location @@ -105,36 +105,58 @@ module capacityPool_volumes 'volume/main.bicep' = [ name: volume.name location: location serviceLevel: serviceLevel - creationToken: contains(volume, 'creationToken') ? volume.creationToken : volume.name + creationToken: volume.?creationToken ?? volume.name usageThreshold: volume.usageThreshold - protocolTypes: contains(volume, 'protocolTypes') ? volume.protocolTypes : [] + protocolTypes: volume.?protocolTypes ?? [] subnetResourceId: volume.subnetResourceId - exportPolicyRules: contains(volume, 'exportPolicyRules') ? volume.exportPolicyRules : [] - roleAssignments: contains(volume, 'roleAssignments') ? volume.roleAssignments : [] + exportPolicyRules: volume.?exportPolicyRules ?? [] + roleAssignments: volume.?roleAssignments ?? [] networkFeatures: volume.?networkFeatures zones: volume.?zones - coolAccess: contains(volume, 'coolAccess') ? volume.coolAccess : false - coolAccessRetrievalPolicy: contains(volume, 'coolAccessRetrievalPolicy') - ? volume.coolAccessRetrievalPolicy - : 'Default' - coolnessPeriod: contains(volume, 'coolnessPeriod') ? volume.coolnessPeriod : 0 - endpointType: contains(volume, 'endpointType') ? volume.endpointType : '' - remoteVolumeRegion: contains(volume, 'remoteVolumeRegion') ? volume.remoteVolumeRegion : '' - remoteVolumeResourceId: contains(volume, 'remoteVolumeResourceId') ? volume.remoteVolumeResourceId : '' - replicationSchedule: contains(volume, 'replicationSchedule') ? volume.replicationSchedule : '' - backupPolicyName: contains(volume, 'backupPolicyName') ? volume.backupPolicyName : 'backupPolicy' - backupPolicyLocation: contains(volume, 'backupPolicyLocation') ? volume.backupPolicyLocation : '' - dailyBackupsToKeep: contains(volume, 'dailyBackupsToKeep') ? volume.dailyBackupsToKeep : 0 - backupEnabled: contains(volume, 'backupEnabled') ? volume.backupEnabled : false - monthlyBackupsToKeep: contains(volume, 'monthlyBackupsToKeep') ? volume.monthlyBackupsToKeep : 0 - weeklyBackupsToKeep: contains(volume, 'weeklyBackupsToKeep') ? volume.weeklyBackupsToKeep : 0 - backupVaultName: contains(volume, 'backupVaultName') ? volume.backupVaultName : 'vault' - backupVaultLocation: contains(volume, 'backupVaultLocation') ? volume.backupVaultLocation : '' - backupName: contains(volume, 'backupName') ? volume.backupName : 'backup' - backupLabel: contains(volume, 'backupLabel') ? volume.backupLabel : '' - snapshotName: contains(volume, 'snapshotName') ? volume.snapshotName : 'snapshot' - useExistingSnapshot: contains(volume, 'useExistingSnapshot') ? volume.useExistingSnapshot : false - volumeResourceId: contains(volume, 'volumeResourceId') ? volume.volumeResourceId : '' + coolAccess: volume.?coolAccess ?? false + coolAccessRetrievalPolicy: volume.?coolAccessRetrievalPolicy ?? 'Default' + coolnessPeriod: volume.?coolnessPeriod ?? 0 + encryptionKeySource: volume.?encryptionKeySource ?? 'Microsoft.NetApp' + keyVaultPrivateEndpointResourceId: volume.?keyVaultPrivateEndpointResourceId ?? '' + endpointType: volume.?endpointType ?? '' + remoteVolumeRegion: volume.?remoteVolumeRegion ?? '' + remoteVolumeResourceId: volume.?remoteVolumeResourceId ?? '' + replicationSchedule: volume.?replicationSchedule ?? '' + snapshotPolicyId: volume.?snapshotPolicyId ?? '' + snapshotPolicyName: volume.?snapshotPolicyName ?? 'snapshotPolicy' + snapshotPolicyLocation: volume.?snapshotPolicyLocation ?? '' + snapEnabled: volume.?snapEnabled ?? false + dailyHour: volume.?dailyHour ?? 0 + dailyMinute: volume.?dailyMinute ?? 0 + dailySnapshotsToKeep: volume.?dailySnapshotsToKeep ?? 0 + dailyUsedBytes: volume.?dailyUsedBytes ?? 0 + hourlyMinute: volume.?hourlyMinute ?? 0 + hourlySnapshotsToKeep: volume.?hourlySnapshotsToKeep ?? 0 + hourlyUsedBytes: volume.?hourlyUsedBytes ?? 0 + daysOfMonth: volume.?daysOfMonth ?? '' + monthlyHour: volume.?monthlyHour ?? 0 + monthlyMinute: volume.?monthlyMinute ?? 0 + monthlySnapshotsToKeep: volume.?monthlySnapshotsToKeep ?? 0 + monthlyUsedBytes: volume.?monthlyUsedBytes ?? 0 + weeklyDay: volume.?weeklyDay ?? '' + weeklyHour: volume.?weeklyHour ?? 0 + weeklyMinute: volume.?weeklyMinute ?? 0 + weeklySnapshotsToKeep: volume.?weeklySnapshotsToKeep ?? 0 + weeklyUsedBytes: volume.?weeklyUsedBytes ?? 0 + backupPolicyName: volume.?backupPolicyName ?? 'backupPolicy' + backupPolicyLocation: volume.?backupPolicyLocation ?? '' + dailyBackupsToKeep: volume.?dailyBackupsToKeep ?? 0 + backupEnabled: volume.?backupEnabled ?? false + monthlyBackupsToKeep: volume.?monthlyBackupsToKeep ?? 0 + weeklyBackupsToKeep: volume.?weeklyBackupsToKeep ?? 0 + backupVaultName: volume.?backupVaultName ?? 'vault' + backupVaultLocation: volume.?backupVaultLocation ?? '' + backupName: volume.?backupName ?? 'backup' + backupLabel: volume.?backupLabel ?? '' + snapshotName: volume.?snapshotName ?? 'snapshot' + useExistingSnapshot: volume.?useExistingSnapshot ?? false + volumeResourceId: volume.?volumeResourceId ?? '' + volumeType: volume.?volumeType ?? '' } } ] diff --git a/avm/res/net-app/net-app-account/capacity-pool/main.json b/avm/res/net-app/net-app-account/capacity-pool/main.json index 8492c2efec..b8ed42b918 100644 --- a/avm/res/net-app/net-app-account/capacity-pool/main.json +++ b/avm/res/net-app/net-app-account/capacity-pool/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "2003436184027921318" + "templateHash": "2991493712029822030" }, "name": "Azure NetApp Files Capacity Pools", "description": "This module deploys an Azure NetApp Files Capacity Pool.", @@ -203,12 +203,12 @@ "netAppAccount": { "existing": true, "type": "Microsoft.NetApp/netAppAccounts", - "apiVersion": "2023-07-01", + "apiVersion": "2024-03-01", "name": "[parameters('netAppAccountName')]" }, "capacityPool": { "type": "Microsoft.NetApp/netAppAccounts/capacityPools", - "apiVersion": "2023-07-01", + "apiVersion": "2024-03-01", "name": "[format('{0}/{1}', parameters('netAppAccountName'), parameters('name'))]", "location": "[parameters('location')]", "tags": "[parameters('tags')]", @@ -276,42 +276,162 @@ "serviceLevel": { "value": "[parameters('serviceLevel')]" }, - "creationToken": "[if(contains(parameters('volumes')[copyIndex()], 'creationToken'), createObject('value', parameters('volumes')[copyIndex()].creationToken), createObject('value', parameters('volumes')[copyIndex()].name))]", + "creationToken": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'creationToken'), parameters('volumes')[copyIndex()].name)]" + }, "usageThreshold": { "value": "[parameters('volumes')[copyIndex()].usageThreshold]" }, - "protocolTypes": "[if(contains(parameters('volumes')[copyIndex()], 'protocolTypes'), createObject('value', parameters('volumes')[copyIndex()].protocolTypes), createObject('value', createArray()))]", + "protocolTypes": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'protocolTypes'), createArray())]" + }, "subnetResourceId": { "value": "[parameters('volumes')[copyIndex()].subnetResourceId]" }, - "exportPolicyRules": "[if(contains(parameters('volumes')[copyIndex()], 'exportPolicyRules'), createObject('value', parameters('volumes')[copyIndex()].exportPolicyRules), createObject('value', createArray()))]", - "roleAssignments": "[if(contains(parameters('volumes')[copyIndex()], 'roleAssignments'), createObject('value', parameters('volumes')[copyIndex()].roleAssignments), createObject('value', createArray()))]", + "exportPolicyRules": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'exportPolicyRules'), createArray())]" + }, + "roleAssignments": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'roleAssignments'), createArray())]" + }, "networkFeatures": { "value": "[tryGet(parameters('volumes')[copyIndex()], 'networkFeatures')]" }, "zones": { "value": "[tryGet(parameters('volumes')[copyIndex()], 'zones')]" }, - "coolAccess": "[if(contains(parameters('volumes')[copyIndex()], 'coolAccess'), createObject('value', parameters('volumes')[copyIndex()].coolAccess), createObject('value', false()))]", - "coolAccessRetrievalPolicy": "[if(contains(parameters('volumes')[copyIndex()], 'coolAccessRetrievalPolicy'), createObject('value', parameters('volumes')[copyIndex()].coolAccessRetrievalPolicy), createObject('value', 'Default'))]", - "coolnessPeriod": "[if(contains(parameters('volumes')[copyIndex()], 'coolnessPeriod'), createObject('value', parameters('volumes')[copyIndex()].coolnessPeriod), createObject('value', 0))]", - "endpointType": "[if(contains(parameters('volumes')[copyIndex()], 'endpointType'), createObject('value', parameters('volumes')[copyIndex()].endpointType), createObject('value', ''))]", - "remoteVolumeRegion": "[if(contains(parameters('volumes')[copyIndex()], 'remoteVolumeRegion'), createObject('value', parameters('volumes')[copyIndex()].remoteVolumeRegion), createObject('value', ''))]", - "remoteVolumeResourceId": "[if(contains(parameters('volumes')[copyIndex()], 'remoteVolumeResourceId'), createObject('value', parameters('volumes')[copyIndex()].remoteVolumeResourceId), createObject('value', ''))]", - "replicationSchedule": "[if(contains(parameters('volumes')[copyIndex()], 'replicationSchedule'), createObject('value', parameters('volumes')[copyIndex()].replicationSchedule), createObject('value', ''))]", - "backupPolicyName": "[if(contains(parameters('volumes')[copyIndex()], 'backupPolicyName'), createObject('value', parameters('volumes')[copyIndex()].backupPolicyName), createObject('value', 'backupPolicy'))]", - "backupPolicyLocation": "[if(contains(parameters('volumes')[copyIndex()], 'backupPolicyLocation'), createObject('value', parameters('volumes')[copyIndex()].backupPolicyLocation), createObject('value', ''))]", - "dailyBackupsToKeep": "[if(contains(parameters('volumes')[copyIndex()], 'dailyBackupsToKeep'), createObject('value', parameters('volumes')[copyIndex()].dailyBackupsToKeep), createObject('value', 0))]", - "backupEnabled": "[if(contains(parameters('volumes')[copyIndex()], 'backupEnabled'), createObject('value', parameters('volumes')[copyIndex()].backupEnabled), createObject('value', false()))]", - "monthlyBackupsToKeep": "[if(contains(parameters('volumes')[copyIndex()], 'monthlyBackupsToKeep'), createObject('value', parameters('volumes')[copyIndex()].monthlyBackupsToKeep), createObject('value', 0))]", - "weeklyBackupsToKeep": "[if(contains(parameters('volumes')[copyIndex()], 'weeklyBackupsToKeep'), createObject('value', parameters('volumes')[copyIndex()].weeklyBackupsToKeep), createObject('value', 0))]", - "backupVaultName": "[if(contains(parameters('volumes')[copyIndex()], 'backupVaultName'), createObject('value', parameters('volumes')[copyIndex()].backupVaultName), createObject('value', 'vault'))]", - "backupVaultLocation": "[if(contains(parameters('volumes')[copyIndex()], 'backupVaultLocation'), createObject('value', parameters('volumes')[copyIndex()].backupVaultLocation), createObject('value', ''))]", - "backupName": "[if(contains(parameters('volumes')[copyIndex()], 'backupName'), createObject('value', parameters('volumes')[copyIndex()].backupName), createObject('value', 'backup'))]", - "backupLabel": "[if(contains(parameters('volumes')[copyIndex()], 'backupLabel'), createObject('value', parameters('volumes')[copyIndex()].backupLabel), createObject('value', ''))]", - "snapshotName": "[if(contains(parameters('volumes')[copyIndex()], 'snapshotName'), createObject('value', parameters('volumes')[copyIndex()].snapshotName), createObject('value', 'snapshot'))]", - "useExistingSnapshot": "[if(contains(parameters('volumes')[copyIndex()], 'useExistingSnapshot'), createObject('value', parameters('volumes')[copyIndex()].useExistingSnapshot), createObject('value', false()))]", - "volumeResourceId": "[if(contains(parameters('volumes')[copyIndex()], 'volumeResourceId'), createObject('value', parameters('volumes')[copyIndex()].volumeResourceId), createObject('value', ''))]" + "coolAccess": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'coolAccess'), false())]" + }, + "coolAccessRetrievalPolicy": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'coolAccessRetrievalPolicy'), 'Default')]" + }, + "coolnessPeriod": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'coolnessPeriod'), 0)]" + }, + "encryptionKeySource": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'encryptionKeySource'), 'Microsoft.NetApp')]" + }, + "keyVaultPrivateEndpointResourceId": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'keyVaultPrivateEndpointResourceId'), '')]" + }, + "endpointType": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'endpointType'), '')]" + }, + "remoteVolumeRegion": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'remoteVolumeRegion'), '')]" + }, + "remoteVolumeResourceId": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'remoteVolumeResourceId'), '')]" + }, + "replicationSchedule": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'replicationSchedule'), '')]" + }, + "snapshotPolicyId": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'snapshotPolicyId'), '')]" + }, + "snapshotPolicyName": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'snapshotPolicyName'), 'snapshotPolicy')]" + }, + "snapshotPolicyLocation": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'snapshotPolicyLocation'), '')]" + }, + "snapEnabled": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'snapEnabled'), false())]" + }, + "dailyHour": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'dailyHour'), 0)]" + }, + "dailyMinute": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'dailyMinute'), 0)]" + }, + "dailySnapshotsToKeep": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'dailySnapshotsToKeep'), 0)]" + }, + "dailyUsedBytes": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'dailyUsedBytes'), 0)]" + }, + "hourlyMinute": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'hourlyMinute'), 0)]" + }, + "hourlySnapshotsToKeep": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'hourlySnapshotsToKeep'), 0)]" + }, + "hourlyUsedBytes": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'hourlyUsedBytes'), 0)]" + }, + "daysOfMonth": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'daysOfMonth'), '')]" + }, + "monthlyHour": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'monthlyHour'), 0)]" + }, + "monthlyMinute": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'monthlyMinute'), 0)]" + }, + "monthlySnapshotsToKeep": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'monthlySnapshotsToKeep'), 0)]" + }, + "monthlyUsedBytes": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'monthlyUsedBytes'), 0)]" + }, + "weeklyDay": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'weeklyDay'), '')]" + }, + "weeklyHour": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'weeklyHour'), 0)]" + }, + "weeklyMinute": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'weeklyMinute'), 0)]" + }, + "weeklySnapshotsToKeep": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'weeklySnapshotsToKeep'), 0)]" + }, + "weeklyUsedBytes": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'weeklyUsedBytes'), 0)]" + }, + "backupPolicyName": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'backupPolicyName'), 'backupPolicy')]" + }, + "backupPolicyLocation": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'backupPolicyLocation'), '')]" + }, + "dailyBackupsToKeep": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'dailyBackupsToKeep'), 0)]" + }, + "backupEnabled": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'backupEnabled'), false())]" + }, + "monthlyBackupsToKeep": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'monthlyBackupsToKeep'), 0)]" + }, + "weeklyBackupsToKeep": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'weeklyBackupsToKeep'), 0)]" + }, + "backupVaultName": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'backupVaultName'), 'vault')]" + }, + "backupVaultLocation": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'backupVaultLocation'), '')]" + }, + "backupName": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'backupName'), 'backup')]" + }, + "backupLabel": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'backupLabel'), '')]" + }, + "snapshotName": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'snapshotName'), 