Merge branch 'Azure:main' into main

hundredacres · Jul 16, 2024 · a08709e · a08709e
2 parents f58e8c9 + 9ce1720
commit a08709e
Show file tree

Hide file tree

Showing 35 changed files with 1,479 additions and 161 deletions.
diff --git a/.editorconfig b/.editorconfig
@@ -6,3 +6,9 @@ end_of_line = lf
 insert_final_newline = true
 indent_style = space
 indent_size = 2
+
+[*.ps1]
+indent_size = 4
+indent_style = space
+insert_final_newline = = true
+charset = utf-8-bom
diff --git a/.github/workflows/avm.ptn.lz.sub-vending.yml b/.github/workflows/avm.ptn.lz.sub-vending.yml
@@ -27,6 +27,7 @@ on:
       - ".github/workflows/avm.ptn.lz.sub-vending"
       - "avm/ptn/lz/sub-vending/**"
       - "avm/utilities/pipelines/**"
+      - "!avm/utilities/pipelines/platform/**"
       - "!*/**/README.md"
 
 env:

diff --git a/.github/workflows/platform.ossf-scorecard.yml b/.github/workflows/platform.ossf-scorecard.yml
@@ -68,6 +68,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard (optional).
       # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9
+        uses: github/codeql-action/upload-sarif@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12
         with:
           sarif_file: results.sarif
diff --git a/.vscode/extensions.json b/.vscode/extensions.json
@@ -1,3 +1,7 @@
 {
-  "recommendations": ["esbenp.prettier-vscode"]
-}
+  "recommendations": [
+    "esbenp.prettier-vscode",
+    "editorconfig.editorconfig",
+    "ms-vscode.powershell"
+  ]
+}
diff --git a/avm/res/net-app/net-app-account/README.md b/avm/res/net-app/net-app-account/README.md
@@ -17,9 +17,12 @@ This module deploys an Azure NetApp File.
 | :-- | :-- |
 | `Microsoft.Authorization/locks` | [2020-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-05-01/locks) |
 | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) |
-| `Microsoft.NetApp/netAppAccounts` | [2023-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.NetApp/netAppAccounts) |
-| `Microsoft.NetApp/netAppAccounts/capacityPools` | [2023-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.NetApp/netAppAccounts/capacityPools) |
-| `Microsoft.NetApp/netAppAccounts/capacityPools/volumes` | [2023-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.NetApp/netAppAccounts/capacityPools/volumes) |
+| `Microsoft.NetApp/netAppAccounts` | [2023-07-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2023-07-01/netAppAccounts) |
+| `Microsoft.NetApp/netAppAccounts/backupPolicies` | [2023-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2023-11-01/netAppAccounts/backupPolicies) |
+| `Microsoft.NetApp/netAppAccounts/backupVaults` | [2023-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2023-05-01-preview/netAppAccounts/backupVaults) |
+| `Microsoft.NetApp/netAppAccounts/backupVaults/backups` | [2023-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2023-05-01-preview/netAppAccounts/backupVaults/backups) |
+| `Microsoft.NetApp/netAppAccounts/capacityPools` | [2023-07-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2023-07-01/netAppAccounts/capacityPools) |
+| `Microsoft.NetApp/netAppAccounts/capacityPools/volumes` | [2023-07-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2023-07-01/netAppAccounts/capacityPools/volumes) |
 