'snapshot')]" + }, + "useExistingSnapshot": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'useExistingSnapshot'), false())]" + }, + "volumeResourceId": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'volumeResourceId'), '')]" + }, + "volumeType": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'volumeType'), '')]" + } }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", @@ -321,7 +441,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "1599719170493782479" + "templateHash": "6870432140728658293" }, "name": "Azure NetApp Files Capacity Pool Volumes", "description": "This module deploys an Azure NetApp Files Capacity Pool Volume.", @@ -434,6 +554,18 @@ "description": "Optional. determines the data retrieval behavior from the cool tier to standard storage based on the read pattern for cool access enabled volumes (Default/Never/Read)." } }, + "encryptionKeySource": { + "type": "string", + "metadata": { + "description": "Optional. The source of the encryption key." + } + }, + "keyVaultPrivateEndpointResourceId": { + "type": "string", + "metadata": { + "description": "Optional. The resource ID of the key vault private endpoint." + } + }, "endpointType": { "type": "string", "metadata": { @@ -535,12 +667,146 @@ "description": "Optional. The name of the snapshot." } }, + "snapshotPolicyId": { + "type": "string", + "metadata": { + "description": "Optional. Snapshot Policy ResourceId." + } + }, + "snapshotPolicyName": { + "type": "string", + "metadata": { + "description": "Optional. The name of the snapshot policy." + } + }, + "snapshotPolicyLocation": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. The location of the snapshot policy." + } + }, + "dailyHour": { + "type": "int", + "metadata": { + "description": "Optional. The daily snapshot hour." + } + }, + "dailyMinute": { + "type": "int", + "metadata": { + "description": "Optional. The daily snapshot minute." + } + }, + "dailySnapshotsToKeep": { + "type": "int", + "metadata": { + "description": "Optional. Daily snapshot count to keep." + } + }, + "dailyUsedBytes": { + "type": "int", + "metadata": { + "description": "Optional. Daily snapshot used bytes." + } + }, + "hourlyMinute": { + "type": "int", + "metadata": { + "description": "Optional. The hourly snapshot minute." + } + }, + "hourlySnapshotsToKeep": { + "type": "int", + "metadata": { + "description": "Optional. Hourly snapshot count to keep." + } + }, + "hourlyUsedBytes": { + "type": "int", + "metadata": { + "description": "Optional. Hourly snapshot used bytes." + } + }, + "daysOfMonth": { + "type": "string", + "metadata": { + "description": "Optional. The monthly snapshot day." + } + }, + "monthlyHour": { + "type": "int", + "metadata": { + "description": "Optional. The monthly snapshot hour." + } + }, + "monthlyMinute": { + "type": "int", + "metadata": { + "description": "Optional. The monthly snapshot minute." + } + }, + "monthlySnapshotsToKeep": { + "type": "int", + "metadata": { + "description": "Optional. Monthly snapshot count to keep." + } + }, + "monthlyUsedBytes": { + "type": "int", + "metadata": { + "description": "Optional. Monthly snapshot used bytes." + } + }, + "weeklyDay": { + "type": "string", + "metadata": { + "description": "Optional. The weekly snapshot day." + } + }, + "weeklyHour": { + "type": "int", + "metadata": { + "description": "Optional. The weekly snapshot hour." + } + }, + "weeklyMinute": { + "type": "int", + "metadata": { + "description": "Optional. The weekly snapshot minute." + } + }, + "weeklySnapshotsToKeep": { + "type": "int", + "metadata": { + "description": "Optional. Weekly snapshot count to keep." + } + }, + "weeklyUsedBytes": { + "type": "int", + "metadata": { + "description": "Optional. Weekly snapshot used bytes." + } + }, + "snapEnabled": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Indicates whether the snapshot policy is enabled." + } + }, "volumeResourceId": { "type": "string", "metadata": { "description": "Optional. The resource ID of the volume." } }, + "volumeType": { + "type": "string", + "metadata": { + "description": "Optional. The type of the volume. DataProtection volumes are used for replication." + } + }, "name": { "type": "string", "metadata": { @@ -649,7 +915,7 @@ "netAppAccount::capacityPool": { "existing": true, "type": "Microsoft.NetApp/netAppAccounts/capacityPools", - "apiVersion": "2023-07-01", + "apiVersion": "2024-03-01", "name": "[format('{0}/{1}', parameters('netAppAccountName'), parameters('capacityPoolName'))]", "dependsOn": [ "netAppAccount" @@ -658,24 +924,62 @@ "netAppAccount": { "existing": true, "type": "Microsoft.NetApp/netAppAccounts", - "apiVersion": "2023-07-01", + "apiVersion": "2024-03-01", "name": "[parameters('netAppAccountName')]" }, "volume": { "type": "Microsoft.NetApp/netAppAccounts/capacityPools/volumes", - "apiVersion": "2023-07-01", + "apiVersion": "2024-03-01", "name": "[format('{0}/{1}/{2}', parameters('netAppAccountName'), parameters('capacityPoolName'), parameters('name'))]", "location": "[parameters('location')]", - "properties": "[shallowMerge(createArray(createObject('coolAccess', parameters('coolAccess'), 'coolAccessRetrievalPolicy', parameters('coolAccessRetrievalPolicy'), 'coolnessPeriod', parameters('coolnessPeriod')), if(not(equals(parameters('endpointType'), '')), createObject('dataProtection', createObject('replication', createObject('endpointType', parameters('endpointType'), 'remoteVolumeRegion', parameters('remoteVolumeRegion'), 'remoteVolumeResourceId', parameters('remoteVolumeResourceId'), 'replicationSchedule', parameters('replicationSchedule')))), createObject()), createObject('networkFeatures', parameters('networkFeatures'), 'serviceLevel', parameters('serviceLevel'), 'creationToken', parameters('creationToken'), 'usageThreshold', parameters('usageThreshold'), 'protocolTypes', parameters('protocolTypes'), 'subnetId', parameters('subnetResourceId'), 'exportPolicy', if(not(empty(parameters('exportPolicyRules'))), createObject('rules', parameters('exportPolicyRules')), null()))))]", + "properties": "[shallowMerge(createArray(createObject('coolAccess', parameters('coolAccess'), 'coolAccessRetrievalPolicy', parameters('coolAccessRetrievalPolicy'), 'coolnessPeriod', parameters('coolnessPeriod'), 'encryptionKeySource', parameters('encryptionKeySource')), if(not(equals(parameters('encryptionKeySource'), 'Microsoft.NetApp')), createObject('keyVaultPrivateEndpointResourceId', parameters('keyVaultPrivateEndpointResourceId')), createObject()), if(not(equals(parameters('volumeType'), '')), createObject('volumeType', parameters('volumeType'), 'dataProtection', createObject('replication', createObject('endpointType', parameters('endpointType'), 'remoteVolumeRegion', parameters('remoteVolumeRegion'), 'remoteVolumeResourceId', parameters('remoteVolumeResourceId'), 'replicationSchedule', parameters('replicationSchedule')), 'snapshot', createObject('snapshotPolicyId', parameters('snapshotPolicyId')))), createObject()), createObject('networkFeatures', parameters('networkFeatures'), 'serviceLevel', parameters('serviceLevel'), 'creationToken', parameters('creationToken'), 'usageThreshold', parameters('usageThreshold'), 'protocolTypes', parameters('protocolTypes'), 'subnetId', parameters('subnetResourceId'), 'exportPolicy', if(not(empty(parameters('exportPolicyRules'))), createObject('rules', parameters('exportPolicyRules')), null()))))]", "zones": "[parameters('zones')]", "dependsOn": [ "netAppAccount::capacityPool" ] }, + "snapshotPolicies": { + "condition": "[parameters('snapEnabled')]", + "type": "Microsoft.NetApp/netAppAccounts/snapshotPolicies", + "apiVersion": "2024-03-01", + "name": "[format('{0}/{1}', parameters('netAppAccountName'), parameters('snapshotPolicyName'))]", + "location": "[parameters('snapshotPolicyLocation')]", + "properties": { + "enabled": "[parameters('snapEnabled')]", + "dailySchedule": { + "hour": "[parameters('dailyHour')]", + "minute": "[parameters('dailyMinute')]", + "snapshotsToKeep": "[parameters('dailySnapshotsToKeep')]", + "usedBytes": "[parameters('dailyUsedBytes')]" + }, + "hourlySchedule": { + "minute": "[parameters('hourlyMinute')]", + "snapshotsToKeep": "[parameters('hourlySnapshotsToKeep')]", + "usedBytes": "[parameters('hourlyUsedBytes')]" + }, + "monthlySchedule": { + "daysOfMonth": "[parameters('daysOfMonth')]", + "hour": "[parameters('monthlyHour')]", + "minute": "[parameters('monthlyMinute')]", + "snapshotsToKeep": "[parameters('monthlySnapshotsToKeep')]", + "usedBytes": "[parameters('monthlyUsedBytes')]" + }, + "weeklySchedule": { + "day": "[parameters('weeklyDay')]", + "hour": "[parameters('weeklyHour')]", + "minute": "[parameters('weeklyMinute')]", + "snapshotsToKeep": "[parameters('weeklySnapshotsToKeep')]", + "usedBytes": "[parameters('weeklyUsedBytes')]" + } + }, + "dependsOn": [ + "netAppAccount" + ] + }, "backupPolicies": { "condition": "[parameters('backupEnabled')]", "type": "Microsoft.NetApp/netAppAccounts/backupPolicies", - "apiVersion": "2023-11-01", + "apiVersion": "2024-03-01", "name": "[format('{0}/{1}', parameters('netAppAccountName'), parameters('backupPolicyName'))]", "location": "[parameters('backupPolicyLocation')]", "properties": { @@ -691,7 +995,7 @@ "backupVaults": { "condition": "[parameters('backupEnabled')]", "type": "Microsoft.NetApp/netAppAccounts/backupVaults", - "apiVersion": "2023-05-01-preview", + "apiVersion": "2024-03-01", "name": "[format('{0}/{1}', parameters('netAppAccountName'), parameters('backupVaultName'))]", "location": "[parameters('backupVaultLocation')]", "properties": {}, @@ -702,7 +1006,7 @@ "backups": { "condition": "[parameters('backupEnabled')]", "type": "Microsoft.NetApp/netAppAccounts/backupVaults/backups", - "apiVersion": "2023-05-01-preview", + "apiVersion": "2024-03-01", "name": "[format('{0}/{1}/{2}', parameters('netAppAccountName'), parameters('backupVaultName'), parameters('backupName'))]", "properties": "[if(parameters('backupEnabled'), createObject('label', parameters('backupLabel'), 'snapshotName', parameters('snapshotName'), 'useExistingSnapshot', parameters('useExistingSnapshot'), 'volumeResourceId', parameters('volumeResourceId')), createObject())]", "dependsOn": [ @@ -759,7 +1063,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference('volume', '2023-07-01', 'full').location]" + "value": "[reference('volume', '2024-03-01', 'full').location]" } } } @@ -797,7 +1101,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference('capacityPool', '2023-07-01', 'full').location]" + "value": "[reference('capacityPool', '2024-03-01', 'full').location]" }, "volumeResourceId": { "type": "string", diff --git a/avm/res/net-app/net-app-account/capacity-pool/volume/README.md b/avm/res/net-app/net-app-account/capacity-pool/volume/README.md index f5ba93a63e..f5bd8baafa 100644 --- a/avm/res/net-app/net-app-account/capacity-pool/volume/README.md +++ b/avm/res/net-app/net-app-account/capacity-pool/volume/README.md @@ -15,10 +15,11 @@ This module deploys an Azure NetApp Files Capacity Pool Volume. | Resource Type | API Version | | :-- | :-- | | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) | -| `Microsoft.NetApp/netAppAccounts/backupPolicies` | [2023-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2023-11-01/netAppAccounts/backupPolicies) | -| `Microsoft.NetApp/netAppAccounts/backupVaults` | [2023-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2023-05-01-preview/netAppAccounts/backupVaults) | -| `Microsoft.NetApp/netAppAccounts/backupVaults/backups` | [2023-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2023-05-01-preview/netAppAccounts/backupVaults/backups) | -| `Microsoft.NetApp/netAppAccounts/capacityPools/volumes` | [2023-07-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2023-07-01/netAppAccounts/capacityPools/volumes) | +| `Microsoft.NetApp/netAppAccounts/backupPolicies` | [2024-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2024-03-01/netAppAccounts/backupPolicies) | +| `Microsoft.NetApp/netAppAccounts/backupVaults` | [2024-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2024-03-01/netAppAccounts/backupVaults) | +| `Microsoft.NetApp/netAppAccounts/backupVaults/backups` | [2024-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2024-03-01/netAppAccounts/backupVaults/backups) | +| `Microsoft.NetApp/netAppAccounts/capacityPools/volumes` | [2024-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2024-03-01/netAppAccounts/capacityPools/volumes) | +| `Microsoft.NetApp/netAppAccounts/snapshotPolicies` | [2024-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2024-03-01/netAppAccounts/snapshotPolicies) | ## Parameters @@ -53,10 +54,24 @@ This module deploys an Azure NetApp Files Capacity Pool Volume. | [`coolnessPeriod`](#parameter-coolnessperiod) | int | Specifies the number of days after which data that is not accessed by clients will be tiered. | | [`creationToken`](#parameter-creationtoken) | string | A unique file path for the volume. This is the name of the volume export. A volume is mounted using the export path. File path must start with an alphabetical character and be unique within the subscription. | | [`dailyBackupsToKeep`](#parameter-dailybackupstokeep) | int | The daily backups to keep. | +| [`dailyHour`](#parameter-dailyhour) | int | The daily snapshot hour. | +| [`dailyMinute`](#parameter-dailyminute) | int | The daily snapshot minute. | +| [`dailySnapshotsToKeep`](#parameter-dailysnapshotstokeep) | int | Daily snapshot count to keep. | +| [`dailyUsedBytes`](#parameter-dailyusedbytes) | int | Daily snapshot used bytes. | +| [`daysOfMonth`](#parameter-daysofmonth) | string | The monthly snapshot day. | +| [`encryptionKeySource`](#parameter-encryptionkeysource) | string | The source of the encryption key. | | [`endpointType`](#parameter-endpointtype) | string | Indicates whether the local volume is the source or destination for the Volume Replication (src/dst). | | [`exportPolicyRules`](#parameter-exportpolicyrules) | array | Export policy rules. | +| [`hourlyMinute`](#parameter-hourlyminute) | int | The hourly snapshot minute. | +| [`hourlySnapshotsToKeep`](#parameter-hourlysnapshotstokeep) | int | Hourly snapshot count to keep. | +| [`hourlyUsedBytes`](#parameter-hourlyusedbytes) | int | Hourly snapshot used bytes. | +| [`keyVaultPrivateEndpointResourceId`](#parameter-keyvaultprivateendpointresourceid) | string | The resource ID of the key vault private endpoint. | | [`location`](#parameter-location) | string | Location of the pool volume. | | [`monthlyBackupsToKeep`](#parameter-monthlybackupstokeep) | int | The monthly backups to keep. | +| [`monthlyHour`](#parameter-monthlyhour) | int | The monthly snapshot hour. | +| [`monthlyMinute`](#parameter-monthlyminute) | int | The monthly snapshot minute. | +| [`monthlySnapshotsToKeep`](#parameter-monthlysnapshotstokeep) | int | Monthly snapshot count to keep. | +| [`monthlyUsedBytes`](#parameter-monthlyusedbytes) | int | Monthly snapshot used bytes. | | [`networkFeatures`](#parameter-networkfeatures) | string | Network feature for the volume. | | [`protocolTypes`](#parameter-protocoltypes) | array | Set of protocol types. | | [`remoteVolumeRegion`](#parameter-remotevolumeregion) | string | The remote region for the other end of the Volume Replication. | @@ -64,10 +79,20 @@ This module deploys an Azure NetApp Files Capacity Pool Volume. | [`replicationSchedule`](#parameter-replicationschedule) | string | The replication schedule for the volume. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignments to create. | | [`serviceLevel`](#parameter-servicelevel) | string | The pool service level. Must match the one of the parent capacity pool. | +| [`snapEnabled`](#parameter-snapenabled) | bool | Indicates whether the snapshot policy is enabled. | | [`snapshotName`](#parameter-snapshotname) | string | The name of the snapshot. | +| [`snapshotPolicyId`](#parameter-snapshotpolicyid) | string | Snapshot Policy ResourceId. | +| [`snapshotPolicyLocation`](#parameter-snapshotpolicylocation) | string | The location of the snapshot policy. | +| [`snapshotPolicyName`](#parameter-snapshotpolicyname) | string | The name of the snapshot policy. | | [`useExistingSnapshot`](#parameter-useexistingsnapshot) | bool | Indicates whether to use an existing snapshot. | | [`volumeResourceId`](#parameter-volumeresourceid) | string | The resource ID of the volume. | +| [`volumeType`](#parameter-volumetype) | string | The type of the volume. DataProtection volumes are used for replication. | | [`weeklyBackupsToKeep`](#parameter-weeklybackupstokeep) | int | The weekly backups to keep. | +| [`weeklyDay`](#parameter-weeklyday) | string | The weekly snapshot day. | +| [`weeklyHour`](#parameter-weeklyhour) | int | The weekly snapshot hour. | +| [`weeklyMinute`](#parameter-weeklyminute) | int | The weekly snapshot minute. | +| [`weeklySnapshotsToKeep`](#parameter-weeklysnapshotstokeep) | int | Weekly snapshot count to keep. | +| [`weeklyUsedBytes`](#parameter-weeklyusedbytes) | int | Weekly snapshot used bytes. | | [`zones`](#parameter-zones) | array | Zone where the volume will be placed. | ### Parameter: `name` @@ -196,6 +221,48 @@ The daily backups to keep. - Required: Yes - Type: int +### Parameter: `dailyHour` + +The daily snapshot hour. + +- Required: Yes +- Type: int + +### Parameter: `dailyMinute` + +The daily snapshot minute. + +- Required: Yes +- Type: int + +### Parameter: `dailySnapshotsToKeep` + +Daily snapshot count to keep. + +- Required: Yes +- Type: int + +### Parameter: `dailyUsedBytes` + +Daily snapshot used bytes. + +- Required: Yes +- Type: int + +### Parameter: `daysOfMonth` + +The monthly snapshot day. + +- Required: Yes +- Type: string + +### Parameter: `encryptionKeySource` + +The source of the encryption key. + +- Required: Yes +- Type: string + ### Parameter: `endpointType` Indicates whether the local volume is the source or destination for the Volume Replication (src/dst). @@ -211,6 +278,34 @@ Export policy rules. - Type: array - Default: `[]` +### Parameter: `hourlyMinute` + +The hourly snapshot minute. + +- Required: Yes +- Type: int + +### Parameter: `hourlySnapshotsToKeep` + +Hourly snapshot count to keep. + +- Required: Yes +- Type: int + +### Parameter: `hourlyUsedBytes` + +Hourly snapshot used bytes. + +- Required: Yes +- Type: int + +### Parameter: `keyVaultPrivateEndpointResourceId` + +The resource ID of the key vault private endpoint. + +- Required: Yes +- Type: string + ### Parameter: `location` Location of the pool volume. @@ -226,6 +321,34 @@ The monthly backups to keep. - Required: Yes - Type: int +### Parameter: `monthlyHour` + +The monthly snapshot hour. + +- Required: Yes +- Type: int + +### Parameter: `monthlyMinute` + +The monthly snapshot minute. + +- Required: Yes +- Type: int + +### Parameter: `monthlySnapshotsToKeep` + +Monthly snapshot count to keep. + +- Required: Yes +- Type: int + +### Parameter: `monthlyUsedBytes` + +Monthly snapshot used bytes. + +- Required: Yes +- Type: int + ### Parameter: `networkFeatures` Network feature for the volume. @@ -386,6 +509,14 @@ The pool service level. Must match the one of the parent capacity pool. ] ``` +### Parameter: `snapEnabled` + +Indicates whether the snapshot policy is enabled. + +- Required: No +- Type: bool +- Default: `False` + ### Parameter: `snapshotName` The name of the snapshot. @@ -393,6 +524,28 @@ The name of the snapshot. - Required: Yes - Type: string +### Parameter: `snapshotPolicyId` + +Snapshot Policy ResourceId. + +- Required: Yes +- Type: string + +### Parameter: `snapshotPolicyLocation` + +The location of the snapshot policy. + +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + +### Parameter: `snapshotPolicyName` + +The name of the snapshot policy. + +- Required: Yes +- Type: string + ### Parameter: `useExistingSnapshot` Indicates whether to use an existing snapshot. @@ -407,6 +560,13 @@ The resource ID of the volume. - Required: Yes - Type: string +### Parameter: `volumeType` + +The type of the volume. DataProtection volumes are used for replication. + +- Required: Yes +- Type: string + ### Parameter: `weeklyBackupsToKeep` The weekly backups to keep. @@ -414,6 +574,41 @@ The weekly backups to keep. - Required: Yes - Type: int +### Parameter: `weeklyDay` + +The weekly snapshot day. + +- Required: Yes +- Type: string + +### Parameter: `weeklyHour` + +The weekly snapshot hour. + +- Required: Yes +- Type: int + +### Parameter: `weeklyMinute` + +The weekly snapshot minute. + +- Required: Yes +- Type: int + +### Parameter: `weeklySnapshotsToKeep` + +Weekly snapshot count to keep. + +- Required: Yes +- Type: int + +### Parameter: `weeklyUsedBytes` + +Weekly snapshot used bytes. + +- Required: Yes +- Type: int + ### Parameter: `zones` Zone where the volume will be placed. diff --git a/avm/res/net-app/net-app-account/capacity-pool/volume/main.bicep b/avm/res/net-app/net-app-account/capacity-pool/volume/main.bicep index 41edd755c8..b9b26d20bf 100644 --- a/avm/res/net-app/net-app-account/capacity-pool/volume/main.bicep +++ b/avm/res/net-app/net-app-account/capacity-pool/volume/main.bicep @@ -17,6 +17,12 @@ param coolnessPeriod int @description('Optional. determines the data retrieval behavior from the cool tier to standard storage based on the read pattern for cool access enabled volumes (Default/Never/Read).') param coolAccessRetrievalPolicy string = 'Default' +@description('Optional. The source of the encryption key.') +param encryptionKeySource string + +@description('Optional. The resource ID of the key vault private endpoint.') +param keyVaultPrivateEndpointResourceId string + @description('Optional. Indicates whether the local volume is the source or destination for the Volume Replication (src/dst).') param endpointType string @@ -65,9 +71,75 @@ param useExistingSnapshot bool @description('Optional. The name of the snapshot.') param snapshotName string +@description('Optional. Snapshot Policy ResourceId.') +param snapshotPolicyId string + +@description('Optional. The name of the snapshot policy.') +param snapshotPolicyName string + +@description('Optional. The location of the snapshot policy.') +param snapshotPolicyLocation string = resourceGroup().location + +@description('Optional. The daily snapshot hour.') +param dailyHour int + +@description('Optional. The daily snapshot minute.') +param dailyMinute int + +@description('Optional. Daily snapshot count to keep.') +param dailySnapshotsToKeep int + +@description('Optional. Daily snapshot used bytes.') +param dailyUsedBytes int + +@description('Optional. The hourly snapshot minute.') +param hourlyMinute int + +@description('Optional. Hourly snapshot count to keep.') +param hourlySnapshotsToKeep int + +@description('Optional. Hourly snapshot used bytes.') +param hourlyUsedBytes int + +@description('Optional. The monthly snapshot day.') +param daysOfMonth string + +@description('Optional. The monthly snapshot hour.') +param monthlyHour int + +@description('Optional. The monthly snapshot minute.') +param monthlyMinute int + +@description('Optional. Monthly snapshot count to keep.') +param monthlySnapshotsToKeep int + +@description('Optional. Monthly snapshot used bytes.') +param monthlyUsedBytes int + +@description('Optional. The weekly snapshot day.') +param weeklyDay string + +@description('Optional. The weekly snapshot hour.') +param weeklyHour int + +@description('Optional. The weekly snapshot minute.') +param weeklyMinute int + +@description('Optional. Weekly snapshot count to keep.') +param weeklySnapshotsToKeep int + +@description('Optional. Weekly snapshot used bytes.') +param weeklyUsedBytes int + +@description('Optional. Indicates whether the snapshot policy is enabled.') +param snapEnabled bool = false + @description('Optional. The resource ID of the volume.') param volumeResourceId string +@description('Optional. The type of the volume. DataProtection volumes are used for replication.') +param volumeType string + @description('Required. The name of the pool volume.') param name string @@ -138,15 +210,15 @@ var formattedRoleAssignments = [ }) ] -resource netAppAccount 'Microsoft.NetApp/netAppAccounts@2023-07-01' existing = { +resource netAppAccount 'Microsoft.NetApp/netAppAccounts@2024-03-01' existing = { name: netAppAccountName - resource capacityPool 'capacityPools@2023-07-01' existing = { + resource capacityPool 'capacityPools@2024-03-01' existing = { name: capacityPoolName } } -resource volume 'Microsoft.NetApp/netAppAccounts/capacityPools/volumes@2023-07-01' = { +resource volume 'Microsoft.NetApp/netAppAccounts/capacityPools/volumes@2024-03-01' = { name: name parent: netAppAccount::capacityPool location: location @@ -154,8 +226,15 @@ resource volume 'Microsoft.NetApp/netAppAccounts/capacityPools/volumes@2023-07-0 coolAccess: coolAccess coolAccessRetrievalPolicy: coolAccessRetrievalPolicy coolnessPeriod: coolnessPeriod - ...(endpointType != '' + encryptionKeySource: encryptionKeySource + ...(encryptionKeySource != 'Microsoft.NetApp' ? { + keyVaultPrivateEndpointResourceId: keyVaultPrivateEndpointResourceId + } + : {}) + ...(volumeType != '' + ? { + volumeType: volumeType dataProtection: { replication: { endpointType: endpointType @@ -163,6 +242,9 @@ resource volume 'Microsoft.NetApp/netAppAccounts/capacityPools/volumes@2023-07-0 remoteVolumeResourceId: remoteVolumeResourceId replicationSchedule: replicationSchedule } + snapshot: { + snapshotPolicyId: snapshotPolicyId + } } } : {}) @@ -181,7 +263,41 @@ resource volume 'Microsoft.NetApp/netAppAccounts/capacityPools/volumes@2023-07-0 zones: zones } -resource backupPolicies 'Microsoft.NetApp/netAppAccounts/backupPolicies@2023-11-01' = if (backupEnabled) { +resource snapshotPolicies 'Microsoft.NetApp/netAppAccounts/snapshotPolicies@2024-03-01' = if (snapEnabled) { + name: snapshotPolicyName + parent: netAppAccount + location: snapshotPolicyLocation + properties: { + enabled: snapEnabled + dailySchedule: { + hour: dailyHour + minute: dailyMinute + snapshotsToKeep: dailySnapshotsToKeep + usedBytes: dailyUsedBytes + } + hourlySchedule: { + minute: hourlyMinute + snapshotsToKeep: hourlySnapshotsToKeep + usedBytes: hourlyUsedBytes + } + monthlySchedule: { + daysOfMonth: daysOfMonth + hour: monthlyHour + minute: monthlyMinute + snapshotsToKeep: monthlySnapshotsToKeep + usedBytes: monthlyUsedBytes + } + weeklySchedule: { + day: weeklyDay + hour: weeklyHour + minute: weeklyMinute + snapshotsToKeep: weeklySnapshotsToKeep + usedBytes: weeklyUsedBytes + } + } +} + +resource backupPolicies 'Microsoft.NetApp/netAppAccounts/backupPolicies@2024-03-01' = if (backupEnabled) { name: backupPolicyName parent: netAppAccount location: backupPolicyLocation @@ -193,14 +309,14 @@ resource backupPolicies 'Microsoft.NetApp/netAppAccounts/backupPolicies@2023-11- } } -resource backupVaults 'Microsoft.NetApp/netAppAccounts/backupVaults@2023-05-01-preview' = if (backupEnabled) { +resource backupVaults 'Microsoft.NetApp/netAppAccounts/backupVaults@2024-03-01' = if (backupEnabled) { name: backupVaultName parent: netAppAccount location: backupVaultLocation properties: {} } -resource backups 'Microsoft.NetApp/netAppAccounts/backupVaults/backups@2023-05-01-preview' = if (backupEnabled) { +resource backups 'Microsoft.NetApp/netAppAccounts/backupVaults/backups@2024-03-01' = if (backupEnabled) { name: backupName parent: backupVaults properties: backupEnabled diff --git a/avm/res/net-app/net-app-account/capacity-pool/volume/main.json b/avm/res/net-app/net-app-account/capacity-pool/volume/main.json index 0954623999..968ee1993c 100644 --- a/avm/res/net-app/net-app-account/capacity-pool/volume/main.json +++ b/avm/res/net-app/net-app-account/capacity-pool/volume/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "1599719170493782479" + "templateHash": "6870432140728658293" }, "name": "Azure NetApp Files Capacity Pool Volumes", "description": "This module deploys an Azure NetApp Files Capacity Pool Volume.", @@ -119,6 +119,18 @@ "description": "Optional. determines the data retrieval behavior from the cool tier to standard storage based on the read pattern for cool access enabled volumes (Default/Never/Read)." } }, + "encryptionKeySource": { + "type": "string", + "metadata": { + "description": "Optional. The source of the encryption key." + } + }, + "keyVaultPrivateEndpointResourceId": { + "type": "string", + "metadata": { + "description": "Optional. The resource ID of the key vault private endpoint." + } + }, "endpointType": { "type": "string", "metadata": { @@ -220,12 +232,146 @@ "description": "Optional. The name of the snapshot." } }, + "snapshotPolicyId": { + "type": "string", + "metadata": { + "description": "Optional. Snapshot Policy ResourceId." + } + }, + "snapshotPolicyName": { + "type": "string", + "metadata": { + "description": "Optional. The name of the snapshot policy." + } + }, + "snapshotPolicyLocation": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. The location of the snapshot policy." + } + }, + "dailyHour": { + "type": "int", + "metadata": { + "description": "Optional. The daily snapshot hour." + } + }, + "dailyMinute": { + "type": "int", + "metadata": { + "description": "Optional. The daily snapshot minute." + } + }, + "dailySnapshotsToKeep": { + "type": "int", + "metadata": { + "description": "Optional. Daily snapshot count to keep." + } + }, + "dailyUsedBytes": { + "type": "int", + "metadata": { + "description": "Optional. Daily snapshot used bytes." + } + }, + "hourlyMinute": { + "type": "int", + "metadata": { + "description": "Optional. The hourly snapshot minute." + } + }, + "hourlySnapshotsToKeep": { + "type": "int", + "metadata": { + "description": "Optional. Hourly snapshot count to keep." + } + }, + "hourlyUsedBytes": { + "type": "int", + "metadata": { + "description": "Optional. Hourly snapshot used bytes." + } + }, + "daysOfMonth": { + "type": "string", + "metadata": { + "description": "Optional. The monthly snapshot day." + } + }, + "monthlyHour": { + "type": "int", + "metadata": { + "description": "Optional. The monthly snapshot hour." + } + }, + "monthlyMinute": { + "type": "int", + "metadata": { + "description": "Optional. The monthly snapshot minute." + } + }, + "monthlySnapshotsToKeep": { + "type": "int", + "metadata": { + "description": "Optional. Monthly snapshot count to keep." + } + }, + "monthlyUsedBytes": { + "type": "int", + "metadata": { + "description": "Optional. Monthly snapshot used bytes." + } + }, + "weeklyDay": { + "type": "string", + "metadata": { + "description": "Optional. The weekly snapshot day." + } + }, + "weeklyHour": { + "type": "int", + "metadata": { + "description": "Optional. The weekly snapshot hour." + } + }, + "weeklyMinute": { + "type": "int", + "metadata": { + "description": "Optional. The weekly snapshot minute." + } + }, + "weeklySnapshotsToKeep": { + "type": "int", + "metadata": { + "description": "Optional. Weekly snapshot count to keep." + } + }, + "weeklyUsedBytes": { + "type": "int", + "metadata": { + "description": "Optional. Weekly snapshot used bytes." + } + }, + "snapEnabled": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Indicates whether the snapshot policy is enabled." + } + }, "volumeResourceId": { "type": "string", "metadata": { "description": "Optional. The resource ID of the volume." } }, + "volumeType": { + "type": "string", + "metadata": { + "description": "Optional. The type of the volume. DataProtection volumes are used for replication." + } + }, "name": { "type": "string", "metadata": { @@ -334,7 +480,7 @@ "netAppAccount::capacityPool": { "existing": true, "type": "Microsoft.NetApp/netAppAccounts/capacityPools", - "apiVersion": "2023-07-01", + "apiVersion": "2024-03-01", "name": "[format('{0}/{1}', parameters('netAppAccountName'), parameters('capacityPoolName'))]", "dependsOn": [ "netAppAccount" @@ -343,24 +489,62 @@ "netAppAccount": { "existing": true, "type": "Microsoft.NetApp/netAppAccounts", - "apiVersion": "2023-07-01", + "apiVersion": "2024-03-01", "name": "[parameters('netAppAccountName')]" }, "volume": { "type": "Microsoft.NetApp/netAppAccounts/capacityPools/volumes", - "apiVersion": "2023-07-01", + "apiVersion": "2024-03-01", "name": "[format('{0}/{1}/{2}', parameters('netAppAccountName'), parameters('capacityPoolName'), parameters('name'))]", "location": "[parameters('location')]", - "properties": "[shallowMerge(createArray(createObject('coolAccess', parameters('coolAccess'), 