 ## Usage examples
 
@@ -123,6 +126,7 @@ module netAppAccount 'br/public:avm/res/net-app/net-app-account:<version>' = {
               }
             ]
             name: 'nanaamax-vol-001'
+            networkFeatures: 'Standard'
             protocolTypes: [
               'NFSv4.1'
             ]
@@ -135,6 +139,9 @@ module netAppAccount 'br/public:avm/res/net-app/net-app-account:<version>' = {
             ]
             subnetResourceId: '<subnetResourceId>'
             usageThreshold: 107374182400
+            zones: [
+              '1'
+            ]
           }
           {
             exportPolicyRules: [
@@ -148,11 +155,15 @@ module netAppAccount 'br/public:avm/res/net-app/net-app-account:<version>' = {
               }
             ]
             name: 'nanaamax-vol-002'
+            networkFeatures: 'Standard'
             protocolTypes: [
               'NFSv4.1'
             ]
             subnetResourceId: '<subnetResourceId>'
             usageThreshold: 107374182400
+            zones: [
+              '1'
+            ]
           }
         ]
       }
@@ -249,6 +260,7 @@ module netAppAccount 'br/public:avm/res/net-app/net-app-account:<version>' = {
                 }
               ],
               "name": "nanaamax-vol-001",
+              "networkFeatures": "Standard",
               "protocolTypes": [
                 "NFSv4.1"
               ],
@@ -260,7 +272,10 @@ module netAppAccount 'br/public:avm/res/net-app/net-app-account:<version>' = {
                 }
               ],
               "subnetResourceId": "<subnetResourceId>",
-              "usageThreshold": 107374182400
+              "usageThreshold": 107374182400,
+              "zones": [
+                "1"
+              ]
             },
             {
               "exportPolicyRules": [
@@ -274,11 +289,15 @@ module netAppAccount 'br/public:avm/res/net-app/net-app-account:<version>' = {
                 }
               ],
               "name": "nanaamax-vol-002",
+              "networkFeatures": "Standard",
               "protocolTypes": [
                 "NFSv4.1"
               ],
               "subnetResourceId": "<subnetResourceId>",
-              "usageThreshold": 107374182400
+              "usageThreshold": 107374182400,
+              "zones": [
+                "1"
+              ]
             }
           ]
         },
@@ -385,6 +404,7 @@ module netAppAccount 'br/public:avm/res/net-app/net-app-account:<version>' = {
               }
             ]
             name: 'nanaanfs3-vol-001'
+            networkFeatures: 'Standard'
             protocolTypes: [
               'NFSv3'
             ]
@@ -397,14 +417,21 @@ module netAppAccount 'br/public:avm/res/net-app/net-app-account:<version>' = {
             ]
             subnetResourceId: '<subnetResourceId>'
             usageThreshold: 107374182400
+            zones: [
+              '1'
+            ]
           }
           {
             name: 'nanaanfs3-vol-002'
+            networkFeatures: 'Standard'
             protocolTypes: [
               'NFSv3'
             ]
             subnetResourceId: '<subnetResourceId>'
             usageThreshold: 107374182400
+            zones: [
+              '1'
+            ]
           }
         ]
       }
@@ -500,6 +527,7 @@ module netAppAccount 'br/public:avm/res/net-app/net-app-account:<version>' = {
                 }
               ],
               "name": "nanaanfs3-vol-001",
+              "networkFeatures": "Standard",
               "protocolTypes": [
                 "NFSv3"
               ],
@@ -511,15 +539,22 @@ module netAppAccount 'br/public:avm/res/net-app/net-app-account:<version>' = {
                 }
               ],
               "subnetResourceId": "<subnetResourceId>",
-              "usageThreshold": 107374182400
+              "usageThreshold": 107374182400,
+              "zones": [
+                "1"
+              ]
             },
             {
               "name": "nanaanfs3-vol-002",
+              "networkFeatures": "Standard",
               "protocolTypes": [
                 "NFSv3"
               ],
               "subnetResourceId": "<subnetResourceId>",
-              "usageThreshold": 107374182400
+              "usageThreshold": 107374182400,
+              "zones": [
+                "1"
+              ]
             }
           ]
         },
@@ -601,6 +636,9 @@ module netAppAccount 'br/public:avm/res/net-app/net-app-account:<version>' = {
     name: 'nanaawaf001'
     // Non-required parameters
     location: '<location>'
+    tags: {
+      service: 'netapp'
+    }
   }
 }
 ```
@@ -624,6 +662,11 @@ module netAppAccount 'br/public:avm/res/net-app/net-app-account:<version>' = {
     // Non-required parameters
     "location": {
       "value": "<location>"
+    },
+    "tags": {
+      "value": {
+        "service": "netapp"
+      }
     }
   }
 }
@@ -645,6 +688,7 @@ module netAppAccount 'br/public:avm/res/net-app/net-app-account:<version>' = {
 
 | Parameter | Type | Description |
 | :-- | :-- | :-- |
+| [`adName`](#parameter-adname) | string | Name of the active directory host as part of Kerberos Realm used for Kerberos authentication. |
 | [`aesEncryption`](#parameter-aesencryption) | bool | Enable AES encryption on the SMB Server. |
 | [`capacityPools`](#parameter-capacitypools) | array | Capacity pools to create. |
 | [`customerManagedKey`](#parameter-customermanagedkey) | object | The customer managed key definition. |
@@ -654,11 +698,15 @@ module netAppAccount 'br/public:avm/res/net-app/net-app-account:<version>' = {
 | [`domainJoinUser`](#parameter-domainjoinuser) | string | Required if domainName is specified. Username of Active Directory domain administrator, with permissions to create SMB server machine account in the AD domain. |
 | [`domainName`](#parameter-domainname) | string | Fully Qualified Active Directory DNS Domain Name (e.g. 'contoso.com'). |
 | [`enableTelemetry`](#parameter-enabletelemetry) | bool | Enable/Disable usage telemetry for module. |
+| [`encryptDCConnections`](#parameter-encryptdcconnections) | bool | Specifies whether encryption should be used for communication between SMB server and domain controller (DC). SMB3 only. |
+| [`kdcIP`](#parameter-kdcip) | string | Kerberos Key Distribution Center (KDC) as part of Kerberos Realm used for Kerberos authentication. |
+| [`ldapOverTLS`](#parameter-ldapovertls) | bool | Specifies whether to use TLS when NFS (with/without Kerberos) and SMB volumes communicate with an LDAP server. A server root CA certificate must be uploaded if enabled (serverRootCACertificate). |
 | [`ldapSigning`](#parameter-ldapsigning) | bool | Specifies whether or not the LDAP traffic needs to be signed. |
 | [`location`](#parameter-location) | string | Location for all resources. |
 | [`lock`](#parameter-lock) | object | The lock settings of the service. |
 | [`managedIdentities`](#parameter-managedidentities) | object | The managed identity definition for this resource. |
 | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignments to create. |
+| [`serverRootCACertificate`](#parameter-serverrootcacertificate) | string | A server Root certificate is required of ldapOverTLS is enabled. |
 | [`smbServerNamePrefix`](#parameter-smbservernameprefix) | string | Required if domainName is specified. NetBIOS name of the SMB server. A computer account with this prefix will be registered in the AD and used to mount volumes. |
 | [`tags`](#parameter-tags) | object | Tags for all resources. |
 
@@ -669,6 +717,14 @@ The name of the NetApp account.
 - Required: Yes
 - Type: string
 
+### Parameter: `adName`
+
+Name of the active directory host as part of Kerberos Realm used for Kerberos authentication.
+
+- Required: No
+- Type: string
+- Default: `''`
+
 ### Parameter: `aesEncryption`
 
 Enable AES encryption on the SMB Server.
@@ -782,6 +838,30 @@ Enable/Disable usage telemetry for module.
 - Type: bool
 - Default: `True`
 
+### Parameter: `encryptDCConnections`
+
+Specifies whether encryption should be used for communication between SMB server and domain controller (DC). SMB3 only.
+
+- Required: No
+- Type: bool
+- Default: `False`
+
+### Parameter: `kdcIP`
+
+Kerberos Key Distribution Center (KDC) as part of Kerberos Realm used for Kerberos authentication.
+
+- Required: No
+- Type: string
+- Default: `''`
+
+### Parameter: `ldapOverTLS`
+
+Specifies whether to use TLS when NFS (with/without Kerberos) and SMB volumes communicate with an LDAP server. A server root CA certificate must be uploaded if enabled (serverRootCACertificate).
+
+- Required: No
+- Type: bool
+- Default: `False`
+
 ### Parameter: `ldapSigning`
 
 Specifies whether or not the LDAP traffic needs to be signed.
@@ -943,6 +1023,14 @@ The principal type of the assigned principal ID.
   ]
   ```
 