'coolAccessRetrievalPolicy', parameters('coolAccessRetrievalPolicy'), 'coolnessPeriod', parameters('coolnessPeriod')), if(not(equals(parameters('endpointType'), '')), createObject('dataProtection', createObject('replication', createObject('endpointType', parameters('endpointType'), 'remoteVolumeRegion', parameters('remoteVolumeRegion'), 'remoteVolumeResourceId', parameters('remoteVolumeResourceId'), 'replicationSchedule', parameters('replicationSchedule')))), createObject()), createObject('networkFeatures', parameters('networkFeatures'), 'serviceLevel', parameters('serviceLevel'), 'creationToken', parameters('creationToken'), 'usageThreshold', parameters('usageThreshold'), 'protocolTypes', parameters('protocolTypes'), 'subnetId', parameters('subnetResourceId'), 'exportPolicy', if(not(empty(parameters('exportPolicyRules'))), createObject('rules', parameters('exportPolicyRules')), null()))))]", + "properties": "[shallowMerge(createArray(createObject('coolAccess', parameters('coolAccess'), 'coolAccessRetrievalPolicy', parameters('coolAccessRetrievalPolicy'), 'coolnessPeriod', parameters('coolnessPeriod'), 'encryptionKeySource', parameters('encryptionKeySource')), if(not(equals(parameters('encryptionKeySource'), 'Microsoft.NetApp')), createObject('keyVaultPrivateEndpointResourceId', parameters('keyVaultPrivateEndpointResourceId')), createObject()), if(not(equals(parameters('volumeType'), '')), createObject('volumeType', parameters('volumeType'), 'dataProtection', createObject('replication', createObject('endpointType', parameters('endpointType'), 'remoteVolumeRegion', parameters('remoteVolumeRegion'), 'remoteVolumeResourceId', parameters('remoteVolumeResourceId'), 'replicationSchedule', parameters('replicationSchedule')), 'snapshot', createObject('snapshotPolicyId', parameters('snapshotPolicyId')))), createObject()), createObject('networkFeatures', parameters('networkFeatures'), 'serviceLevel', parameters('serviceLevel'), 'creationToken', parameters('creationToken'), 'usageThreshold', parameters('usageThreshold'), 'protocolTypes', parameters('protocolTypes'), 'subnetId', parameters('subnetResourceId'), 'exportPolicy', if(not(empty(parameters('exportPolicyRules'))), createObject('rules', parameters('exportPolicyRules')), null()))))]", "zones": "[parameters('zones')]", "dependsOn": [ "netAppAccount::capacityPool" ] }, + "snapshotPolicies": { + "condition": "[parameters('snapEnabled')]", + "type": "Microsoft.NetApp/netAppAccounts/snapshotPolicies", + "apiVersion": "2024-03-01", + "name": "[format('{0}/{1}', parameters('netAppAccountName'), parameters('snapshotPolicyName'))]", + "location": "[parameters('snapshotPolicyLocation')]", + "properties": { + "enabled": "[parameters('snapEnabled')]", + "dailySchedule": { + "hour": "[parameters('dailyHour')]", + "minute": "[parameters('dailyMinute')]", + "snapshotsToKeep": "[parameters('dailySnapshotsToKeep')]", + "usedBytes": "[parameters('dailyUsedBytes')]" + }, + "hourlySchedule": { + "minute": "[parameters('hourlyMinute')]", + "snapshotsToKeep": "[parameters('hourlySnapshotsToKeep')]", + "usedBytes": "[parameters('hourlyUsedBytes')]" + }, + "monthlySchedule": { + "daysOfMonth": "[parameters('daysOfMonth')]", + "hour": "[parameters('monthlyHour')]", + "minute": "[parameters('monthlyMinute')]", + "snapshotsToKeep": "[parameters('monthlySnapshotsToKeep')]", + "usedBytes": "[parameters('monthlyUsedBytes')]" + }, + "weeklySchedule": { + "day": "[parameters('weeklyDay')]", + "hour": "[parameters('weeklyHour')]", + "minute": "[parameters('weeklyMinute')]", + "snapshotsToKeep": "[parameters('weeklySnapshotsToKeep')]", + "usedBytes": "[parameters('weeklyUsedBytes')]" + } + }, + "dependsOn": [ + "netAppAccount" + ] + }, "backupPolicies": { "condition": "[parameters('backupEnabled')]", "type": "Microsoft.NetApp/netAppAccounts/backupPolicies", - "apiVersion": "2023-11-01", + "apiVersion": "2024-03-01", "name": "[format('{0}/{1}', parameters('netAppAccountName'), parameters('backupPolicyName'))]", "location": "[parameters('backupPolicyLocation')]", "properties": { @@ -376,7 +560,7 @@ "backupVaults": { "condition": "[parameters('backupEnabled')]", "type": "Microsoft.NetApp/netAppAccounts/backupVaults", - "apiVersion": "2023-05-01-preview", + "apiVersion": "2024-03-01", "name": "[format('{0}/{1}', parameters('netAppAccountName'), parameters('backupVaultName'))]", "location": "[parameters('backupVaultLocation')]", "properties": {}, @@ -387,7 +571,7 @@ "backups": { "condition": "[parameters('backupEnabled')]", "type": "Microsoft.NetApp/netAppAccounts/backupVaults/backups", - "apiVersion": "2023-05-01-preview", + "apiVersion": "2024-03-01", "name": "[format('{0}/{1}/{2}', parameters('netAppAccountName'), parameters('backupVaultName'), parameters('backupName'))]", "properties": "[if(parameters('backupEnabled'), createObject('label', parameters('backupLabel'), 'snapshotName', parameters('snapshotName'), 'useExistingSnapshot', parameters('useExistingSnapshot'), 'volumeResourceId', parameters('volumeResourceId')), createObject())]", "dependsOn": [ @@ -444,7 +628,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference('volume', '2023-07-01', 'full').location]" + "value": "[reference('volume', '2024-03-01', 'full').location]" } } } \ No newline at end of file diff --git a/avm/res/net-app/net-app-account/main.bicep b/avm/res/net-app/net-app-account/main.bicep index 2fcc14dd69..4f00ec4c93 100644 --- a/avm/res/net-app/net-app-account/main.bicep +++ b/avm/res/net-app/net-app-account/main.bicep @@ -124,8 +124,8 @@ var formattedRoleAssignments = [ : subscriptionResourceId('Microsoft.Authorization/roleDefinitions', roleAssignment.roleDefinitionIdOrName)) }) ] - #disable-next-line no-deployments-resources + resource avmTelemetry 'Microsoft.Resources/deployments@2023-07-01' = if (enableTelemetry) { name: '46d3xbcp.res.netapp-netappaccount.${replace('-..--..-', '.', '-')}.${substring(uniqueString(deployment().name, location), 0, 4)}' properties: { @@ -164,7 +164,7 @@ resource cMKUserAssignedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentiti ) } -resource netAppAccount 'Microsoft.NetApp/netAppAccounts@2023-07-01' = { +resource netAppAccount 'Microsoft.NetApp/netAppAccounts@2024-03-01' = { name: name tags: tags identity: identity @@ -224,12 +224,12 @@ module netAppAccount_capacityPools 'capacity-pool/main.bicep' = [ name: capacityPool.name location: location size: capacityPool.size - serviceLevel: contains(capacityPool, 'serviceLevel') ? capacityPool.serviceLevel : 'Standard' - qosType: contains(capacityPool, 'qosType') ? capacityPool.qosType : 'Auto' - volumes: contains(capacityPool, 'volumes') ? capacityPool.volumes : [] - coolAccess: contains(capacityPool, 'coolAccess') ? capacityPool.coolAccess : false - roleAssignments: contains(capacityPool, 'roleAssignments') ? capacityPool.roleAssignments : [] - encryptionType: contains(capacityPool, 'encryptionType') ? capacityPool.encryptionType : 'Single' + serviceLevel: capacityPool.?serviceLevel ?? 'Standard' + qosType: capacityPool.?qosType ?? 'Auto' + volumes: capacityPool.?volumes ?? [] + coolAccess: capacityPool.?coolAccess ?? false + roleAssignments: capacityPool.?roleAssignments ?? [] + encryptionType: capacityPool.?encryptionType ?? 'Single' tags: capacityPool.?tags ?? tags } } diff --git a/avm/res/net-app/net-app-account/main.json b/avm/res/net-app/net-app-account/main.json index e171952137..73c191fcbd 100644 --- a/avm/res/net-app/net-app-account/main.json +++ b/avm/res/net-app/net-app-account/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "5987985858923473876" + "templateHash": "4309703310956110255" }, "name": "Azure NetApp Files", "description": "This module deploys an Azure NetApp File.", @@ -398,7 +398,7 @@ }, "netAppAccount": { "type": "Microsoft.NetApp/netAppAccounts", - "apiVersion": "2023-07-01", + "apiVersion": "2024-03-01", "name": "[parameters('name')]", "tags": "[parameters('tags')]", "identity": "[variables('identity')]", @@ -474,12 +474,24 @@ "size": { "value": "[parameters('capacityPools')[copyIndex()].size]" }, - "serviceLevel": "[if(contains(parameters('capacityPools')[copyIndex()], 'serviceLevel'), createObject('value', parameters('capacityPools')[copyIndex()].serviceLevel), createObject('value', 'Standard'))]", - "qosType": "[if(contains(parameters('capacityPools')[copyIndex()], 'qosType'), createObject('value', parameters('capacityPools')[copyIndex()].qosType), createObject('value', 'Auto'))]", - "volumes": "[if(contains(parameters('capacityPools')[copyIndex()], 'volumes'), createObject('value', parameters('capacityPools')[copyIndex()].volumes), createObject('value', createArray()))]", - "coolAccess": "[if(contains(parameters('capacityPools')[copyIndex()], 'coolAccess'), createObject('value', parameters('capacityPools')[copyIndex()].coolAccess), createObject('value', false()))]", - "roleAssignments": "[if(contains(parameters('capacityPools')[copyIndex()], 'roleAssignments'), createObject('value', parameters('capacityPools')[copyIndex()].roleAssignments), createObject('value', createArray()))]", - "encryptionType": "[if(contains(parameters('capacityPools')[copyIndex()], 'encryptionType'), createObject('value', parameters('capacityPools')[copyIndex()].encryptionType), createObject('value', 'Single'))]", + "serviceLevel": { + "value": "[coalesce(tryGet(parameters('capacityPools')[copyIndex()], 'serviceLevel'), 'Standard')]" + }, + "qosType": { + "value": "[coalesce(tryGet(parameters('capacityPools')[copyIndex()], 'qosType'), 'Auto')]" + }, + "volumes": { + "value": "[coalesce(tryGet(parameters('capacityPools')[copyIndex()], 'volumes'), createArray())]" + }, + "coolAccess": { + "value": "[coalesce(tryGet(parameters('capacityPools')[copyIndex()], 'coolAccess'), false())]" + }, + "roleAssignments": { + "value": "[coalesce(tryGet(parameters('capacityPools')[copyIndex()], 'roleAssignments'), createArray())]" + }, + "encryptionType": { + "value": "[coalesce(tryGet(parameters('capacityPools')[copyIndex()], 'encryptionType'), 'Single')]" + }, "tags": { "value": "[coalesce(tryGet(parameters('capacityPools')[copyIndex()], 'tags'), parameters('tags'))]" } @@ -492,7 +504,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "2003436184027921318" + "templateHash": "2991493712029822030" }, "name": "Azure NetApp Files Capacity Pools", "description": "This module deploys an Azure NetApp Files Capacity Pool.", @@ -689,12 +701,12 @@ "netAppAccount": { "existing": true, "type": "Microsoft.NetApp/netAppAccounts", - "apiVersion": "2023-07-01", + "apiVersion": "2024-03-01", "name": "[parameters('netAppAccountName')]" }, "capacityPool": { "type": "Microsoft.NetApp/netAppAccounts/capacityPools", - "apiVersion": "2023-07-01", + "apiVersion": "2024-03-01", "name": "[format('{0}/{1}', parameters('netAppAccountName'), parameters('name'))]", "location": "[parameters('location')]", "tags": "[parameters('tags')]", @@ -762,42 +774,162 @@ "serviceLevel": { "value": "[parameters('serviceLevel')]" }, - "creationToken": "[if(contains(parameters('volumes')[copyIndex()], 'creationToken'), createObject('value', parameters('volumes')[copyIndex()].creationToken), createObject('value', parameters('volumes')[copyIndex()].name))]", + "creationToken": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'creationToken'), parameters('volumes')[copyIndex()].name)]" + }, "usageThreshold": { "value": "[parameters('volumes')[copyIndex()].usageThreshold]" }, - "protocolTypes": "[if(contains(parameters('volumes')[copyIndex()], 'protocolTypes'), createObject('value', parameters('volumes')[copyIndex()].protocolTypes), createObject('value', createArray()))]", + "protocolTypes": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'protocolTypes'), createArray())]" + }, "subnetResourceId": { "value": "[parameters('volumes')[copyIndex()].subnetResourceId]" }, - "exportPolicyRules": "[if(contains(parameters('volumes')[copyIndex()], 'exportPolicyRules'), createObject('value', parameters('volumes')[copyIndex()].exportPolicyRules), createObject('value', createArray()))]", - "roleAssignments": "[if(contains(parameters('volumes')[copyIndex()], 'roleAssignments'), createObject('value', parameters('volumes')[copyIndex()].roleAssignments), createObject('value', createArray()))]", + "exportPolicyRules": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'exportPolicyRules'), createArray())]" + }, + "roleAssignments": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'roleAssignments'), createArray())]" + }, "networkFeatures": { "value": "[tryGet(parameters('volumes')[copyIndex()], 'networkFeatures')]" }, "zones": { "value": "[tryGet(parameters('volumes')[copyIndex()], 'zones')]" }, - "coolAccess": "[if(contains(parameters('volumes')[copyIndex()], 'coolAccess'), createObject('value', parameters('volumes')[copyIndex()].coolAccess), createObject('value', false()))]", - "coolAccessRetrievalPolicy": "[if(contains(parameters('volumes')[copyIndex()], 'coolAccessRetrievalPolicy'), createObject('value', parameters('volumes')[copyIndex()].coolAccessRetrievalPolicy), createObject('value', 'Default'))]", - "coolnessPeriod": "[if(contains(parameters('volumes')[copyIndex()], 'coolnessPeriod'), createObject('value', parameters('volumes')[copyIndex()].coolnessPeriod), createObject('value', 0))]", - "endpointType": "[if(contains(parameters('volumes')[copyIndex()], 'endpointType'), createObject('value', parameters('volumes')[copyIndex()].endpointType), createObject('value', ''))]", - "remoteVolumeRegion": "[if(contains(parameters('volumes')[copyIndex()], 'remoteVolumeRegion'), createObject('value', parameters('volumes')[copyIndex()].remoteVolumeRegion), createObject('value', ''))]", - "remoteVolumeResourceId": "[if(contains(parameters('volumes')[copyIndex()], 'remoteVolumeResourceId'), createObject('value', parameters('volumes')[copyIndex()].remoteVolumeResourceId), createObject('value', ''))]", - "replicationSchedule": "[if(contains(parameters('volumes')[copyIndex()], 'replicationSchedule'), createObject('value', parameters('volumes')[copyIndex()].replicationSchedule), createObject('value', ''))]", - "backupPolicyName": "[if(contains(parameters('volumes')[copyIndex()], 'backupPolicyName'), createObject('value', parameters('volumes')[copyIndex()].backupPolicyName), createObject('value', 'backupPolicy'))]", - "backupPolicyLocation": "[if(contains(parameters('volumes')[copyIndex()], 'backupPolicyLocation'), createObject('value', parameters('volumes')[copyIndex()].backupPolicyLocation), createObject('value', ''))]", - "dailyBackupsToKeep": "[if(contains(parameters('volumes')[copyIndex()], 'dailyBackupsToKeep'), createObject('value', parameters('volumes')[copyIndex()].dailyBackupsToKeep), createObject('value', 0))]", - "backupEnabled": "[if(contains(parameters('volumes')[copyIndex()], 'backupEnabled'), createObject('value', parameters('volumes')[copyIndex()].backupEnabled), createObject('value', false()))]", - "monthlyBackupsToKeep": "[if(contains(parameters('volumes')[copyIndex()], 'monthlyBackupsToKeep'), createObject('value', parameters('volumes')[copyIndex()].monthlyBackupsToKeep), createObject('value', 0))]", - "weeklyBackupsToKeep": "[if(contains(parameters('volumes')[copyIndex()], 'weeklyBackupsToKeep'), createObject('value', parameters('volumes')[copyIndex()].weeklyBackupsToKeep), createObject('value', 0))]", - "backupVaultName": "[if(contains(parameters('volumes')[copyIndex()], 'backupVaultName'), createObject('value', parameters('volumes')[copyIndex()].backupVaultName), createObject('value', 'vault'))]", - "backupVaultLocation": "[if(contains(parameters('volumes')[copyIndex()], 'backupVaultLocation'), createObject('value', parameters('volumes')[copyIndex()].backupVaultLocation), createObject('value', ''))]", - "backupName": "[if(contains(parameters('volumes')[copyIndex()], 'backupName'), createObject('value', parameters('volumes')[copyIndex()].backupName), createObject('value', 'backup'))]", - "backupLabel": "[if(contains(parameters('volumes')[copyIndex()], 'backupLabel'), createObject('value', parameters('volumes')[copyIndex()].backupLabel), createObject('value', ''))]", - "snapshotName": "[if(contains(parameters('volumes')[copyIndex()], 