+### Parameter: `serverRootCACertificate`
+
+A server Root certificate is required of ldapOverTLS is enabled.
+
+- Required: No
+- Type: string
+- Default: `''`
+
 ### Parameter: `smbServerNamePrefix`
 
 Required if domainName is specified. NetBIOS name of the SMB server. A computer account with this prefix will be registered in the AD and used to mount volumes.
@@ -967,6 +1055,7 @@ Tags for all resources.
 | `name` | string | The name of the NetApp account. |
 | `resourceGroupName` | string | The name of the Resource Group the NetApp account was created in. |
 | `resourceId` | string | The Resource ID of the NetApp account. |
+| `volumeResourceId` | string | The resource IDs of the volume created in the capacity pool. |
 
 ## Cross-referenced modules
 

diff --git a/avm/res/net-app/net-app-account/capacity-pool/README.md b/avm/res/net-app/net-app-account/capacity-pool/README.md
@@ -15,8 +15,11 @@ This module deploys an Azure NetApp Files Capacity Pool.
 | Resource Type | API Version |
 | :-- | :-- |
 | `Microsoft.Authorization/roleAssignments` | [2022-04-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2022-04-01/roleAssignments) |
-| `Microsoft.NetApp/netAppAccounts/capacityPools` | [2023-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.NetApp/netAppAccounts/capacityPools) |
-| `Microsoft.NetApp/netAppAccounts/capacityPools/volumes` | [2023-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.NetApp/netAppAccounts/capacityPools/volumes) |
+| `Microsoft.NetApp/netAppAccounts/backupPolicies` | [2023-11-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2023-11-01/netAppAccounts/backupPolicies) |
+| `Microsoft.NetApp/netAppAccounts/backupVaults` | [2023-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2023-05-01-preview/netAppAccounts/backupVaults) |
+| `Microsoft.NetApp/netAppAccounts/backupVaults/backups` | [2023-05-01-preview](https://learn.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2023-05-01-preview/netAppAccounts/backupVaults/backups) |
+| `Microsoft.NetApp/netAppAccounts/capacityPools` | [2023-07-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2023-07-01/netAppAccounts/capacityPools) |
+| `Microsoft.NetApp/netAppAccounts/capacityPools/volumes` | [2023-07-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.NetApp/2023-07-01/netAppAccounts/capacityPools/volumes) |
 
 ## Parameters
 
@@ -25,6 +28,7 @@ This module deploys an Azure NetApp Files Capacity Pool.
 | Parameter | Type | Description |
 | :-- | :-- | :-- |
 | [`name`](#parameter-name) | string | The name of the capacity pool. |
+| [`networkFeatures`](#parameter-networkfeatures) | string | Network features available to the volume, or current state of update (Basic/Standard). |
 | [`size`](#parameter-size) | int | Provisioned size of the pool (in bytes). Allowed values are in 4TiB chunks (value must be multiply of 4398046511104). |
 
 **Conditional parameters**
@@ -53,6 +57,14 @@ The name of the capacity pool.
 - Required: Yes
 - Type: string
 
+### Parameter: `networkFeatures`
+
+Network features available to the volume, or current state of update (Basic/Standard).
+
+- Required: No
+- Type: string
+- Default: `'Standard'`
+
 ### Parameter: `size`
 
 Provisioned size of the pool (in bytes). Allowed values are in 4TiB chunks (value must be multiply of 4398046511104).
@@ -243,6 +255,7 @@ List of volumnes to create in the capacity pool.
 | `name` | string | The name of the Capacity Pool. |
 | `resourceGroupName` | string | The name of the Resource Group the Capacity Pool was created in. |
 | `resourceId` | string | The resource ID of the Capacity Pool. |
+| `volumeResourceId` | string | The resource IDs of the volume created in the capacity pool. |
 
 ## Cross-referenced modules