'snapshotName'), createObject('value', parameters('volumes')[copyIndex()].snapshotName), createObject('value', 'snapshot'))]", - "useExistingSnapshot": "[if(contains(parameters('volumes')[copyIndex()], 'useExistingSnapshot'), createObject('value', parameters('volumes')[copyIndex()].useExistingSnapshot), createObject('value', false()))]", - "volumeResourceId": "[if(contains(parameters('volumes')[copyIndex()], 'volumeResourceId'), createObject('value', parameters('volumes')[copyIndex()].volumeResourceId), createObject('value', ''))]" + "coolAccess": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'coolAccess'), false())]" + }, + "coolAccessRetrievalPolicy": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'coolAccessRetrievalPolicy'), 'Default')]" + }, + "coolnessPeriod": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'coolnessPeriod'), 0)]" + }, + "encryptionKeySource": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'encryptionKeySource'), 'Microsoft.NetApp')]" + }, + "keyVaultPrivateEndpointResourceId": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'keyVaultPrivateEndpointResourceId'), '')]" + }, + "endpointType": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'endpointType'), '')]" + }, + "remoteVolumeRegion": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'remoteVolumeRegion'), '')]" + }, + "remoteVolumeResourceId": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'remoteVolumeResourceId'), '')]" + }, + "replicationSchedule": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'replicationSchedule'), '')]" + }, + "snapshotPolicyId": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'snapshotPolicyId'), '')]" + }, + "snapshotPolicyName": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'snapshotPolicyName'), 'snapshotPolicy')]" + }, + "snapshotPolicyLocation": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'snapshotPolicyLocation'), '')]" + }, + "snapEnabled": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'snapEnabled'), false())]" + }, + "dailyHour": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'dailyHour'), 0)]" + }, + "dailyMinute": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'dailyMinute'), 0)]" + }, + "dailySnapshotsToKeep": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'dailySnapshotsToKeep'), 0)]" + }, + "dailyUsedBytes": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'dailyUsedBytes'), 0)]" + }, + "hourlyMinute": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'hourlyMinute'), 0)]" + }, + "hourlySnapshotsToKeep": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'hourlySnapshotsToKeep'), 0)]" + }, + "hourlyUsedBytes": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'hourlyUsedBytes'), 0)]" + }, + "daysOfMonth": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'daysOfMonth'), '')]" + }, + "monthlyHour": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'monthlyHour'), 0)]" + }, + "monthlyMinute": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'monthlyMinute'), 0)]" + }, + "monthlySnapshotsToKeep": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'monthlySnapshotsToKeep'), 0)]" + }, + "monthlyUsedBytes": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'monthlyUsedBytes'), 0)]" + }, + "weeklyDay": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'weeklyDay'), '')]" + }, + "weeklyHour": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'weeklyHour'), 0)]" + }, + "weeklyMinute": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'weeklyMinute'), 0)]" + }, + "weeklySnapshotsToKeep": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'weeklySnapshotsToKeep'), 0)]" + }, + "weeklyUsedBytes": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'weeklyUsedBytes'), 0)]" + }, + "backupPolicyName": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'backupPolicyName'), 'backupPolicy')]" + }, + "backupPolicyLocation": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'backupPolicyLocation'), '')]" + }, + "dailyBackupsToKeep": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'dailyBackupsToKeep'), 0)]" + }, + "backupEnabled": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'backupEnabled'), false())]" + }, + "monthlyBackupsToKeep": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'monthlyBackupsToKeep'), 0)]" + }, + "weeklyBackupsToKeep": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'weeklyBackupsToKeep'), 0)]" + }, + "backupVaultName": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'backupVaultName'), 'vault')]" + }, + "backupVaultLocation": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'backupVaultLocation'), '')]" + }, + "backupName": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'backupName'), 'backup')]" + }, + "backupLabel": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'backupLabel'), '')]" + }, + "snapshotName": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'snapshotName'), 'snapshot')]" + }, + "useExistingSnapshot": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'useExistingSnapshot'), false())]" + }, + "volumeResourceId": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'volumeResourceId'), '')]" + }, + "volumeType": { + "value": "[coalesce(tryGet(parameters('volumes')[copyIndex()], 'volumeType'), '')]" + } }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", @@ -807,7 +939,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "1599719170493782479" + "templateHash": "6870432140728658293" }, "name": "Azure NetApp Files Capacity Pool Volumes", "description": "This module deploys an Azure NetApp Files Capacity Pool Volume.", @@ -920,6 +1052,18 @@ "description": "Optional. determines the data retrieval behavior from the cool tier to standard storage based on the read pattern for cool access enabled volumes (Default/Never/Read)." } }, + "encryptionKeySource": { + "type": "string", + "metadata": { + "description": "Optional. The source of the encryption key." + } + }, + "keyVaultPrivateEndpointResourceId": { + "type": "string", + "metadata": { + "description": "Optional. The resource ID of the key vault private endpoint." + } + }, "endpointType": { "type": "string", "metadata": { @@ -1021,12 +1165,146 @@ "description": "Optional. The name of the snapshot." } }, + "snapshotPolicyId": { + "type": "string", + "metadata": { + "description": "Optional. Snapshot Policy ResourceId." + } + }, + "snapshotPolicyName": { + "type": "string", + "metadata": { + "description": "Optional. The name of the snapshot policy." + } + }, + "snapshotPolicyLocation": { + "type": "string", + "defaultValue": "[resourceGroup().location]", + "metadata": { + "description": "Optional. The location of the snapshot policy." + } + }, + "dailyHour": { + "type": "int", + "metadata": { + "description": "Optional. The daily snapshot hour." + } + }, + "dailyMinute": { + "type": "int", + "metadata": { + "description": "Optional. The daily snapshot minute." + } + }, + "dailySnapshotsToKeep": { + "type": "int", + "metadata": { + "description": "Optional. Daily snapshot count to keep." + } + }, + "dailyUsedBytes": { + "type": "int", + "metadata": { + "description": "Optional. Daily snapshot used bytes." + } + }, + "hourlyMinute": { + "type": "int", + "metadata": { + "description": "Optional. The hourly snapshot minute." + } + }, + "hourlySnapshotsToKeep": { + "type": "int", + "metadata": { + "description": "Optional. Hourly snapshot count to keep." + } + }, + "hourlyUsedBytes": { + "type": "int", + "metadata": { + "description": "Optional. Hourly snapshot used bytes." + } + }, + "daysOfMonth": { + "type": "string", + "metadata": { + "description": "Optional. The monthly snapshot day." + } + }, + "monthlyHour": { + "type": "int", + "metadata": { + "description": "Optional. The monthly snapshot hour." + } + }, + "monthlyMinute": { + "type": "int", + "metadata": { + "description": "Optional. The monthly snapshot minute." + } + }, + "monthlySnapshotsToKeep": { + "type": "int", + "metadata": { + "description": "Optional. Monthly snapshot count to keep." + } + }, + "monthlyUsedBytes": { + "type": "int", + "metadata": { + "description": "Optional. Monthly snapshot used bytes." + } + }, + "weeklyDay": { + "type": "string", + "metadata": { + "description": "Optional. The weekly snapshot day." + } + }, + "weeklyHour": { + "type": "int", + "metadata": { + "description": "Optional. The weekly snapshot hour." + } + }, + "weeklyMinute": { + "type": "int", + "metadata": { + "description": "Optional. The weekly snapshot minute." + } + }, + "weeklySnapshotsToKeep": { + "type": "int", + "metadata": { + "description": "Optional. Weekly snapshot count to keep." + } + }, + "weeklyUsedBytes": { + "type": "int", + "metadata": { + "description": "Optional. Weekly snapshot used bytes." + } + }, + "snapEnabled": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Indicates whether the snapshot policy is enabled." + } + }, "volumeResourceId": { "type": "string", "metadata": { "description": "Optional. The resource ID of the volume." } }, + "volumeType": { + "type": "string", + "metadata": { + "description": "Optional. The type of the volume. DataProtection volumes are used for replication." + } + }, "name": { "type": "string", "metadata": { @@ -1135,7 +1413,7 @@ "netAppAccount::capacityPool": { "existing": true, "type": "Microsoft.NetApp/netAppAccounts/capacityPools", - "apiVersion": "2023-07-01", + "apiVersion": "2024-03-01", "name": "[format('{0}/{1}', parameters('netAppAccountName'), parameters('capacityPoolName'))]", "dependsOn": [ "netAppAccount" @@ -1144,24 +1422,62 @@ "netAppAccount": { "existing": true, "type": "Microsoft.NetApp/netAppAccounts", - "apiVersion": "2023-07-01", + "apiVersion": "2024-03-01", "name": "[parameters('netAppAccountName')]" }, "volume": { "type": "Microsoft.NetApp/netAppAccounts/capacityPools/volumes", - "apiVersion": "2023-07-01", + "apiVersion": "2024-03-01", "name": "[format('{0}/{1}/{2}', parameters('netAppAccountName'), parameters('capacityPoolName'), parameters('name'))]", "location": "[parameters('location')]", - "properties": "[shallowMerge(createArray(createObject('coolAccess', parameters('coolAccess'), 'coolAccessRetrievalPolicy', parameters('coolAccessRetrievalPolicy'), 'coolnessPeriod', parameters('coolnessPeriod')), if(not(equals(parameters('endpointType'), '')), createObject('dataProtection', createObject('replication', createObject('endpointType', parameters('endpointType'), 'remoteVolumeRegion', parameters('remoteVolumeRegion'), 'remoteVolumeResourceId', parameters('remoteVolumeResourceId'), 'replicationSchedule', parameters('replicationSchedule')))), createObject()), createObject('networkFeatures', parameters('networkFeatures'), 'serviceLevel', parameters('serviceLevel'), 'creationToken', parameters('creationToken'), 'usageThreshold', parameters('usageThreshold'), 'protocolTypes', parameters('protocolTypes'), 'subnetId', parameters('subnetResourceId'), 'exportPolicy', if(not(empty(parameters('exportPolicyRules'))), createObject('rules', parameters('exportPolicyRules')), null()))))]", + "properties": "[shallowMerge(createArray(createObject('coolAccess', parameters('coolAccess'), 'coolAccessRetrievalPolicy', parameters('coolAccessRetrievalPolicy'), 'coolnessPeriod', parameters('coolnessPeriod'), 'encryptionKeySource', parameters('encryptionKeySource')), if(not(equals(parameters('encryptionKeySource'), 'Microsoft.NetApp')), createObject('keyVaultPrivateEndpointResourceId', parameters('keyVaultPrivateEndpointResourceId')), createObject()), if(not(equals(parameters('volumeType'), '')), createObject('volumeType', parameters('volumeType'), 'dataProtection', createObject('replication', createObject('endpointType', parameters('endpointType'), 'remoteVolumeRegion', parameters('remoteVolumeRegion'), 'remoteVolumeResourceId', parameters('remoteVolumeResourceId'), 'replicationSchedule', parameters('replicationSchedule')), 'snapshot', createObject('snapshotPolicyId', parameters('snapshotPolicyId')))), createObject()), createObject('networkFeatures', parameters('networkFeatures'), 'serviceLevel', parameters('serviceLevel'), 'creationToken', parameters('creationToken'), 'usageThreshold', parameters('usageThreshold'), 'protocolTypes', parameters('protocolTypes'), 'subnetId', parameters('subnetResourceId'), 'exportPolicy', if(not(empty(parameters('exportPolicyRules'))), createObject('rules', parameters('exportPolicyRules')), null()))))]", "zones": "[parameters('zones')]", "dependsOn": [ "netAppAccount::capacityPool" ] }, + "snapshotPolicies": { + "condition": "[parameters('snapEnabled')]", + "type": "Microsoft.NetApp/netAppAccounts/snapshotPolicies", + "apiVersion": "2024-03-01", + "name": "[format('{0}/{1}', parameters('netAppAccountName'), parameters('snapshotPolicyName'))]", + "location": "[parameters('snapshotPolicyLocation')]", + "properties": { + "enabled": "[parameters('snapEnabled')]", + "dailySchedule": { + "hour": "[parameters('dailyHour')]", + "minute": "[parameters('dailyMinute')]", + "snapshotsToKeep": "[parameters('dailySnapshotsToKeep')]", + "usedBytes": "[parameters('dailyUsedBytes')]" + }, + "hourlySchedule": { + "minute": "[parameters('hourlyMinute')]", + "snapshotsToKeep": "[parameters('hourlySnapshotsToKeep')]", + "usedBytes": "[parameters('hourlyUsedBytes')]" + }, + "monthlySchedule": { + "daysOfMonth": "[parameters('daysOfMonth')]", + "hour": "[parameters('monthlyHour')]", + "minute": "[parameters('monthlyMinute')]", + "snapshotsToKeep": "[parameters('monthlySnapshotsToKeep')]", + "usedBytes": "[parameters('monthlyUsedBytes')]" + }, + "weeklySchedule": { + "day": "[parameters('weeklyDay')]", + "hour": "[parameters('weeklyHour')]", + "minute": "[parameters('weeklyMinute')]", + "snapshotsToKeep": "[parameters('weeklySnapshotsToKeep')]", + "usedBytes": "[parameters('weeklyUsedBytes')]" + } + }, + "dependsOn": [ + "netAppAccount" + ] + }, "backupPolicies": { "condition": "[parameters('backupEnabled')]", "type": "Microsoft.NetApp/netAppAccounts/backupPolicies", - "apiVersion": "2023-11-01", + "apiVersion": "2024-03-01", "name": "[format('{0}/{1}', parameters('netAppAccountName'), parameters('backupPolicyName'))]", "location": "[parameters('backupPolicyLocation')]", "properties": { @@ -1177,7 +1493,7 @@ "backupVaults": { "condition": "[parameters('backupEnabled')]", "type": "Microsoft.NetApp/netAppAccounts/backupVaults", - "apiVersion": "2023-05-01-preview", + "apiVersion": "2024-03-01", "name": "[format('{0}/{1}', parameters('netAppAccountName'), parameters('backupVaultName'))]", "location": "[parameters('backupVaultLocation')]", "properties": {}, @@ -1188,7 +1504,7 @@ "backups": { "condition": "[parameters('backupEnabled')]", "type": "Microsoft.NetApp/netAppAccounts/backupVaults/backups", - "apiVersion": "2023-05-01-preview", + "apiVersion": "2024-03-01", "name": "[format('{0}/{1}/{2}', parameters('netAppAccountName'), parameters('backupVaultName'), parameters('backupName'))]", "properties": "[if(parameters('backupEnabled'), createObject('label', parameters('backupLabel'), 'snapshotName', parameters('snapshotName'), 'useExistingSnapshot', parameters('useExistingSnapshot'), 'volumeResourceId', parameters('volumeResourceId')), createObject())]", "dependsOn": [ @@ -1245,7 +1561,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference('volume', '2023-07-01', 'full').location]" + "value": "[reference('volume', '2024-03-01', 'full').location]" } } } @@ -1283,7 +1599,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference('capacityPool', '2023-07-01', 'full').location]" + "value": "[reference('capacityPool', '2024-03-01', 'full').location]" }, "volumeResourceId": { "type": "string", @@ -1327,7 +1643,7 @@ "metadata": { "description": "The location the resource was deployed into." }, - "value": "[reference('netAppAccount', '2023-07-01', 'full').location]" + "value": "[reference('netAppAccount', '2024-03-01', 'full').location]" }, "volumeResourceId": { "type": "string", diff --git a/avm/res/net-app/net-app-account/tests/e2e/max/main.test.bicep b/avm/res/net-app/net-app-account/tests/e2e/max/main.test.bicep index f0054227f1..0dc7ad7b1f 100644 --- a/avm/res/net-app/net-app-account/tests/e2e/max/main.test.bicep +++ b/avm/res/net-app/net-app-account/tests/e2e/max/main.test.bicep @@ -21,6 +21,9 @@ param serviceShort string = 'nanaamax' @description('Optional. A token to inject into the name of each resource.') param namePrefix string = '#_namePrefix_#' +@description('Optional. The source of the encryption key.') +param encryptionKeySource string = 'Microsoft.NetApp' + // ============ // // Dependencies // // ============ // @@ -79,6 +82,7 @@ module testDeployment '../../../main.bicep' = { name: '${namePrefix}-${serviceShort}-vol-001' zones: ['1'] networkFeatures: 'Standard' + encryptionKeySource: encryptionKeySource protocolTypes: [ 'NFSv4.1' ] @@ -106,6 +110,7 @@ module testDeployment '../../../main.bicep' = { name: '${namePrefix}-${serviceShort}-vol-002' zones: ['1'] networkFeatures: 'Standard' + encryptionKeySource: encryptionKeySource protocolTypes: [ 'NFSv4.1' ] diff --git a/avm/res/net-app/net-app-account/tests/e2e/nfs3/main.test.bicep b/avm/res/net-app/net-app-account/tests/e2e/nfs3/main.test.bicep index 23282163a3..2a49696c4e 100644 --- a/avm/res/net-app/net-app-account/tests/e2e/nfs3/main.test.bicep +++ b/avm/res/net-app/net-app-account/tests/e2e/nfs3/main.test.bicep @@ -21,6 +21,9 @@ param serviceShort string = 'nanaanfs3' @description('Optional. A token to inject into the name of each resource.') param namePrefix string = '#_namePrefix_#' +@description('Optional. The source of the encryption key.') +param encryptionKeySource string = 'Microsoft.NetApp' + // ============ // // Dependencies // // ============ // @@ -79,6 +82,7 @@ module testDeployment '../../../main.bicep' = { name: '${namePrefix}-${serviceShort}-vol-001' zones: ['1'] networkFeatures: 'Standard' + encryptionKeySource: encryptionKeySource protocolTypes: [ 'NFSv3' ] @@ -96,6 +100,7 @@ module testDeployment '../../../main.bicep' = { name: '${namePrefix}-${serviceShort}-vol-002' zones: ['1'] networkFeatures: 'Standard' + encryptionKeySource: encryptionKeySource protocolTypes: [ 'NFSv3' ] diff --git a/avm/res/network/front-door-web-application-firewall-policy/main.bicep b/avm/res/network/front-door-web-application-firewall-policy/main.bicep index c8b742477e..de60fe5ffc 100644 --- a/avm/res/network/front-door-web-application-firewall-policy/main.bicep +++ b/avm/res/network/front-door-web-application-firewall-policy/main.bicep @@ -102,7 +102,7 @@ var formattedRoleAssignments = [ #disable-next-line no-deployments-resources resource avmTelemetry 'Microsoft.Resources/deployments@2024-03-01' = if (enableTelemetry) { - name: '46d3xbcp.network-frontdoorwebappfirewallpolicy.${replace('-..--..-', '.', '-')}.${substring(uniqueString(deployment().name, location), 0, 4)}' + name: '46d3xbcp.res.network-frontdoorwebappfwpolicy.${replace('-..--..-', '.', '-')}.${substring(uniqueString(deployment().name, location), 0, 4)}' properties: { mode: 'Incremental' template: { diff --git a/avm/res/network/front-door-web-application-firewall-policy/main.json b/avm/res/network/front-door-web-application-firewall-policy/main.json index 6e27f2abbf..52958c1ef6 100644 --- a/avm/res/network/front-door-web-application-firewall-policy/main.json +++ b/avm/res/network/front-door-web-application-firewall-policy/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "6149649967109808609" + "templateHash": "12441964439062961983" }, "name": "Front Door Web Application Firewall (WAF) Policies", "description": "This module deploys a Front Door Web Application Firewall (WAF) Policy.", @@ -247,7 +247,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.network-frontdoorwebappfirewallpolicy.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-frontdoorwebappfwpolicy.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { diff --git a/avm/res/search/search-service/README.md b/avm/res/search/search-service/README.md index 80ed4a900e..ecaf955671 100644 --- a/avm/res/search/search-service/README.md +++ b/avm/res/search/search-service/README.md @@ -322,9 +322,13 @@ module searchService 'br/public:avm/res/search/search-service:' = { applicationSecurityGroupResourceIds: [ '' ] - privateDnsZoneResourceIds: [ - '' - ] + privateDnsZoneGroup: { + privateDnsZoneGroupConfigs: [ + { + privateDnsZoneResourceId: '' + } + ] + } subnetResourceId: '' tags: { Environment: 'Non-Prod' @@ -332,13 +336,17 @@ module searchService 'br/public:avm/res/search/search-service:' = { } } { - privateDnsZoneResourceIds: [ - '' - ] + privateDnsZoneGroup: { + privateDnsZoneGroupConfigs: [ + { + privateDnsZoneResourceId: '' + } + ] + } subnetResourceId: '' } ] - publicNetworkAccess: 'disabled' + publicNetworkAccess: 'Disabled' sharedPrivateLinkResources: [ { groupId: 'blob' @@ -387,9 +395,13 @@ module searchService 'br/public:avm/res/search/search-service:' = { "applicationSecurityGroupResourceIds": [ "" ], - "privateDnsZoneResourceIds": [ - "" - ], + "privateDnsZoneGroup": { + "privateDnsZoneGroupConfigs": [ + { + "privateDnsZoneResourceId": "" + } + ] + }, "subnetResourceId": "", "tags": { "Environment": "Non-Prod", @@ -397,15 +409,19 @@ module searchService 'br/public:avm/res/search/search-service:' = { } }, { - "privateDnsZoneResourceIds": [ - "" - ], + "privateDnsZoneGroup": { + "privateDnsZoneGroupConfigs": [ + { + "privateDnsZoneResourceId": "" + } + ] + }, "subnetResourceId": "" } ] }, "publicNetworkAccess": { - "value": "disabled" + "value": "Disabled" }, "sharedPrivateLinkResources": { "value": [ @@ -627,7 +643,7 @@ module searchService 'br/public:avm/res/search/search-service:' = { | [`networkRuleSet`](#parameter-networkruleset) | object | Network specific rules that determine how the Azure Cognitive Search service may be reached. | | [`partitionCount`](#parameter-partitioncount) | int | The number of partitions in the search service; if specified, it can be 1, 2, 3, 4, 6, or 12. Values greater than 1 are only valid for standard SKUs. For 'standard3' services with hostingMode set to 'highDensity', the allowed values are between 1 and 3. | | [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | -| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | This value can be set to 'enabled' to avoid breaking changes on existing customer resources and templates. If set to 'disabled', traffic over public interface is not allowed, and private endpoint connections would be the exclusive access method. | +| [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | This value can be set to 'Enabled' to avoid breaking changes on existing customer resources and templates. If set to 'Disabled', traffic over public interface is not allowed, and private endpoint connections would be the exclusive access method. | | [`replicaCount`](#parameter-replicacount) | int | The number of replicas in the search service. If specified, it must be a value between 1 and 12 inclusive for standard SKUs or between 1 and 3 inclusive for basic SKU. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignments to create. | | [`semanticSearch`](#parameter-semanticsearch) | string | Sets options that control the availability of semantic search. This configuration is only possible for certain search SKUs in certain locations. | @@ -958,8 +974,7 @@ Configuration details for private endpoints. For security reasons, it is recomme | [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | | [`manualConnectionRequestMessage`](#parameter-privateendpointsmanualconnectionrequestmessage) | string | A message passed to the owner of the remote resource with the manual connection request. | | [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. | -| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | +| [`privateDnsZoneGroup`](#parameter-privateendpointsprivatednszonegroup) | object | The private DNS zone group to configure for the private endpoint. | | [`privateLinkServiceConnectionName`](#parameter-privateendpointsprivatelinkserviceconnectionname) | string | The name of the private link connection to create. | | [`resourceGroupName`](#parameter-privateendpointsresourcegroupname) | string | Specify if you want to deploy the Private Endpoint into a different resource group than the main resource. | | [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | @@ -1143,19 +1158,64 @@ The name of the private endpoint. - Required: No - Type: string -### Parameter: `privateEndpoints.privateDnsZoneGroupName` +### Parameter: `privateEndpoints.privateDnsZoneGroup` + +The private DNS zone group to configure for the private endpoint. + +- Required: No +- Type: object + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`privateDnsZoneGroupConfigs`](#parameter-privateendpointsprivatednszonegroupprivatednszonegroupconfigs) | array | The private DNS zone groups to associate the private endpoint. A DNS zone group can support up to 5 DNS zones. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the Private DNS Zone Group. | + +### Parameter: `privateEndpoints.privateDnsZoneGroup.privateDnsZoneGroupConfigs` + +The private DNS zone groups to associate the private endpoint. A DNS zone group can support up to 5 DNS zones. + +- Required: Yes +- Type: array + +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`privateDnsZoneResourceId`](#parameter-privateendpointsprivatednszonegroupprivatednszonegroupconfigsprivatednszoneresourceid) | string | The resource id of the private DNS zone. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-privateendpointsprivatednszonegroupprivatednszonegroupconfigsname) | string | The name of the private DNS zone group config. | + +### Parameter: `privateEndpoints.privateDnsZoneGroup.privateDnsZoneGroupConfigs.privateDnsZoneResourceId` + +The resource id of the private DNS zone. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.privateDnsZoneGroup.privateDnsZoneGroupConfigs.name` -The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. +The name of the private DNS zone group config. - Required: No - Type: string -### Parameter: `privateEndpoints.privateDnsZoneResourceIds` +### Parameter: `privateEndpoints.privateDnsZoneGroup.name` -The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. +The name of the Private DNS Zone Group. - Required: No -- Type: array +- Type: string ### Parameter: `privateEndpoints.privateLinkServiceConnectionName` @@ -1284,16 +1344,16 @@ Tags to be applied on all resources/resource groups in this deployment. ### Parameter: `publicNetworkAccess` -This value can be set to 'enabled' to avoid breaking changes on existing customer resources and templates. If set to 'disabled', traffic over public interface is not allowed, and private endpoint connections would be the exclusive access method. +This value can be set to 'Enabled' to avoid breaking changes on existing customer resources and templates. If set to 'Disabled', traffic over public interface is not allowed, and private endpoint connections would be the exclusive access method. - Required: No - Type: string -- Default: `'enabled'` +- Default: `'Enabled'` - Allowed: ```Bicep [ - 'disabled' - 'enabled' + 'Disabled' + 'Enabled' ] ``` @@ -1459,6 +1519,7 @@ Tags to help categorize the resource in the Azure portal. | :-- | :-- | :-- | | `location` | string | The location the resource was deployed into. | | `name` | string | The name of the search service. | +| `privateEndpoints` | array | The private endpoints of the search service. | | `resourceGroupName` | string | The name of the resource group the search service was created in. | | `resourceId` | string | The resource ID of the search service. | | `systemAssignedMIPrincipalId` | string | The principal ID of the system assigned identity. | @@ -1469,7 +1530,7 @@ This section gives you an overview of all local-referenced module files (i.e., o | Reference | Type | | :-- | :-- | -| `br/public:avm/res/network/private-endpoint:0.6.1` | Remote reference | +| `br/public:avm/res/network/private-endpoint:0.7.1` | Remote reference | ## Data Collection diff --git a/avm/res/search/search-service/main.bicep b/avm/res/search/search-service/main.bicep index 2aca3b421e..bc455a8f68 100644 --- a/avm/res/search/search-service/main.bicep +++ b/avm/res/search/search-service/main.bicep @@ -53,12 +53,12 @@ param privateEndpoints privateEndpointType @description('Optional. The sharedPrivateLinkResources to create as part of the search Service.') param sharedPrivateLinkResources array = [] -@description('Optional. This value can be set to \'enabled\' to avoid breaking changes on existing customer resources and templates. If set to \'disabled\', traffic over public interface is not allowed, and private endpoint connections would be the exclusive access method.') +@description('Optional. This value can be set to \'Enabled\' to avoid breaking changes on existing customer resources and templates. If set to \'Disabled\', traffic over public interface is not allowed, and private endpoint connections would be the exclusive access method.') @allowed([ - 'enabled' - 'disabled' + 'Enabled' + 'Disabled' ]) -param publicNetworkAccess string = 'enabled' +param publicNetworkAccess string = 'Enabled' @description('Optional. The number of replicas in the search service. If specified, it must be a value between 1 and 12 inclusive for standard SKUs or between 1 and 3 inclusive for basic SKU.') @minValue(1) @@ -158,7 +158,7 @@ var formattedRoleAssignments = [ #disable-next-line no-deployments-resources resource avmTelemetry 'Microsoft.Resources/deployments@2024-03-01' = if (enableTelemetry) { - name: '46d3xbcp.search-searchservice.${replace('-..--..-', '.', '-')}.${substring(uniqueString(deployment().name, location), 0, 4)}' + name: '46d3xbcp.res.search-searchservice.${replace('-..--..-', '.', '-')}.${substring(uniqueString(deployment().name, location), 0, 4)}' properties: { mode: 'Incremental' template: { @@ -193,7 +193,7 @@ resource searchService 'Microsoft.Search/searchServices@2024-03-01-preview' = { networkRuleSet: networkRuleSet partitionCount: partitionCount replicaCount: replicaCount - publicNetworkAccess: publicNetworkAccess + publicNetworkAccess: toLower(publicNetworkAccess) semanticSearch: semanticSearch } } @@ -254,7 +254,7 @@ resource searchService_roleAssignments 'Microsoft.Authorization/roleAssignments@ } ] -module searchService_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.6.1' = [ +module searchService_privateEndpoints 'br/public:avm/res/network/private-endpoint:0.7.1' = [ for (privateEndpoint, index) in (privateEndpoints ?? []): { name: '${uniqueString(deployment().name, location)}-searchService-PrivateEndpoint-${index}' scope: resourceGroup(privateEndpoint.?resourceGroupName ?? '') @@ -295,8 +295,7 @@ module searchService_privateEndpoints 'br/public:avm/res/network/private-endpoin 'Full' ).location lock: privateEndpoint.?lock ?? lock - privateDnsZoneGroupName: privateEndpoint.?privateDnsZoneGroupName - privateDnsZoneResourceIds: privateEndpoint.?privateDnsZoneResourceIds + privateDnsZoneGroup: privateEndpoint.?privateDnsZoneGroup roleAssignments: privateEndpoint.?roleAssignments tags: privateEndpoint.?tags ?? tags customDnsConfigs: privateEndpoint.?customDnsConfigs @@ -315,9 +314,7 @@ module searchService_sharedPrivateLinkResources 'shared-private-link-resource/ma for (sharedPrivateLinkResource, index) in sharedPrivateLinkResources: { name: '${uniqueString(deployment().name, location)}-searchService-SharedPrivateLink-${index}' params: { - name: contains(sharedPrivateLinkResource, 'name') - ? sharedPrivateLinkResource.name - : 'spl-${last(split(searchService.id, '/'))}-${sharedPrivateLinkResource.groupId}-${index}' + name: sharedPrivateLinkResource.?name ?? 'spl-${last(split(searchService.id, '/'))}-${sharedPrivateLinkResource.groupId}-${index}' searchServiceName: searchService.name privateLinkResourceId: sharedPrivateLinkResource.privateLinkResourceId groupId: sharedPrivateLinkResource.groupId @@ -346,6 +343,17 @@ output systemAssignedMIPrincipalId string = searchService.?identity.?principalId @description('The location the resource was deployed into.') output location string = searchService.location +@description('The private endpoints of the search service.') +output privateEndpoints array = [ + for (pe, i) in (!empty(privateEndpoints) ? array(privateEndpoints) : []): { + name: searchService_privateEndpoints[i].outputs.name + resourceId: searchService_privateEndpoints[i].outputs.resourceId + groupId: searchService_privateEndpoints[i].outputs.groupId + customDnsConfig: searchService_privateEndpoints[i].outputs.customDnsConfig + networkInterfaceIds: searchService_privateEndpoints[i].outputs.networkInterfaceIds + } +] + // =============== // // Definitions // // =============== // @@ -408,11 +416,20 @@ type privateEndpointType = { @description('Required. Resource ID of the subnet where the endpoint needs to be created.') subnetResourceId: string - @description('Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided.') - privateDnsZoneGroupName: string? + @description('Optional. The private DNS zone group to configure for the private endpoint.') + privateDnsZoneGroup: { + @description('Optional. The name of the Private DNS Zone Group.') + name: string? + + @description('Required. The private DNS zone groups to associate the private endpoint. A DNS zone group can support up to 5 DNS zones.') + privateDnsZoneGroupConfigs: { + @description('Optional. The name of the private DNS zone group config.') + name: string? - @description('Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones.') - privateDnsZoneResourceIds: string[]? + @description('Required. The resource id of the private DNS zone.') + privateDnsZoneResourceId: string + }[] + }? @description('Optional. If Manual Private Link Connection is required.') isManualConnection: bool? diff --git a/avm/res/search/search-service/main.json b/avm/res/search/search-service/main.json index baa40b9b9c..04beacbf9e 100644 --- a/avm/res/search/search-service/main.json +++ b/avm/res/search/search-service/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "15785260316401338655" + "templateHash": "10051405020131908010" }, "name": "Search Services", "description": "This module deploys a Search Service.", @@ -173,21 +173,44 @@ "description": "Required. Resource ID of the subnet where the endpoint needs to be created." } }, - "privateDnsZoneGroupName": { - "type": "string", - "nullable": true, - "metadata": { - "description": "Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided." - } - }, - "privateDnsZoneResourceIds": { - "type": "array", - "items": { - "type": "string" + "privateDnsZoneGroup": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name of the Private DNS Zone Group." + } + }, + "privateDnsZoneGroupConfigs": { + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name of the private DNS zone group config." + } + }, + "privateDnsZoneResourceId": { + "type": "string", + "metadata": { + "description": "Required. The resource id of the private DNS zone." + } + } + } + }, + "metadata": { + "description": "Required. The private DNS zone groups to associate the private endpoint. A DNS zone group can support up to 5 DNS zones." + } + } }, "nullable": true, "metadata": { - "description": "Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones." + "description": "Optional. The private DNS zone group to configure for the private endpoint." } }, "isManualConnection": { @@ -547,13 +570,13 @@ }, "publicNetworkAccess": { "type": "string", - "defaultValue": "enabled", + "defaultValue": "Enabled", "allowedValues": [ - "enabled", - "disabled" + "Enabled", + "Disabled" ], "metadata": { - "description": "Optional. This value can be set to 'enabled' to avoid breaking changes on existing customer resources and templates. If set to 'disabled', traffic over public interface is not allowed, and private endpoint connections would be the exclusive access method." + "description": "Optional. This value can be set to 'Enabled' to avoid breaking changes on existing customer resources and templates. If set to 'Disabled', traffic over public interface is not allowed, and private endpoint connections would be the exclusive access method." } }, "replicaCount": { @@ -645,7 +668,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.search-searchservice.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.search-searchservice.{0}.{1}', replace('-..--..-', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -681,7 +704,7 @@ "networkRuleSet": "[parameters('networkRuleSet')]", "partitionCount": "[parameters('partitionCount')]", "replicaCount": "[parameters('replicaCount')]", - "publicNetworkAccess": "[parameters('publicNetworkAccess')]", + "publicNetworkAccess": "[toLower(parameters('publicNetworkAccess'))]", "semanticSearch": "[parameters('semanticSearch')]" } }, @@ -794,11 +817,8 @@ "lock": { "value": "[coalesce(tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'lock'), parameters('lock'))]" }, - "privateDnsZoneGroupName": { - "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateDnsZoneGroupName')]" - }, - "privateDnsZoneResourceIds": { - "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateDnsZoneResourceIds')]" + "privateDnsZoneGroup": { + "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'privateDnsZoneGroup')]" }, "roleAssignments": { "value": "[tryGet(coalesce(parameters('privateEndpoints'), createArray())[copyIndex()], 'roleAssignments')]" @@ -827,13 +847,34 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "13720311665093076615" + "templateHash": "1277254088602407590" }, "name": "Private Endpoints", "description": "This module deploys a Private Endpoint.", "owner": "Azure/module-maintainers" }, "definitions": { + "privateDnsZoneGroupType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name of the Private DNS Zone Group." + } + }, + "privateDnsZoneGroupConfigs": { + "type": "array", + "items": { + "$ref": "#/definitions/privateDnsZoneGroupConfigType" + }, + "metadata": { + "description": "Required. The private DNS zone groups to associate the private endpoint. A DNS zone group can support up to 5 DNS zones." + } + } + } + }, "roleAssignmentType": { "type": "array", "items": { @@ -1085,6 +1126,29 @@ } }, "nullable": true + }, + "privateDnsZoneGroupConfigType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name of the private DNS zone group config." + } + }, + "privateDnsZoneResourceId": { + "type": "string", + "metadata": { + "description": "Required. The resource id of the private DNS zone." + } + } + }, + "metadata": { + "__bicep_imported_from!": { + "sourceTemplate": "private-dns-zone-group/main.bicep" + } + } } }, "parameters": { @@ -1120,18 +1184,11 @@ "description": "Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints." } }, - "privateDnsZoneGroupName": { - "type": "string", + "privateDnsZoneGroup": { + "$ref": "#/definitions/privateDnsZoneGroupType", "nullable": true, "metadata": { - "description": "Optional. The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided." - } - }, - "privateDnsZoneResourceIds": { - "type": "array", - "nullable": true, - "metadata": { - "description": "Optional. The private DNS zone groups to associate the private endpoint. A DNS zone group can support up to 5 DNS zones." + "description": "Optional. The private DNS zone group to configure for the private endpoint." } }, "location": { @@ -1212,7 +1269,7 @@ "condition": "[parameters('enableTelemetry')]", "type": "Microsoft.Resources/deployments", "apiVersion": "2024-03-01", - "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.6.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", + "name": "[format('46d3xbcp.res.network-privateendpoint.{0}.{1}', replace('0.7.1', '.', '-'), substring(uniqueString(deployment().name, parameters('location')), 0, 4))]", "properties": { "mode": "Incremental", "template": { @@ -1291,7 +1348,7 @@ ] }, "privateEndpoint_privateDnsZoneGroup": { - "condition": "[not(empty(parameters('privateDnsZoneResourceIds')))]", + "condition": "[not(empty(parameters('privateDnsZoneGroup')))]", "type": "Microsoft.Resources/deployments", "apiVersion": "2022-09-01", "name": "[format('{0}-PrivateEndpoint-PrivateDnsZoneGroup', uniqueString(deployment().name))]", @@ -1302,28 +1359,52 @@ "mode": "Incremental", "parameters": { "name": { - "value": "[coalesce(parameters('privateDnsZoneGroupName'), 'default')]" - }, - "privateDNSResourceIds": { - "value": "[coalesce(parameters('privateDnsZoneResourceIds'), createArray())]" + "value": "[tryGet(parameters('privateDnsZoneGroup'), 'name')]" }, "privateEndpointName": { "value": "[parameters('name')]" + }, + "privateDnsZoneConfigs": { + "value": "[parameters('privateDnsZoneGroup').privateDnsZoneGroupConfigs]" } }, "template": { "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "languageVersion": "2.0", "contentVersion": "1.0.0.0", "metadata": { "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "15263454436186512874" + "templateHash": "5805178546717255803" }, "name": "Private Endpoint Private DNS Zone Groups", "description": "This module deploys a Private Endpoint Private DNS Zone Group.", "owner": "Azure/module-maintainers" }, + "definitions": { + "privateDnsZoneGroupConfigType": { + "type": "object", + "properties": { + "name": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. The name of the private DNS zone group config." + } + }, + "privateDnsZoneResourceId": { + "type": "string", + "metadata": { + "description": "Required. The resource id of the private DNS zone." + } + } + }, + "metadata": { + "__bicep_export!": true + } + } + }, "parameters": { "privateEndpointName": { "type": "string", @@ -1331,12 +1412,15 @@ "description": "Conditional. The name of the parent private endpoint. Required if the template is used in a standalone deployment." } }, - "privateDNSResourceIds": { + "privateDnsZoneConfigs": { "type": "array", + "items": { + "$ref": "#/definitions/privateDnsZoneGroupConfigType" + }, "minLength": 1, "maxLength": 5, "metadata": { - "description": "Required. Array of private DNS zone resource IDs. A DNS zone group can support up to 5 DNS zones." + "description": "Required. Array of private DNS zone configurations of the private DNS zone group. A DNS zone group can support up to 5 DNS zones." } }, "name": { @@ -1350,27 +1434,36 @@ "variables": { "copy": [ { - "name": "privateDnsZoneConfigs", - "count": "[length(parameters('privateDNSResourceIds'))]", + "name": "privateDnsZoneConfigsVar", + "count": "[length(parameters('privateDnsZoneConfigs'))]", "input": { - "name": "[last(split(parameters('privateDNSResourceIds')[copyIndex('privateDnsZoneConfigs')], '/'))]", + "name": "[coalesce(tryGet(parameters('privateDnsZoneConfigs')[copyIndex('privateDnsZoneConfigsVar')], 'name'), last(split(parameters('privateDnsZoneConfigs')[copyIndex('privateDnsZoneConfigsVar')].privateDnsZoneResourceId, '/')))]", "properties": { - "privateDnsZoneId": "[parameters('privateDNSResourceIds')[copyIndex('privateDnsZoneConfigs')]]" + "privateDnsZoneId": "[parameters('privateDnsZoneConfigs')[copyIndex('privateDnsZoneConfigsVar')].privateDnsZoneResourceId]" } } } ] }, - "resources": [ - { + "resources": { + "privateEndpoint": { + "existing": true, + "type": "Microsoft.Network/privateEndpoints", + "apiVersion": "2023-11-01", + "name": "[parameters('privateEndpointName')]" + }, + "privateDnsZoneGroup": { "type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups", "apiVersion": "2023-11-01", "name": "[format('{0}/{1}', parameters('privateEndpointName'), parameters('name'))]", "properties": { - "privateDnsZoneConfigs": "[variables('privateDnsZoneConfigs')]" - } + "privateDnsZoneConfigs": "[variables('privateDnsZoneConfigsVar')]" + }, + "dependsOn": [ + "privateEndpoint" + ] } - ], + }, "outputs": { "name": { "type": "string", @@ -1437,6 +1530,13 @@ }, "value": "[reference('privateEndpoint').customDnsConfigs]" }, + "networkInterfaceIds": { + "type": "array", + "metadata": { + "description": "The IDs of the network interfaces associated with the private endpoint." + }, + "value": "[reference('privateEndpoint').networkInterfaces]" + }, "groupId": { "type": "string", "metadata": { @@ -1467,7 +1567,9 @@ }, "mode": "Incremental", "parameters": { - "name": "[if(contains(parameters('sharedPrivateLinkResources')[copyIndex()], 'name'), createObject('value', parameters('sharedPrivateLinkResources')[copyIndex()].name), createObject('value', format('spl-{0}-{1}-{2}', last(split(resourceId('Microsoft.Search/searchServices', parameters('name')), '/')), parameters('sharedPrivateLinkResources')[copyIndex()].groupId, copyIndex())))]", + "name": { + "value": "[coalesce(tryGet(parameters('sharedPrivateLinkResources')[copyIndex()], 'name'), format('spl-{0}-{1}-{2}', last(split(resourceId('Microsoft.Search/searchServices', parameters('name')), '/')), parameters('sharedPrivateLinkResources')[copyIndex()].groupId, copyIndex()))]" + }, "searchServiceName": { "value": "[parameters('name')]" }, @@ -1624,6 +1726,22 @@ "description": "The location the resource was deployed into." }, "value": "[reference('searchService', '2024-03-01-preview', 'full').location]" + }, + "privateEndpoints": { + "type": "array", + "metadata": { + "description": "The private endpoints of the search service." + }, + "copy": { + "count": "[length(if(not(empty(parameters('privateEndpoints'))), array(parameters('privateEndpoints')), createArray()))]", + "input": { + "name": "[reference(format('searchService_privateEndpoints[{0}]', copyIndex())).outputs.name.value]", + "resourceId": "[reference(format('searchService_privateEndpoints[{0}]', copyIndex())).outputs.resourceId.value]", + "groupId": "[reference(format('searchService_privateEndpoints[{0}]', copyIndex())).outputs.groupId.value]", + "customDnsConfig": "[reference(format('searchService_privateEndpoints[{0}]', copyIndex())).outputs.customDnsConfig.value]", + "networkInterfaceIds": "[reference(format('searchService_privateEndpoints[{0}]', copyIndex())).outputs.networkInterfaceIds.value]" + } + } } } } \ No newline at end of file diff --git a/avm/res/search/search-service/tests/e2e/pe/main.test.bicep b/avm/res/search/search-service/tests/e2e/pe/main.test.bicep index 1743c384cc..a453e91f9d 100644 --- a/avm/res/search/search-service/tests/e2e/pe/main.test.bicep +++ b/avm/res/search/search-service/tests/e2e/pe/main.test.bicep @@ -54,15 +54,19 @@ module testDeployment '../../../main.bicep' = { params: { name: '${namePrefix}${serviceShort}001' location: resourceLocation - publicNetworkAccess: 'disabled' + publicNetworkAccess: 'Disabled' privateEndpoints: [ { applicationSecurityGroupResourceIds: [ nestedDependencies.outputs.applicationSecurityGroupResourceId ] - privateDnsZoneResourceIds: [ - nestedDependencies.outputs.privateDNSZoneResourceId - ] + privateDnsZoneGroup: { + privateDnsZoneGroupConfigs: [ + { + privateDnsZoneResourceId: nestedDependencies.outputs.privateDNSZoneResourceId + } + ] + } subnetResourceId: nestedDependencies.outputs.subnetResourceId tags: { Environment: 'Non-Prod' @@ -70,9 +74,13 @@ module testDeployment '../../../main.bicep' = { } } { - privateDnsZoneResourceIds: [ - nestedDependencies.outputs.privateDNSZoneResourceId - ] + privateDnsZoneGroup: { + privateDnsZoneGroupConfigs: [ + { + privateDnsZoneResourceId: nestedDependencies.outputs.privateDNSZoneResourceId + } + ] + } subnetResourceId: nestedDependencies.outputs.subnetResourceId } ] diff --git a/avm/res/search/search-service/version.json b/avm/res/search/search-service/version.json index a8eda31021..e42c3d9e5f 100644 --- a/avm/res/search/search-service/version.json +++ b/avm/res/search/search-service/version.json @@ -1,6 +1,6 @@ { "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.5", + "version": "0.6", "pathFilters": [ "./main.json" ] diff --git a/avm/res/web/site/README.md b/avm/res/web/site/README.md index 42a3092c6d..5d36f822dd 100644 --- a/avm/res/web/site/README.md +++ b/avm/res/web/site/README.md @@ -2070,6 +2070,7 @@ module site 'br/public:avm/res/web/site:' = { | [`location`](#parameter-location) | string | Location for all Resources. | | [`lock`](#parameter-lock) | object | The lock settings of the service. | | [`logsConfiguration`](#parameter-logsconfiguration) | object | The logs settings configuration. | +| [`managedEnvironmentId`](#parameter-managedenvironmentid) | string | Azure Resource Manager ID of the customers selected Managed Environment on which to host this app. | | [`managedIdentities`](#parameter-managedidentities) | object | The managed identity definition for this resource. | | [`msDeployConfiguration`](#parameter-msdeployconfiguration) | object | The extension MSDeployment configuration. | | [`privateEndpoints`](#parameter-privateendpoints) | array | Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. | @@ -2105,6 +2106,7 @@ Type of site to deploy. 'functionapp' 'functionapp,linux' 'functionapp,linux,container' + 'functionapp,linux,container,azurecontainerapps' 'functionapp,workflowapp' 'functionapp,workflowapp,linux' 'linux,api' @@ -2477,6 +2479,13 @@ The logs settings configuration. - Required: No - Type: object +### Parameter: `managedEnvironmentId` + +Azure Resource Manager ID of the customers selected Managed Environment on which to host this app. + +- Required: No +- Type: string + ### Parameter: `managedIdentities` The managed identity definition for this resource. diff --git a/avm/res/web/site/config--appsettings/README.md b/avm/res/web/site/config--appsettings/README.md index 4cf7e5f745..e62f230e72 100644 --- a/avm/res/web/site/config--appsettings/README.md +++ b/avm/res/web/site/config--appsettings/README.md @@ -57,6 +57,7 @@ Type of site to deploy. 'functionapp' 'functionapp,linux' 'functionapp,linux,container' + 'functionapp,linux,container,azurecontainerapps' 'functionapp,workflowapp' 'functionapp,workflowapp,linux' 'linux,api' diff --git a/avm/res/web/site/config--appsettings/main.bicep b/avm/res/web/site/config--appsettings/main.bicep index 2673285a59..2f770a7774 100644 --- a/avm/res/web/site/config--appsettings/main.bicep +++ b/avm/res/web/site/config--appsettings/main.bicep @@ -12,6 +12,7 @@ param appName string 'functionapp,workflowapp' // logic app workflow 'functionapp,workflowapp,linux' // logic app docker container 'functionapp,linux,container' // function app linux container + 'functionapp,linux,container,azurecontainerapps' // function app linux container azure container apps 'app,linux' // linux web app 'app' // windows web app 'linux,api' // linux api app diff --git a/avm/res/web/site/config--appsettings/main.json b/avm/res/web/site/config--appsettings/main.json index 3d310d7e2c..c59a554e2a 100644 --- a/avm/res/web/site/config--appsettings/main.json +++ b/avm/res/web/site/config--appsettings/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "12675357375151621299" + "templateHash": "8777070640548664577" }, "name": "Site App Settings", "description": "This module deploys a Site App Setting.", @@ -27,6 +27,7 @@ "functionapp,workflowapp", "functionapp,workflowapp,linux", "functionapp,linux,container", + "functionapp,linux,container,azurecontainerapps", "app,linux", "app", "linux,api", diff --git a/avm/res/web/site/config--authsettingsv2/README.md b/avm/res/web/site/config--authsettingsv2/README.md index 5894836b3f..ac501db552 100644 --- a/avm/res/web/site/config--authsettingsv2/README.md +++ b/avm/res/web/site/config--authsettingsv2/README.md @@ -55,6 +55,7 @@ Type of site to deploy. 'functionapp' 'functionapp,linux' 'functionapp,linux,container' + 'functionapp,linux,container,azurecontainerapps' 'functionapp,workflowapp' 'functionapp,workflowapp,linux' 'linux,api' diff --git a/avm/res/web/site/config--authsettingsv2/main.bicep b/avm/res/web/site/config--authsettingsv2/main.bicep index 3466c630fd..d5e2466c41 100644 --- a/avm/res/web/site/config--authsettingsv2/main.bicep +++ b/avm/res/web/site/config--authsettingsv2/main.bicep @@ -12,6 +12,7 @@ param appName string 'functionapp,workflowapp' // logic app workflow 'functionapp,workflowapp,linux' // logic app docker container 'functionapp,linux,container' // function app linux container + 'functionapp,linux,container,azurecontainerapps' // function app linux container azure container apps 'app,linux' // linux web app 'app' // windows web app 'linux,api' // linux api app diff --git a/avm/res/web/site/config--authsettingsv2/main.json b/avm/res/web/site/config--authsettingsv2/main.json index 597d41f573..88d23811d2 100644 --- a/avm/res/web/site/config--authsettingsv2/main.json +++ b/avm/res/web/site/config--authsettingsv2/main.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "13561813663473459290" + "templateHash": "15126303852151434516" }, "name": "Site Auth Settings V2 Config", "description": "This module deploys a Site Auth Settings V2 Configuration.", @@ -26,6 +26,7 @@ "functionapp,workflowapp", "functionapp,workflowapp,linux", "functionapp,linux,container", + "functionapp,linux,container,azurecontainerapps", "app,linux", "app", "linux,api", diff --git a/avm/res/web/site/main.bicep b/avm/res/web/site/main.bicep index b790319f6d..94bb8d7f36 100644 --- a/avm/res/web/site/main.bicep +++ b/avm/res/web/site/main.bicep @@ -15,6 +15,7 @@ param location string = resourceGroup().location 'functionapp,workflowapp' // logic app workflow 'functionapp,workflowapp,linux' // logic app docker container 'functionapp,linux,container' // function app linux container + 'functionapp,linux,container,azurecontainerapps' // function app linux container azure container apps 'app,linux' // linux web app 'app' // windows web app 'linux,api' // linux api app @@ -27,6 +28,9 @@ param kind string @description('Required. The resource ID of the app service plan to use for the site.') param serverFarmResourceId string +@description('Optional. Azure Resource Manager ID of the customers selected Managed Environment on which to host this app.') +param managedEnvironmentId string? + @description('Optional. Configures a site to accept only HTTPS requests. Issues redirect for HTTP requests.') param httpsOnly bool = true @@ -248,6 +252,7 @@ resource app 'Microsoft.Web/sites@2022-09-01' = { tags: tags identity: identity properties: { + managedEnvironmentId: !empty(managedEnvironmentId) ? managedEnvironmentId : null serverFarmId: serverFarmResourceId clientAffinityEnabled: clientAffinityEnabled httpsOnly: httpsOnly diff --git a/avm/res/web/site/main.json b/avm/res/web/site/main.json index 4fea6b57c4..f32bf97d77 100644 --- a/avm/res/web/site/main.json +++ b/avm/res/web/site/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "10365569853837835680" + "templateHash": "7467350205860855506" }, "name": "Web/Function Apps", "description": "This module deploys a Web or Function App.", @@ -474,6 +474,7 @@ "functionapp,workflowapp", "functionapp,workflowapp,linux", "functionapp,linux,container", + "functionapp,linux,container,azurecontainerapps", "app,linux", "app", "linux,api", @@ -491,6 +492,13 @@ "description": "Required. The resource ID of the app service plan to use for the site." } }, + "managedEnvironmentId": { + "type": "string", + "nullable": true, + "metadata": { + "description": "Optional. Azure Resource Manager ID of the customers selected Managed Environment on which to host this app." + } + }, "httpsOnly": { "type": "bool", "defaultValue": true, @@ -836,6 +844,7 @@ "tags": "[parameters('tags')]", "identity": "[variables('identity')]", "properties": { + "managedEnvironmentId": "[if(not(empty(parameters('managedEnvironmentId'))), parameters('managedEnvironmentId'), null())]", "serverFarmId": "[parameters('serverFarmResourceId')]", "clientAffinityEnabled": "[parameters('clientAffinityEnabled')]", "httpsOnly": "[parameters('httpsOnly')]", @@ -976,7 +985,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "12675357375151621299" + "templateHash": "8777070640548664577" }, "name": "Site App Settings", "description": "This module deploys a Site App Setting.", @@ -997,6 +1006,7 @@ "functionapp,workflowapp", "functionapp,workflowapp,linux", "functionapp,linux,container", + "functionapp,linux,container,azurecontainerapps", "app,linux", "app", "linux,api", @@ -1132,7 +1142,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "13561813663473459290" + "templateHash": "15126303852151434516" }, "name": "Site Auth Settings V2 Config", "description": "This module deploys a Site Auth Settings V2 Configuration.", @@ -1153,6 +1163,7 @@ "functionapp,workflowapp", "functionapp,workflowapp,linux", "functionapp,linux,container", + "functionapp,linux,container,azurecontainerapps", "app,linux", "app", "linux,api", @@ -1643,7 +1654,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "7829278659048205305" + "templateHash": "8134670421794628910" }, "name": "Web/Function App Deployment Slots", "description": "This module deploys a Web or Function App Deployment Slot.", @@ -2117,6 +2128,7 @@ "functionapp,workflowapp", "functionapp,workflowapp,linux", "functionapp,linux,container", + "functionapp,linux,container,azurecontainerapps", "app,linux", "app", "linux,api", @@ -2591,7 +2603,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "13666935650242306720" + "templateHash": "7111332561212908044" }, "name": "Site Slot App Settings", "description": "This module deploys a Site Slot App Setting.", @@ -2618,6 +2630,7 @@ "functionapp,workflowapp", "functionapp,workflowapp,linux", "functionapp,linux,container", + "functionapp,linux,container,azurecontainerapps", "app,linux", "app", "linux,api", @@ -2766,7 +2779,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "4716088455151443747" + "templateHash": "3412962465179136371" }, "name": "Site Slot Auth Settings V2 Config", "description": "This module deploys a Site Auth Settings V2 Configuration.", @@ -2793,6 +2806,7 @@ "functionapp,workflowapp", "functionapp,workflowapp,linux", "functionapp,linux,container", + "functionapp,linux,container,azurecontainerapps", "app,linux", "app", "linux,api", @@ -4915,4 +4929,4 @@ "value": "[reference('app').customDomainVerificationId]" } } -} \ No newline at end of file +} diff --git a/avm/res/web/site/slot/README.md b/avm/res/web/site/slot/README.md index de3466f19e..a283ad6bef 100644 --- a/avm/res/web/site/slot/README.md +++ b/avm/res/web/site/slot/README.md @@ -102,6 +102,7 @@ Type of site to deploy. 'functionapp' 'functionapp,linux' 'functionapp,linux,container' + 'functionapp,linux,container,azurecontainerapps' 'functionapp,workflowapp' 'functionapp,workflowapp,linux' 'linux,api' diff --git a/avm/res/web/site/slot/config--appsettings/README.md b/avm/res/web/site/slot/config--appsettings/README.md index 50d74670f4..8752b04ab3 100644 --- a/avm/res/web/site/slot/config--appsettings/README.md +++ b/avm/res/web/site/slot/config--appsettings/README.md @@ -58,6 +58,7 @@ Type of site to deploy. 'functionapp' 'functionapp,linux' 'functionapp,linux,container' + 'functionapp,linux,container,azurecontainerapps' 'functionapp,workflowapp' 'functionapp,workflowapp,linux' 'linux,api' diff --git a/avm/res/web/site/slot/config--appsettings/main.bicep b/avm/res/web/site/slot/config--appsettings/main.bicep index 2717a81c3e..74095161a8 100644 --- a/avm/res/web/site/slot/config--appsettings/main.bicep +++ b/avm/res/web/site/slot/config--appsettings/main.bicep @@ -15,6 +15,7 @@ param appName string 'functionapp,workflowapp' // logic app workflow 'functionapp,workflowapp,linux' // logic app docker container 'functionapp,linux,container' // function app linux container + 'functionapp,linux,container,azurecontainerapps' // function app linux container azure container apps 'app,linux' // linux web app 'app' // windows web app 'linux,api' // linux api app diff --git a/avm/res/web/site/slot/config--appsettings/main.json b/avm/res/web/site/slot/config--appsettings/main.json index 63d016017d..48ed22304b 100644 --- a/avm/res/web/site/slot/config--appsettings/main.json +++ b/avm/res/web/site/slot/config--appsettings/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "13666935650242306720" + "templateHash": "7111332561212908044" }, "name": "Site Slot App Settings", "description": "This module deploys a Site Slot App Setting.", @@ -33,6 +33,7 @@ "functionapp,workflowapp", "functionapp,workflowapp,linux", "functionapp,linux,container", + "functionapp,linux,container,azurecontainerapps", "app,linux", "app", "linux,api", diff --git a/avm/res/web/site/slot/config--authsettingsv2/README.md b/avm/res/web/site/slot/config--authsettingsv2/README.md index d0f59777ba..16cb5fdc98 100644 --- a/avm/res/web/site/slot/config--authsettingsv2/README.md +++ b/avm/res/web/site/slot/config--authsettingsv2/README.md @@ -56,6 +56,7 @@ Type of site to deploy. 'functionapp' 'functionapp,linux' 'functionapp,linux,container' + 'functionapp,linux,container,azurecontainerapps' 'functionapp,workflowapp' 'functionapp,workflowapp,linux' 'linux,api' diff --git a/avm/res/web/site/slot/config--authsettingsv2/main.bicep b/avm/res/web/site/slot/config--authsettingsv2/main.bicep index 434eb52556..7b6b50f0a4 100644 --- a/avm/res/web/site/slot/config--authsettingsv2/main.bicep +++ b/avm/res/web/site/slot/config--authsettingsv2/main.bicep @@ -15,6 +15,7 @@ param slotName string 'functionapp,workflowapp' // logic app workflow 'functionapp,workflowapp,linux' // logic app docker container 'functionapp,linux,container' // function app linux container + 'functionapp,linux,container,azurecontainerapps' // function app linux container azure container apps 'app,linux' // linux web app 'app' // windows web app 'linux,api' // linux api app diff --git a/avm/res/web/site/slot/config--authsettingsv2/main.json b/avm/res/web/site/slot/config--authsettingsv2/main.json index d12274212c..489aa559b3 100644 --- a/avm/res/web/site/slot/config--authsettingsv2/main.json +++ b/avm/res/web/site/slot/config--authsettingsv2/main.json @@ -5,7 +5,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "4716088455151443747" + "templateHash": "3412962465179136371" }, "name": "Site Slot Auth Settings V2 Config", "description": "This module deploys a Site Auth Settings V2 Configuration.", @@ -32,6 +32,7 @@ "functionapp,workflowapp", "functionapp,workflowapp,linux", "functionapp,linux,container", + "functionapp,linux,container,azurecontainerapps", "app,linux", "app", "linux,api", diff --git a/avm/res/web/site/slot/main.bicep b/avm/res/web/site/slot/main.bicep index b2a050a451..75b5dfb233 100644 --- a/avm/res/web/site/slot/main.bicep +++ b/avm/res/web/site/slot/main.bicep @@ -18,6 +18,7 @@ param location string = resourceGroup().location 'functionapp,workflowapp' // logic app workflow 'functionapp,workflowapp,linux' // logic app docker container 'functionapp,linux,container' // function app linux container + 'functionapp,linux,container,azurecontainerapps' // function app linux container azure container apps 'app,linux' // linux web app 'app' // windows web app 'linux,api' // linux api app diff --git a/avm/res/web/site/slot/main.json b/avm/res/web/site/slot/main.json index bfc274e743..f9a5b7f974 100644 --- a/avm/res/web/site/slot/main.json +++ b/avm/res/web/site/slot/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "7829278659048205305" + "templateHash": "8134670421794628910" }, "name": "Web/Function App Deployment Slots", "description": "This module deploys a Web or Function App Deployment Slot.", @@ -480,6 +480,7 @@ "functionapp,workflowapp", "functionapp,workflowapp,linux", "functionapp,linux,container", + "functionapp,linux,container,azurecontainerapps", "app,linux", "app", "linux,api", @@ -954,7 +955,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "13666935650242306720" + "templateHash": "7111332561212908044" }, "name": "Site Slot App Settings", "description": "This module deploys a Site Slot App Setting.", @@ -981,6 +982,7 @@ "functionapp,workflowapp", "functionapp,workflowapp,linux", "functionapp,linux,container", + "functionapp,linux,container,azurecontainerapps", "app,linux", "app", "linux,api", @@ -1129,7 +1131,7 @@ "_generator": { "name": "bicep", "version": "0.29.47.4906", - "templateHash": "4716088455151443747" + "templateHash": "3412962465179136371" }, "name": "Site Slot Auth Settings V2 Config", "description": "This module deploys a Site Auth Settings V2 Configuration.", @@ -1156,6 +1158,7 @@ "functionapp,workflowapp", "functionapp,workflowapp,linux", "functionapp,linux,container", + "functionapp,linux,container,azurecontainerapps", "app,linux", "app", "linux,api", @@ -2278,4 +2281,4 @@ "value": "[reference('slot', '2022-09-01', 'full').location]" } } -} \ No newline at end of file +} diff --git a/avm/res/web/site/version.json b/avm/res/web/site/version.json index a8eda31021..9ed3662aba 100644 --- a/avm/res/web/site/version.json +++ b/avm/res/web/site/version.json @@ -1,7 +1,7 @@ { "$schema": "https://aka.ms/bicep-registry-module-version-file-schema#", - "version": "0.5", + "version": "0.6", "pathFilters": [ "./main.json" ] -} \ No newline at end of file +}