From 761f3608799a8e7946c658cb56a588f61faacf3d Mon Sep 17 00:00:00 2001 From: Alexander Sehr Date: Mon, 27 Nov 2023 10:42:27 +0100 Subject: [PATCH] [Utilities] Ported 2 AVM Updates back to CARML (#4263) * Performance Update 1 * ReadMe Recursion Update * Generated KeyVault ReadMes for review * Regenerated docs --- modules/aad/domain-service/README.md | 230 ++- modules/analysis-services/server/README.md | 203 +- modules/api-management/service/README.md | 266 +-- .../service/api-version-set/README.md | 4 + modules/api-management/service/api/README.md | 68 +- .../service/api/policy/README.md | 18 +- .../service/authorization-server/README.md | 74 +- .../api-management/service/backend/README.md | 36 +- .../api-management/service/cache/README.md | 39 +- .../service/identity-provider/README.md | 50 +- .../service/named-value/README.md | 28 +- .../api-management/service/policy/README.md | 17 +- .../service/portalsetting/README.md | 30 +- .../api-management/service/product/README.md | 23 +- .../service/product/api/README.md | 24 +- .../service/product/group/README.md | 24 +- .../service/subscription/README.md | 31 +- .../configuration-store/README.md | 478 +++-- .../configuration-store/key-value/README.md | 30 +- modules/app/container-app/README.md | 181 +- modules/app/job/README.md | 157 +- modules/app/managed-environment/README.md | 159 +- modules/authorization/lock/README.md | 20 +- .../lock/resource-group/README.md | 18 +- .../authorization/lock/subscription/README.md | 18 +- .../authorization/policy-assignment/README.md | 43 +- .../management-group/README.md | 41 +- .../resource-group/README.md | 42 +- .../policy-assignment/subscription/README.md | 41 +- .../authorization/policy-definition/README.md | 35 +- .../management-group/README.md | 33 +- .../policy-definition/subscription/README.md | 33 +- .../authorization/policy-exemption/README.md | 39 +- .../management-group/README.md | 36 +- .../policy-exemption/resource-group/README.md | 35 +- .../policy-exemption/subscription/README.md | 36 +- .../policy-set-definition/README.md | 35 +- .../management-group/README.md | 33 +- .../subscription/README.md | 33 +- .../authorization/role-assignment/README.md | 36 +- .../management-group/README.md | 34 +- .../role-assignment/resource-group/README.md | 34 +- .../role-assignment/subscription/README.md | 34 +- .../authorization/role-definition/README.md | 24 +- .../management-group/README.md | 20 +- .../role-definition/resource-group/README.md | 22 +- .../role-definition/subscription/README.md | 22 +- .../automation/automation-account/README.md | 482 +++-- .../automation-account/job-schedule/README.md | 39 +- .../automation-account/module/README.md | 31 +- .../automation-account/runbook/README.md | 68 +- .../automation-account/schedule/README.md | 41 +- .../software-update-configuration/README.md | 148 +- .../automation-account/variable/README.md | 30 +- modules/batch/batch-account/README.md | 494 +++-- modules/cache/redis-enterprise/README.md | 411 ++-- .../cache/redis-enterprise/database/README.md | 87 +- modules/cache/redis/README.md | 459 +++-- modules/cdn/profile/README.md | 189 +- modules/cdn/profile/afdEndpoint/README.md | 32 +- .../cdn/profile/afdEndpoint/route/README.md | 53 +- modules/cdn/profile/customdomain/README.md | 58 +- modules/cdn/profile/endpoint/README.md | 40 +- modules/cdn/profile/endpoint/origin/README.md | 94 +- modules/cdn/profile/origingroup/README.md | 36 +- .../cdn/profile/origingroup/origin/README.md | 61 +- modules/cdn/profile/ruleset/README.md | 18 +- modules/cdn/profile/ruleset/rule/README.md | 50 +- modules/cdn/profile/secret/README.md | 54 +- modules/cognitive-services/account/README.md | 557 +++--- modules/compute/availability-set/README.md | 122 +- modules/compute/disk-encryption-set/README.md | 162 +- modules/compute/disk/README.md | 200 +- modules/compute/gallery/README.md | 121 +- modules/compute/gallery/application/README.md | 115 +- modules/compute/gallery/image/README.md | 130 +- modules/compute/image/README.md | 131 +- .../proximity-placement-group/README.md | 122 +- modules/compute/ssh-public-key/README.md | 119 +- .../virtual-machine-scale-set/README.md | 1125 ++++++----- .../extension/README.md | 72 +- modules/compute/virtual-machine/README.md | 1760 +++++++++-------- .../virtual-machine/extension/README.md | 74 +- modules/consumption/budget/README.md | 60 +- .../container-group/README.md | 118 +- modules/container-registry/registry/README.md | 491 +++-- .../registry/cache-rules/README.md | 30 +- .../registry/replication/README.md | 31 +- .../registry/webhook/README.md | 34 +- .../managed-cluster/README.md | 373 ++-- .../managed-cluster/agent-pool/README.md | 61 +- modules/data-factory/factory/README.md | 485 +++-- .../factory/integration-runtime/README.md | 44 +- .../factory/managed-virtual-network/README.md | 16 +- .../managed-private-endpoint/README.md | 33 +- .../data-protection/backup-vault/README.md | 134 +- .../backup-vault/backup-policy/README.md | 4 + modules/databricks/access-connector/README.md | 132 +- modules/databricks/workspace/README.md | 490 +++-- .../db-for-my-sql/flexible-server/README.md | 427 ++-- .../flexible-server/administrator/README.md | 45 +- .../flexible-server/database/README.md | 30 +- .../flexible-server/firewall-rule/README.md | 29 +- .../flexible-server/README.md | 360 ++-- .../flexible-server/administrator/README.md | 47 +- .../flexible-server/configuration/README.md | 28 +- .../flexible-server/database/README.md | 30 +- .../flexible-server/firewall-rule/README.md | 29 +- .../application-group/README.md | 201 +- .../application-group/application/README.md | 47 +- .../host-pool/README.md | 223 ++- .../scaling-plan/README.md | 168 +- .../workspace/README.md | 187 +- modules/dev-test-lab/lab/README.md | 176 +- .../dev-test-lab/lab/artifactsource/README.md | 62 +- modules/dev-test-lab/lab/cost/README.md | 57 +- .../lab/notificationchannel/README.md | 75 +- .../lab/policyset/policy/README.md | 71 +- modules/dev-test-lab/lab/schedule/README.md | 77 +- .../dev-test-lab/lab/virtualnetwork/README.md | 44 +- .../digital-twins-instance/README.md | 448 +++-- .../endpoint--event-grid/README.md | 43 +- .../endpoint--event-hub/README.md | 50 +- .../endpoint--service-bus/README.md | 50 +- .../document-db/database-account/README.md | 473 +++-- .../gremlin-database/README.md | 19 +- .../gremlin-database/graph/README.md | 31 +- .../mongodb-database/README.md | 28 +- .../mongodb-database/collection/README.md | 45 +- .../database-account/sql-database/README.md | 31 +- .../sql-database/container/README.md | 50 +- modules/event-grid/domain/README.md | 435 ++-- modules/event-grid/domain/topic/README.md | 16 +- modules/event-grid/system-topic/README.md | 241 +-- .../system-topic/event-subscription/README.md | 49 +- modules/event-grid/topic/README.md | 433 ++-- .../topic/event-subscription/README.md | 49 +- modules/event-hub/namespace/README.md | 485 +++-- .../namespace/authorization-rule/README.md | 18 +- .../disaster-recovery-config/README.md | 18 +- .../event-hub/namespace/eventhub/README.md | 146 +- .../eventhub/authorization-rule/README.md | 25 +- .../eventhub/consumergroup/README.md | 25 +- .../namespace/network-rule-set/README.md | 19 +- modules/health-bot/health-bot/README.md | 147 +- modules/healthcare-apis/workspace/README.md | 122 +- .../workspace/dicomservice/README.md | 154 +- .../workspace/fhirservice/README.md | 246 ++- .../workspace/iotconnector/README.md | 183 +- .../iotconnector/fhirdestination/README.md | 46 +- modules/insights/action-group/README.md | 119 +- modules/insights/activity-log-alert/README.md | 112 +- modules/insights/component/README.md | 196 +- .../data-collection-endpoint/README.md | 120 +- .../insights/data-collection-rule/README.md | 151 +- modules/insights/diagnostic-setting/README.md | 33 +- modules/insights/metric-alert/README.md | 147 +- modules/insights/private-link-scope/README.md | 349 ++-- .../scoped-resource/README.md | 18 +- .../insights/scheduled-query-rule/README.md | 133 +- modules/insights/webtest/README.md | 166 +- modules/key-vault/vault/README.md | 444 +++-- .../key-vault/vault/access-policy/README.md | 15 +- modules/key-vault/vault/key/README.md | 115 +- modules/key-vault/vault/secret/README.md | 124 +- .../extension/README.md | 78 +- .../flux-configuration/README.md | 82 +- modules/logic/workflow/README.md | 229 ++- .../workspace/README.md | 553 +++--- .../workspace/compute/README.md | 65 +- .../maintenance-configuration/README.md | 124 +- .../user-assigned-identity/README.md | 107 +- .../federated-identity-credential/README.md | 20 +- .../registration-definition/README.md | 35 +- modules/management/management-group/README.md | 17 +- modules/net-app/net-app-account/README.md | 135 +- .../net-app-account/capacity-pool/README.md | 126 +- .../capacity-pool/volume/README.md | 138 +- .../README.md | 19 +- modules/network/application-gateway/README.md | 477 +++-- .../application-security-group/README.md | 118 +- modules/network/azure-firewall/README.md | 257 +-- modules/network/bastion-host/README.md | 206 +- modules/network/connection/README.md | 68 +- .../network/ddos-protection-plan/README.md | 118 +- .../network/dns-forwarding-ruleset/README.md | 121 +- .../forwarding-rule/README.md | 40 +- .../virtual-network-link/README.md | 17 +- modules/network/dns-resolver/README.md | 133 +- modules/network/dns-zone/README.md | 128 +- modules/network/dns-zone/a/README.md | 108 +- modules/network/dns-zone/aaaa/README.md | 108 +- modules/network/dns-zone/caa/README.md | 107 +- modules/network/dns-zone/cname/README.md | 108 +- modules/network/dns-zone/mx/README.md | 97 +- modules/network/dns-zone/ns/README.md | 97 +- modules/network/dns-zone/ptr/README.md | 97 +- modules/network/dns-zone/soa/README.md | 97 +- modules/network/dns-zone/srv/README.md | 97 +- modules/network/dns-zone/txt/README.md | 97 +- .../network/express-route-circuit/README.md | 252 +-- .../network/express-route-gateway/README.md | 135 +- modules/network/firewall-policy/README.md | 46 +- .../rule-collection-group/README.md | 31 +- .../README.md | 122 +- modules/network/front-door/README.md | 253 +-- modules/network/ip-group/README.md | 119 +- modules/network/load-balancer/README.md | 195 +- .../backend-address-pool/README.md | 31 +- .../load-balancer/inbound-nat-rule/README.md | 61 +- .../network/local-network-gateway/README.md | 148 +- modules/network/nat-gateway/README.md | 124 +- modules/network/network-interface/README.md | 196 +- modules/network/network-manager/README.md | 155 +- .../connectivity-configuration/README.md | 47 +- .../network-manager/network-group/README.md | 29 +- .../network-group/static-member/README.md | 27 +- .../scope-connection/README.md | 42 +- .../security-admin-configuration/README.md | 30 +- .../rule-collection/README.md | 43 +- .../rule-collection/rule/README.md | 80 +- .../network/network-security-group/README.md | 186 +- .../security-rule/README.md | 114 +- modules/network/network-watcher/README.md | 108 +- .../connection-monitor/README.md | 21 +- .../network-watcher/flow-log/README.md | 36 +- modules/network/private-dns-zone/README.md | 127 +- modules/network/private-dns-zone/a/README.md | 109 +- .../network/private-dns-zone/aaaa/README.md | 109 +- .../network/private-dns-zone/cname/README.md | 109 +- modules/network/private-dns-zone/mx/README.md | 109 +- .../network/private-dns-zone/ptr/README.md | 109 +- .../network/private-dns-zone/soa/README.md | 109 +- .../network/private-dns-zone/srv/README.md | 109 +- .../network/private-dns-zone/txt/README.md | 109 +- .../virtual-network-link/README.md | 31 +- modules/network/private-endpoint/README.md | 216 +- .../private-dns-zone-group/README.md | 28 +- .../network/private-link-service/README.md | 125 +- modules/network/public-ip-address/README.md | 210 +- modules/network/public-ip-prefix/README.md | 132 +- modules/network/route-table/README.md | 120 +- .../network/service-endpoint-policy/README.md | 121 +- .../network/trafficmanagerprofile/README.md | 219 +- modules/network/virtual-hub/README.md | 67 +- .../virtual-hub/hub-route-table/README.md | 29 +- .../hub-virtual-network-connection/README.md | 42 +- .../network/virtual-network-gateway/README.md | 391 ++-- .../nat-rule/README.md | 32 +- modules/network/virtual-network/README.md | 208 +- .../network/virtual-network/subnet/README.md | 106 +- .../virtual-network-peering/README.md | 33 +- modules/network/virtual-wan/README.md | 122 +- modules/network/vpn-gateway/README.md | 58 +- .../network/vpn-gateway/nat-rule/README.md | 32 +- .../vpn-gateway/vpn-connection/README.md | 41 +- modules/network/vpn-site/README.md | 138 +- .../operational-insights/workspace/README.md | 242 ++- .../workspace/data-export/README.md | 30 +- .../workspace/data-source/README.md | 80 +- .../workspace/linked-service/README.md | 32 +- .../linked-storage-account/README.md | 30 +- .../workspace/saved-search/README.md | 47 +- .../storage-insight-config/README.md | 31 +- .../workspace/table/README.md | 33 +- .../operations-management/solution/README.md | 30 +- modules/policy-insights/remediation/README.md | 37 +- .../remediation/management-group/README.md | 34 +- .../remediation/resource-group/README.md | 34 +- .../remediation/subscription/README.md | 34 +- modules/power-bi-dedicated/capacity/README.md | 147 +- modules/purview/account/README.md | 217 +- modules/recovery-services/vault/README.md | 454 +++-- .../vault/backup-config/README.md | 22 +- .../protection-container/README.md | 33 +- .../protected-item/README.md | 42 +- .../vault/backup-policy/README.md | 18 +- .../vault/backup-storage-config/README.md | 17 +- .../vault/replication-alert-setting/README.md | 18 +- .../vault/replication-fabric/README.md | 31 +- .../README.md | 31 +- .../README.md | 46 +- .../vault/replication-policy/README.md | 31 +- modules/relay/namespace/README.md | 435 ++-- .../namespace/authorization-rule/README.md | 18 +- .../namespace/hybrid-connection/README.md | 144 +- .../authorization-rule/README.md | 25 +- .../namespace/network-rule-set/README.md | 17 +- modules/relay/namespace/wcf-relay/README.md | 160 +- .../wcf-relay/authorization-rule/README.md | 31 +- modules/resource-graph/query/README.md | 132 +- modules/resources/deployment-script/README.md | 78 +- modules/resources/resource-group/README.md | 119 +- modules/resources/tags/README.md | 6 + .../resources/tags/resource-group/README.md | 3 + modules/resources/tags/subscription/README.md | 4 + modules/search/search-service/README.md | 450 +++-- .../shared-private-link-resource/README.md | 33 +- .../security/azure-security-center/README.md | 45 +- modules/service-bus/namespace/README.md | 486 +++-- .../namespace/authorization-rule/README.md | 18 +- .../disaster-recovery-config/README.md | 17 +- .../migration-configuration/README.md | 28 +- .../namespace/network-rule-set/README.md | 19 +- modules/service-bus/namespace/queue/README.md | 146 +- .../queue/authorization-rule/README.md | 19 +- modules/service-bus/namespace/topic/README.md | 141 +- .../topic/authorization-rule/README.md | 31 +- modules/service-fabric/cluster/README.md | 202 +- .../cluster/application-type/README.md | 16 +- modules/signal-r-service/signal-r/README.md | 361 ++-- .../signal-r-service/web-pub-sub/README.md | 370 ++-- modules/sql/managed-instance/README.md | 269 +-- .../managed-instance/administrator/README.md | 27 +- .../sql/managed-instance/database/README.md | 212 +- .../README.md | 32 +- .../README.md | 27 +- .../encryption-protector/README.md | 29 +- modules/sql/managed-instance/key/README.md | 23 +- .../security-alert-policy/README.md | 29 +- .../vulnerability-assessment/README.md | 45 +- modules/sql/server/README.md | 391 ++-- modules/sql/server/database/README.md | 137 +- .../README.md | 19 +- .../README.md | 17 +- modules/sql/server/elastic-pool/README.md | 40 +- .../sql/server/encryption-protector/README.md | 29 +- modules/sql/server/firewall-rule/README.md | 29 +- modules/sql/server/key/README.md | 29 +- .../server/security-alert-policy/README.md | 34 +- .../sql/server/virtual-network-rule/README.md | 37 +- .../server/vulnerability-assessment/README.md | 45 +- modules/storage/storage-account/README.md | 490 +++-- .../storage-account/blob-service/README.md | 112 +- .../blob-service/container/README.md | 115 +- .../container/immutability-policy/README.md | 30 +- .../storage-account/file-service/README.md | 100 +- .../file-service/share/README.md | 123 +- .../storage-account/local-user/README.md | 63 +- .../management-policy/README.md | 17 +- .../storage-account/queue-service/README.md | 97 +- .../queue-service/queue/README.md | 109 +- .../storage-account/table-service/README.md | 97 +- .../table-service/table/README.md | 17 +- modules/synapse/private-link-hub/README.md | 348 ++-- modules/synapse/workspace/README.md | 504 +++-- .../workspace/integration-runtime/README.md | 19 +- modules/synapse/workspace/key/README.md | 34 +- .../image-template/README.md | 180 +- modules/web/connection/README.md | 137 +- modules/web/hosting-environment/README.md | 255 ++- .../configuration--customdnssuffix/README.md | 23 +- .../configuration--networking/README.md | 18 +- modules/web/serverfarm/README.md | 209 +- modules/web/site/README.md | 521 +++-- .../README.md | 43 +- .../web/site/config--appsettings/README.md | 47 +- .../web/site/config--authsettingsv2/README.md | 30 +- .../relay/README.md | 17 +- modules/web/site/slot/README.md | 516 +++-- .../README.md | 54 +- .../site/slot/config--appsettings/README.md | 60 +- .../slot/config--authsettingsv2/README.md | 31 +- .../relay/README.md | 30 +- modules/web/static-site/README.md | 376 ++-- modules/web/static-site/config/README.md | 33 +- .../web/static-site/custom-domain/README.md | 29 +- .../web/static-site/linked-backend/README.md | 18 +- .../sharedScripts/Set-ModuleReadMe.ps1 | 357 ++-- utilities/tools/Test-ModuleLocally.ps1 | 2 +- 370 files changed, 26756 insertions(+), 17983 deletions(-) diff --git a/modules/aad/domain-service/README.md b/modules/aad/domain-service/README.md index a62f0857f9..fa2a33f667 100644 --- a/modules/aad/domain-service/README.md +++ b/modules/aad/domain-service/README.md @@ -330,9 +330,33 @@ module domainService 'br:bicep/modules/aad.domain-service:1.0.0' = { | [`tags`](#parameter-tags) | object | Tags of the resource. | | [`tlsV1`](#parameter-tlsv1) | string | The value is to enable clients making request using TLSv1. | +### Parameter: `domainName` + +The domain name specific to the Azure ADDS service. + +- Required: Yes +- Type: string + +### Parameter: `pfxCertificate` + +The certificate required to configure Secure LDAP. Should be a base64encoded representation of the certificate PFX file. Required if secure LDAP is enabled and must be valid more than 30 days. + +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `pfxCertificatePassword` + +The password to decrypt the provided Secure LDAP certificate PFX file. Required if secure LDAP is enabled. + +- Required: No +- Type: securestring +- Default: `''` + ### Parameter: `additionalRecipients` The email recipient value to receive alerts. + - Required: No - Type: array - Default: `[]` @@ -340,94 +364,82 @@ The email recipient value to receive alerts. ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -435,6 +447,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `domainConfigurationType` The value is to provide domain configuration type. + - Required: No - Type: string - Default: `'FullySynced'` @@ -446,15 +459,10 @@ The value is to provide domain configuration type. ] ``` -### Parameter: `domainName` - -The domain name specific to the Azure ADDS service. -- Required: Yes -- Type: string - ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -462,6 +470,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `externalAccess` The value is to enable the Secure LDAP for external services of Azure ADDS Services. + - Required: No - Type: string - Default: `'Enabled'` @@ -476,6 +485,7 @@ The value is to enable the Secure LDAP for external services of Azure ADDS Servi ### Parameter: `filteredSync` The value is to synchronize scoped users and groups. + - Required: No - Type: string - Default: `'Enabled'` @@ -483,6 +493,7 @@ The value is to synchronize scoped users and groups. ### Parameter: `kerberosArmoring` The value is to enable to provide a protected channel between the Kerberos client and the KDC. + - Required: No - Type: string - Default: `'Enabled'` @@ -497,6 +508,7 @@ The value is to enable to provide a protected channel between the Kerberos clien ### Parameter: `kerberosRc4Encryption` The value is to enable Kerberos requests that use RC4 encryption. + - Required: No - Type: string - Default: `'Enabled'` @@ -511,6 +523,7 @@ The value is to enable Kerberos requests that use RC4 encryption. ### Parameter: `ldaps` A flag to determine whether or not Secure LDAP is enabled or disabled. + - Required: No - Type: string - Default: `'Enabled'` @@ -525,6 +538,7 @@ A flag to determine whether or not Secure LDAP is enabled or disabled. ### Parameter: `location` The location to deploy the Azure ADDS Services. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -532,26 +546,35 @@ The location to deploy the Azure ADDS Services. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -559,6 +582,7 @@ Optional. Specify the name of lock. ### Parameter: `name` The name of the AADDS resource. Defaults to the domain name specific to the Azure ADDS service. + - Required: No - Type: string - Default: `[parameters('domainName')]` @@ -566,6 +590,7 @@ The name of the AADDS resource. Defaults to the domain name specific to the Azur ### Parameter: `notifyDcAdmins` The value is to notify the DC Admins. + - Required: No - Type: string - Default: `'Enabled'` @@ -580,6 +605,7 @@ The value is to notify the DC Admins. ### Parameter: `notifyGlobalAdmins` The value is to notify the Global Admins. + - Required: No - Type: string - Default: `'Enabled'` @@ -594,6 +620,7 @@ The value is to notify the Global Admins. ### Parameter: `ntlmV1` The value is to enable clients making request using NTLM v1. + - Required: No - Type: string - Default: `'Enabled'` @@ -605,23 +632,10 @@ The value is to enable clients making request using NTLM v1. ] ``` -### Parameter: `pfxCertificate` - -The certificate required to configure Secure LDAP. Should be a base64encoded representation of the certificate PFX file. Required if secure LDAP is enabled and must be valid more than 30 days. -- Required: No -- Type: securestring -- Default: `''` - -### Parameter: `pfxCertificatePassword` - -The password to decrypt the provided Secure LDAP certificate PFX file. Required if secure LDAP is enabled. -- Required: No -- Type: securestring -- Default: `''` - ### Parameter: `replicaSets` Additional replica set for the managed domain. + - Required: No - Type: array - Default: `[]` @@ -629,74 +643,96 @@ Additional replica set for the managed domain. ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `sku` The name of the SKU specific to Azure ADDS Services. + - Required: No - Type: string - Default: `'Standard'` @@ -712,6 +748,7 @@ The name of the SKU specific to Azure ADDS Services. ### Parameter: `syncNtlmPasswords` The value is to enable synchronized users to use NTLM authentication. + - Required: No - Type: string - Default: `'Enabled'` @@ -726,6 +763,7 @@ The value is to enable synchronized users to use NTLM authentication. ### Parameter: `syncOnPremPasswords` The value is to enable on-premises users to authenticate against managed domain. + - Required: No - Type: string - Default: `'Enabled'` @@ -740,12 +778,14 @@ The value is to enable on-premises users to authenticate against managed domain. ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object ### Parameter: `tlsV1` The value is to enable clients making request using TLSv1. + - Required: No - Type: string - Default: `'Enabled'` diff --git a/modules/analysis-services/server/README.md b/modules/analysis-services/server/README.md index 88a08b2384..e98e2db197 100644 --- a/modules/analysis-services/server/README.md +++ b/modules/analysis-services/server/README.md @@ -430,117 +430,100 @@ module server 'br:bicep/modules/analysis-services.server:1.0.0' = { | [`skuName`](#parameter-skuname) | string | The SKU name of the Azure Analysis Services server to create. | | [`tags`](#parameter-tags) | object | Tags of the resource. | +### Parameter: `name` + +The name of the Azure Analysis Services server to create. + +- Required: Yes +- Type: string + ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.metricCategories` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | - -### Parameter: `diagnosticSettings.metricCategories.category` - -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. - -- Required: Yes -- Type: string - - ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -548,6 +531,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -555,6 +539,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `firewallSettings` The inbound firewall rules to define on the server. If not specified, firewall is disabled. + - Required: No - Type: object - Default: @@ -574,6 +559,7 @@ The inbound firewall rules to define on the server. If not specified, firewall i ### Parameter: `location` Location for all Resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -581,107 +567,132 @@ Location for all Resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string -### Parameter: `name` - -The name of the Azure Analysis Services server to create. -- Required: Yes -- Type: string - ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `skuCapacity` The total number of query replica scale-out instances. + - Required: No - Type: int - Default: `1` @@ -689,6 +700,7 @@ The total number of query replica scale-out instances. ### Parameter: `skuName` The SKU name of the Azure Analysis Services server to create. + - Required: No - Type: string - Default: `'S0'` @@ -696,6 +708,7 @@ The SKU name of the Azure Analysis Services server to create. ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object diff --git a/modules/api-management/service/README.md b/modules/api-management/service/README.md index fd30fb48ed..5e4a021247 100644 --- a/modules/api-management/service/README.md +++ b/modules/api-management/service/README.md @@ -895,9 +895,31 @@ module service 'br:bicep/modules/api-management.service:1.0.0' = { | [`virtualNetworkType`](#parameter-virtualnetworktype) | string | The type of VPN in which API Management service needs to be configured in. None (Default Value) means the API Management service is not part of any Virtual Network, External means the API Management deployment is set up inside a Virtual Network having an internet Facing Endpoint, and Internal means that API Management deployment is setup inside a Virtual Network having an Intranet Facing Endpoint only. | | [`zones`](#parameter-zones) | array | A list of availability zones denoting where the resource needs to come from. | +### Parameter: `name` + +The name of the API Management service. + +- Required: Yes +- Type: string + +### Parameter: `publisherEmail` + +The email address of the owner of the service. + +- Required: Yes +- Type: string + +### Parameter: `publisherName` + +The name of the owner of the service. + +- Required: Yes +- Type: string + ### Parameter: `additionalLocations` Additional datacenter locations of the API Management service. + - Required: No - Type: array - Default: `[]` @@ -905,6 +927,7 @@ Additional datacenter locations of the API Management service. ### Parameter: `apis` APIs. + - Required: No - Type: array - Default: `[]` @@ -912,6 +935,7 @@ APIs. ### Parameter: `apiVersionSets` API Version Sets. + - Required: No - Type: array - Default: `[]` @@ -919,6 +943,7 @@ API Version Sets. ### Parameter: `authorizationServers` Authorization servers. + - Required: No - Type: secureObject - Default: `{}` @@ -926,6 +951,7 @@ Authorization servers. ### Parameter: `backends` Backends. + - Required: No - Type: array - Default: `[]` @@ -933,6 +959,7 @@ Backends. ### Parameter: `caches` Caches. + - Required: No - Type: array - Default: `[]` @@ -940,6 +967,7 @@ Caches. ### Parameter: `certificates` List of Certificates that need to be installed in the API Management service. Max supported certificates that can be installed is 10. + - Required: No - Type: array - Default: `[]` @@ -947,6 +975,7 @@ List of Certificates that need to be installed in the API Management service. Ma ### Parameter: `customProperties` Custom properties of the API Management service. + - Required: No - Type: object - Default: `{}` @@ -954,114 +983,90 @@ Custom properties of the API Management service. ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.metricCategories` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | - -### Parameter: `diagnosticSettings.metricCategories.category` - -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. - -- Required: Yes -- Type: string - - ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -1069,6 +1074,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `disableGateway` Property only valid for an API Management service deployed in multiple locations. This can be used to disable the gateway in master region. + - Required: No - Type: bool - Default: `False` @@ -1076,6 +1082,7 @@ Property only valid for an API Management service deployed in multiple locations ### Parameter: `enableClientCertificate` Property only meant to be used for Consumption SKU Service. This enforces a client certificate to be presented on each request to the gateway. This also enables the ability to authenticate the certificate in the policy on the gateway. + - Required: No - Type: bool - Default: `False` @@ -1083,6 +1090,7 @@ Property only meant to be used for Consumption SKU Service. This enforces a clie ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -1090,6 +1098,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `hostnameConfigurations` Custom hostname configuration of the API Management service. + - Required: No - Type: array - Default: `[]` @@ -1097,6 +1106,7 @@ Custom hostname configuration of the API Management service. ### Parameter: `identityProviders` Identity providers. + - Required: No - Type: array - Default: `[]` @@ -1104,6 +1114,7 @@ Identity providers. ### Parameter: `location` Location for all Resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -1111,26 +1122,35 @@ Location for all Resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -1138,25 +1158,27 @@ Optional. Specify the name of lock. ### Parameter: `managedIdentities` The managed identity definition for this resource. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | No | bool | Optional. Enables system assigned managed identity on the resource. | -| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | No | array | Optional. The resource ID(s) to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | bool | Enables system assigned managed identity on the resource. | +| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. | ### Parameter: `managedIdentities.systemAssigned` -Optional. Enables system assigned managed identity on the resource. +Enables system assigned managed identity on the resource. - Required: No - Type: bool ### Parameter: `managedIdentities.userAssignedResourceIds` -Optional. The resource ID(s) to assign to the resource. +The resource ID(s) to assign to the resource. - Required: No - Type: array @@ -1164,19 +1186,15 @@ Optional. The resource ID(s) to assign to the resource. ### Parameter: `minApiVersion` Limit control plane API calls to API Management service with version equal to or newer than this value. + - Required: No - Type: string - Default: `''` -### Parameter: `name` - -The name of the API Management service. -- Required: Yes -- Type: string - ### Parameter: `namedValues` Named values. + - Required: No - Type: array - Default: `[]` @@ -1184,6 +1202,7 @@ Named values. ### Parameter: `newGuidValue` Necessary to create a new GUID. + - Required: No - Type: string - Default: `[newGuid()]` @@ -1191,6 +1210,7 @@ Necessary to create a new GUID. ### Parameter: `notificationSenderEmail` The notification sender email address for the service. + - Required: No - Type: string - Default: `'apimgmt-noreply@mail.windowsazure.com'` @@ -1198,6 +1218,7 @@ The notification sender email address for the service. ### Parameter: `policies` Policies. + - Required: No - Type: array - Default: `[]` @@ -1205,6 +1226,7 @@ Policies. ### Parameter: `portalsettings` Portal settings. + - Required: No - Type: array - Default: `[]` @@ -1212,25 +1234,15 @@ Portal settings. ### Parameter: `products` Products. + - Required: No - Type: array - Default: `[]` -### Parameter: `publisherEmail` - -The email address of the owner of the service. -- Required: Yes -- Type: string - -### Parameter: `publisherName` - -The name of the owner of the service. -- Required: Yes -- Type: string - ### Parameter: `restore` Undelete API Management Service if it was previously soft-deleted. If this flag is specified and set to True all other properties will be ignored. + - Required: No - Type: bool - Default: `False` @@ -1238,74 +1250,96 @@ Undelete API Management Service if it was previously soft-deleted. If this flag ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `sku` The pricing tier of this API Management service. + - Required: No - Type: string - Default: `'Developer'` @@ -1323,6 +1357,7 @@ The pricing tier of this API Management service. ### Parameter: `skuCount` The instance size of this API Management service. + - Required: No - Type: int - Default: `1` @@ -1337,6 +1372,7 @@ The instance size of this API Management service. ### Parameter: `subnetResourceId` The full resource ID of a subnet in a virtual network to deploy the API Management service in. + - Required: No - Type: string - Default: `''` @@ -1344,6 +1380,7 @@ The full resource ID of a subnet in a virtual network to deploy the API Manageme ### Parameter: `subscriptions` Subscriptions. + - Required: No - Type: array - Default: `[]` @@ -1351,12 +1388,14 @@ Subscriptions. ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object ### Parameter: `virtualNetworkType` The type of VPN in which API Management service needs to be configured in. None (Default Value) means the API Management service is not part of any Virtual Network, External means the API Management deployment is set up inside a Virtual Network having an internet Facing Endpoint, and Internal means that API Management deployment is setup inside a Virtual Network having an Intranet Facing Endpoint only. + - Required: No - Type: string - Default: `'None'` @@ -1372,6 +1411,7 @@ The type of VPN in which API Management service needs to be configured in. None ### Parameter: `zones` A list of availability zones denoting where the resource needs to come from. + - Required: No - Type: array - Default: `[]` diff --git a/modules/api-management/service/api-version-set/README.md b/modules/api-management/service/api-version-set/README.md index 15300dd5bf..59367616e1 100644 --- a/modules/api-management/service/api-version-set/README.md +++ b/modules/api-management/service/api-version-set/README.md @@ -34,12 +34,14 @@ This module deploys an API Management Service API Version Set. ### Parameter: `apiManagementServiceName` The name of the parent API Management service. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -47,6 +49,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `name` API Version set name. + - Required: No - Type: string - Default: `'default'` @@ -54,6 +57,7 @@ API Version set name. ### Parameter: `properties` API Version set properties. + - Required: No - Type: object - Default: `{}` diff --git a/modules/api-management/service/api/README.md b/modules/api-management/service/api/README.md index a746976978..8f7687330e 100644 --- a/modules/api-management/service/api/README.md +++ b/modules/api-management/service/api/README.md @@ -57,22 +57,46 @@ This module deploys an API Management Service API. | [`value`](#parameter-value) | string | Content value when Importing an API. | | [`wsdlSelector`](#parameter-wsdlselector) | object | Criteria to limit import of WSDL to a subset of the document. | -### Parameter: `apiDescription` +### Parameter: `displayName` -Description of the API. May include HTML formatting tags. -- Required: No +API name. Must be 1 to 300 characters long. + +- Required: Yes +- Type: string + +### Parameter: `name` + +API revision identifier. Must be unique in the current API Management service instance. Non-current revision has ;rev=n as a suffix where n is the revision number. + +- Required: Yes +- Type: string + +### Parameter: `path` + +Relative URL uniquely identifying this API and all of its resource paths within the API Management service instance. It is appended to the API endpoint base URL specified during the service instance creation to form a public URL for this API. + +- Required: Yes - Type: string -- Default: `''` ### Parameter: `apiManagementServiceName` The name of the parent API Management service. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string +### Parameter: `apiDescription` + +Description of the API. May include HTML formatting tags. + +- Required: No +- Type: string +- Default: `''` + ### Parameter: `apiRevision` Describes the Revision of the API. If no value is provided, default revision 1 is created. + - Required: No - Type: string - Default: `''` @@ -80,6 +104,7 @@ Describes the Revision of the API. If no value is provided, default revision 1 i ### Parameter: `apiRevisionDescription` Description of the API Revision. + - Required: No - Type: string - Default: `''` @@ -87,6 +112,7 @@ Description of the API Revision. ### Parameter: `apiType` Type of API to create. * http creates a REST API * soap creates a SOAP pass-through API * websocket creates websocket API * graphql creates GraphQL API. + - Required: No - Type: string - Default: `'http'` @@ -103,6 +129,7 @@ Type of API to create. * http creates a REST API * soap creates a SOAP pass-thro ### Parameter: `apiVersion` Indicates the Version identifier of the API if the API is versioned. + - Required: No - Type: string - Default: `''` @@ -110,6 +137,7 @@ Indicates the Version identifier of the API if the API is versioned. ### Parameter: `apiVersionDescription` Description of the API Version. + - Required: No - Type: string - Default: `''` @@ -117,6 +145,7 @@ Description of the API Version. ### Parameter: `apiVersionSetId` Indicates the Version identifier of the API version set. + - Required: No - Type: string - Default: `''` @@ -124,19 +153,15 @@ Indicates the Version identifier of the API version set. ### Parameter: `authenticationSettings` Collection of authentication settings included into this API. + - Required: No - Type: object - Default: `{}` -### Parameter: `displayName` - -API name. Must be 1 to 300 characters long. -- Required: Yes -- Type: string - ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -144,6 +169,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `format` Format of the Content in which the API is getting imported. + - Required: No - Type: string - Default: `'openapi'` @@ -166,25 +192,15 @@ Format of the Content in which the API is getting imported. ### Parameter: `isCurrent` Indicates if API revision is current API revision. + - Required: No - Type: bool - Default: `True` -### Parameter: `name` - -API revision identifier. Must be unique in the current API Management service instance. Non-current revision has ;rev=n as a suffix where n is the revision number. -- Required: Yes -- Type: string - -### Parameter: `path` - -Relative URL uniquely identifying this API and all of its resource paths within the API Management service instance. It is appended to the API endpoint base URL specified during the service instance creation to form a public URL for this API. -- Required: Yes -- Type: string - ### Parameter: `policies` Array of Policies to apply to the Service API. + - Required: No - Type: array - Default: `[]` @@ -192,6 +208,7 @@ Array of Policies to apply to the Service API. ### Parameter: `protocols` Describes on which protocols the operations in this API can be invoked. - HTTP or HTTPS. + - Required: No - Type: array - Default: @@ -204,6 +221,7 @@ Describes on which protocols the operations in this API can be invoked. - HTTP o ### Parameter: `serviceUrl` Absolute URL of the backend service implementing this API. Cannot be more than 2000 characters long. + - Required: No - Type: string - Default: `''` @@ -211,6 +229,7 @@ Absolute URL of the backend service implementing this API. Cannot be more than 2 ### Parameter: `sourceApiId` API identifier of the source API. + - Required: No - Type: string - Default: `''` @@ -218,6 +237,7 @@ API identifier of the source API. ### Parameter: `subscriptionKeyParameterNames` Protocols over which API is made available. + - Required: No - Type: object - Default: `{}` @@ -225,6 +245,7 @@ Protocols over which API is made available. ### Parameter: `subscriptionRequired` Specifies whether an API or Product subscription is required for accessing the API. + - Required: No - Type: bool - Default: `False` @@ -232,6 +253,7 @@ Specifies whether an API or Product subscription is required for accessing the A ### Parameter: `type` Type of API. + - Required: No - Type: string - Default: `'http'` @@ -248,6 +270,7 @@ Type of API. ### Parameter: `value` Content value when Importing an API. + - Required: No - Type: string - Default: `''` @@ -255,6 +278,7 @@ Content value when Importing an API. ### Parameter: `wsdlSelector` Criteria to limit import of WSDL to a subset of the document. + - Required: No - Type: object - Default: `{}` diff --git a/modules/api-management/service/api/policy/README.md b/modules/api-management/service/api/policy/README.md index da2b69af2c..aa6e2a665e 100644 --- a/modules/api-management/service/api/policy/README.md +++ b/modules/api-management/service/api/policy/README.md @@ -38,21 +38,31 @@ This module deploys an API Management Service API Policy. | [`format`](#parameter-format) | string | Format of the policyContent. | | [`name`](#parameter-name) | string | The name of the policy. | +### Parameter: `value` + +Contents of the Policy as defined by the format. + +- Required: Yes +- Type: string + ### Parameter: `apiManagementServiceName` The name of the parent API Management service. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string ### Parameter: `apiName` The name of the parent API. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -60,6 +70,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `format` Format of the policyContent. + - Required: No - Type: string - Default: `'xml'` @@ -76,16 +87,11 @@ Format of the policyContent. ### Parameter: `name` The name of the policy. + - Required: No - Type: string - Default: `'policy'` -### Parameter: `value` - -Contents of the Policy as defined by the format. -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/api-management/service/authorization-server/README.md b/modules/api-management/service/authorization-server/README.md index 9f9569411e..9c72d842e4 100644 --- a/modules/api-management/service/authorization-server/README.md +++ b/modules/api-management/service/authorization-server/README.md @@ -50,21 +50,52 @@ This module deploys an API Management Service Authorization Server. | [`tokenBodyParameters`](#parameter-tokenbodyparameters) | array | Additional parameters required by the token endpoint of this authorization server represented as an array of JSON objects with name and value string properties, i.e. {"name" : "name value", "value": "a value"}. - TokenBodyParameterContract object. | | [`tokenEndpoint`](#parameter-tokenendpoint) | string | OAuth token endpoint. Contains absolute URI to entity being referenced. | -### Parameter: `apiManagementServiceName` +### Parameter: `authorizationEndpoint` + +OAuth authorization endpoint. See . -The name of the parent API Management service. Required if the template is used in a standalone deployment. - Required: Yes - Type: string -### Parameter: `authorizationEndpoint` +### Parameter: `clientId` + +Client or app ID registered with this authorization server. + +- Required: Yes +- Type: securestring + +### Parameter: `clientSecret` + +Client or app secret registered with this authorization server. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value. + +- Required: Yes +- Type: securestring + +### Parameter: `grantTypes` + +Form of an authorization grant, which the client uses to request the access token. - authorizationCode, implicit, resourceOwnerPassword, clientCredentials. + +- Required: Yes +- Type: array + +### Parameter: `name` + +Identifier of the authorization server. + +- Required: Yes +- Type: string + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. -OAuth authorization endpoint. See . - Required: Yes - Type: string ### Parameter: `authorizationMethods` HTTP verbs supported by the authorization endpoint. GET must be always present. POST is optional. - HEAD, OPTIONS, TRACE, GET, POST, PUT, PATCH, DELETE. + - Required: No - Type: array - Default: @@ -77,6 +108,7 @@ HTTP verbs supported by the authorization endpoint. GET must be always present. ### Parameter: `bearerTokenSendingMethods` Specifies the mechanism by which access token is passed to the API. - authorizationHeader or query. + - Required: No - Type: array - Default: @@ -89,6 +121,7 @@ Specifies the mechanism by which access token is passed to the API. - authorizat ### Parameter: `clientAuthenticationMethod` Method of authentication supported by the token endpoint of this authorization server. Possible values are Basic and/or Body. When Body is specified, client credentials and other parameters are passed within the request body in the application/x-www-form-urlencoded format. - Basic or Body. + - Required: No - Type: array - Default: @@ -98,28 +131,18 @@ Method of authentication supported by the token endpoint of this authorization s ] ``` -### Parameter: `clientId` - -Client or app ID registered with this authorization server. -- Required: Yes -- Type: securestring - ### Parameter: `clientRegistrationEndpoint` Optional reference to a page where client or app registration for this authorization server is performed. Contains absolute URL to entity being referenced. + - Required: No - Type: string - Default: `''` -### Parameter: `clientSecret` - -Client or app secret registered with this authorization server. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value. -- Required: Yes -- Type: securestring - ### Parameter: `defaultScope` Access token scope that is going to be requested by default. Can be overridden at the API level. Should be provided in the form of a string containing space-delimited values. + - Required: No - Type: string - Default: `''` @@ -127,25 +150,15 @@ Access token scope that is going to be requested by default. Can be overridden a ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` -### Parameter: `grantTypes` - -Form of an authorization grant, which the client uses to request the access token. - authorizationCode, implicit, resourceOwnerPassword, clientCredentials. -- Required: Yes -- Type: array - -### Parameter: `name` - -Identifier of the authorization server. -- Required: Yes -- Type: string - ### Parameter: `resourceOwnerPassword` Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner password. + - Required: No - Type: string - Default: `''` @@ -153,6 +166,7 @@ Can be optionally specified when resource owner password grant type is supported ### Parameter: `resourceOwnerUsername` Can be optionally specified when resource owner password grant type is supported by this authorization server. Default resource owner username. + - Required: No - Type: string - Default: `''` @@ -160,6 +174,7 @@ Can be optionally specified when resource owner password grant type is supported ### Parameter: `serverDescription` Description of the authorization server. Can contain HTML formatting tags. + - Required: No - Type: string - Default: `''` @@ -167,6 +182,7 @@ Description of the authorization server. Can contain HTML formatting tags. ### Parameter: `supportState` If true, authorization server will include state parameter from the authorization request to its response. Client may use state parameter to raise protocol security. + - Required: No - Type: bool - Default: `False` @@ -174,6 +190,7 @@ If true, authorization server will include state parameter from the authorizatio ### Parameter: `tokenBodyParameters` Additional parameters required by the token endpoint of this authorization server represented as an array of JSON objects with name and value string properties, i.e. {"name" : "name value", "value": "a value"}. - TokenBodyParameterContract object. + - Required: No - Type: array - Default: `[]` @@ -181,6 +198,7 @@ Additional parameters required by the token endpoint of this authorization serve ### Parameter: `tokenEndpoint` OAuth token endpoint. Contains absolute URI to entity being referenced. + - Required: No - Type: string - Default: `''` diff --git a/modules/api-management/service/backend/README.md b/modules/api-management/service/backend/README.md index 4307963bdb..fd4dd42342 100644 --- a/modules/api-management/service/backend/README.md +++ b/modules/api-management/service/backend/README.md @@ -45,15 +45,31 @@ This module deploys an API Management Service Backend. | [`title`](#parameter-title) | string | Backend Title. | | [`tls`](#parameter-tls) | object | Backend TLS Properties. | +### Parameter: `name` + +Backend Name. + +- Required: Yes +- Type: string + +### Parameter: `url` + +Runtime URL of the Backend. + +- Required: Yes +- Type: string + ### Parameter: `apiManagementServiceName` The name of the parent API Management service. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string ### Parameter: `credentials` Backend Credentials Contract Properties. + - Required: No - Type: object - Default: `{}` @@ -61,6 +77,7 @@ Backend Credentials Contract Properties. ### Parameter: `description` Backend Description. + - Required: No - Type: string - Default: `''` @@ -68,19 +85,15 @@ Backend Description. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` -### Parameter: `name` - -Backend Name. -- Required: Yes -- Type: string - ### Parameter: `protocol` Backend communication protocol. - http or soap. + - Required: No - Type: string - Default: `'http'` @@ -88,6 +101,7 @@ Backend communication protocol. - http or soap. ### Parameter: `proxy` Backend Proxy Contract Properties. + - Required: No - Type: object - Default: `{}` @@ -95,6 +109,7 @@ Backend Proxy Contract Properties. ### Parameter: `resourceId` Management Uri of the Resource in External System. This URL can be the Arm Resource ID of Logic Apps, Function Apps or API Apps. + - Required: No - Type: string - Default: `''` @@ -102,6 +117,7 @@ Management Uri of the Resource in External System. This URL can be the Arm Resou ### Parameter: `serviceFabricCluster` Backend Service Fabric Cluster Properties. + - Required: No - Type: object - Default: `{}` @@ -109,6 +125,7 @@ Backend Service Fabric Cluster Properties. ### Parameter: `title` Backend Title. + - Required: No - Type: string - Default: `''` @@ -116,6 +133,7 @@ Backend Title. ### Parameter: `tls` Backend TLS Properties. + - Required: No - Type: object - Default: @@ -126,12 +144,6 @@ Backend TLS Properties. } ``` -### Parameter: `url` - -Runtime URL of the Backend. -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/api-management/service/cache/README.md b/modules/api-management/service/cache/README.md index 3bc84b82c2..31c4f02a3c 100644 --- a/modules/api-management/service/cache/README.md +++ b/modules/api-management/service/cache/README.md @@ -39,21 +39,38 @@ This module deploys an API Management Service Cache. | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`resourceId`](#parameter-resourceid) | string | Original uri of entity in external system cache points to. | -### Parameter: `apiManagementServiceName` +### Parameter: `connectionString` + +Runtime connection string to cache. Can be referenced by a named value like so, {{}}. -The name of the parent API Management service. Required if the template is used in a standalone deployment. - Required: Yes - Type: string -### Parameter: `connectionString` +### Parameter: `name` + +Identifier of the Cache entity. Cache identifier (should be either 'default' or valid Azure region identifier). + +- Required: Yes +- Type: string + +### Parameter: `useFromLocation` + +Location identifier to use cache from (should be either 'default' or valid Azure region identifier). + +- Required: Yes +- Type: string + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. -Runtime connection string to cache. Can be referenced by a named value like so, {{}}. - Required: Yes - Type: string ### Parameter: `description` Cache description. + - Required: No - Type: string - Default: `''` @@ -61,29 +78,19 @@ Cache description. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` -### Parameter: `name` - -Identifier of the Cache entity. Cache identifier (should be either 'default' or valid Azure region identifier). -- Required: Yes -- Type: string - ### Parameter: `resourceId` Original uri of entity in external system cache points to. + - Required: No - Type: string - Default: `''` -### Parameter: `useFromLocation` - -Location identifier to use cache from (should be either 'default' or valid Azure region identifier). -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/api-management/service/identity-provider/README.md b/modules/api-management/service/identity-provider/README.md index e276d5e7d3..3cd1e42cce 100644 --- a/modules/api-management/service/identity-provider/README.md +++ b/modules/api-management/service/identity-provider/README.md @@ -46,29 +46,24 @@ This module deploys an API Management Service Identity Provider. | [`signUpPolicyName`](#parameter-signuppolicyname) | string | Signup Policy Name. Only applies to AAD B2C Identity Provider. | | [`type`](#parameter-type) | string | Identity Provider Type identifier. | -### Parameter: `allowedTenants` - -List of Allowed Tenants when configuring Azure Active Directory login. - string. -- Required: No -- Type: array -- Default: `[]` +### Parameter: `name` -### Parameter: `apiManagementServiceName` +Identity provider name. -The name of the parent API Management service. Required if the template is used in a standalone deployment. - Required: Yes - Type: string -### Parameter: `authority` +### Parameter: `apiManagementServiceName` -OpenID Connect discovery endpoint hostname for AAD or AAD B2C. -- Required: No +The name of the parent API Management service. Required if the template is used in a standalone deployment. + +- Required: Yes - Type: string -- Default: `''` ### Parameter: `clientId` Client ID of the Application in the external Identity Provider. Required if identity provider is used. + - Required: No - Type: string - Default: `''` @@ -76,13 +71,31 @@ Client ID of the Application in the external Identity Provider. Required if iden ### Parameter: `clientSecret` Client secret of the Application in external Identity Provider, used to authenticate login request. Required if identity provider is used. + - Required: No - Type: securestring - Default: `''` +### Parameter: `allowedTenants` + +List of Allowed Tenants when configuring Azure Active Directory login. - string. + +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `authority` + +OpenID Connect discovery endpoint hostname for AAD or AAD B2C. + +- Required: No +- Type: string +- Default: `''` + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -90,19 +103,15 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `enableIdentityProviders` Used to enable the deployment of the identityProviders child resource. + - Required: No - Type: bool - Default: `False` -### Parameter: `name` - -Identity provider name. -- Required: Yes -- Type: string - ### Parameter: `passwordResetPolicyName` Password Reset Policy Name. Only applies to AAD B2C Identity Provider. + - Required: No - Type: string - Default: `''` @@ -110,6 +119,7 @@ Password Reset Policy Name. Only applies to AAD B2C Identity Provider. ### Parameter: `profileEditingPolicyName` Profile Editing Policy Name. Only applies to AAD B2C Identity Provider. + - Required: No - Type: string - Default: `''` @@ -117,6 +127,7 @@ Profile Editing Policy Name. Only applies to AAD B2C Identity Provider. ### Parameter: `signInPolicyName` Signin Policy Name. Only applies to AAD B2C Identity Provider. + - Required: No - Type: string - Default: `''` @@ -124,6 +135,7 @@ Signin Policy Name. Only applies to AAD B2C Identity Provider. ### Parameter: `signInTenant` The TenantId to use instead of Common when logging into Active Directory. + - Required: No - Type: string - Default: `''` @@ -131,6 +143,7 @@ The TenantId to use instead of Common when logging into Active Directory. ### Parameter: `signUpPolicyName` Signup Policy Name. Only applies to AAD B2C Identity Provider. + - Required: No - Type: string - Default: `''` @@ -138,6 +151,7 @@ Signup Policy Name. Only applies to AAD B2C Identity Provider. ### Parameter: `type` Identity Provider Type identifier. + - Required: No - Type: string - Default: `'aad'` diff --git a/modules/api-management/service/named-value/README.md b/modules/api-management/service/named-value/README.md index a10dbe60dc..a34ff1560b 100644 --- a/modules/api-management/service/named-value/README.md +++ b/modules/api-management/service/named-value/README.md @@ -41,21 +41,31 @@ This module deploys an API Management Service Named Value. | [`tags`](#parameter-tags) | array | Tags that when provided can be used to filter the NamedValue list. - string. | | [`value`](#parameter-value) | string | Value of the NamedValue. Can contain policy expressions. It may not be empty or consist only of whitespace. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value. | -### Parameter: `apiManagementServiceName` +### Parameter: `displayName` + +Unique name of NamedValue. It may contain only letters, digits, period, dash, and underscore characters. -The name of the parent API Management service. Required if the template is used in a standalone deployment. - Required: Yes - Type: string -### Parameter: `displayName` +### Parameter: `name` + +Named value Name. + +- Required: Yes +- Type: string + +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. -Unique name of NamedValue. It may contain only letters, digits, period, dash, and underscore characters. - Required: Yes - Type: string ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -63,19 +73,15 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `keyVault` KeyVault location details of the namedValue. + - Required: No - Type: object - Default: `{}` -### Parameter: `name` - -Named value Name. -- Required: Yes -- Type: string - ### Parameter: `secret` Determines whether the value is a secret and should be encrypted or not. Default value is false. + - Required: No - Type: bool - Default: `False` @@ -83,12 +89,14 @@ Determines whether the value is a secret and should be encrypted or not. Default ### Parameter: `tags` Tags that when provided can be used to filter the NamedValue list. - string. + - Required: No - Type: array ### Parameter: `value` Value of the NamedValue. Can contain policy expressions. It may not be empty or consist only of whitespace. This property will not be filled on 'GET' operations! Use '/listSecrets' POST request to get the value. + - Required: No - Type: string - Default: `[newGuid()]` diff --git a/modules/api-management/service/policy/README.md b/modules/api-management/service/policy/README.md index 6828ee1678..6b8af635b3 100644 --- a/modules/api-management/service/policy/README.md +++ b/modules/api-management/service/policy/README.md @@ -37,15 +37,24 @@ This module deploys an API Management Service Policy. | [`format`](#parameter-format) | string | Format of the policyContent. | | [`name`](#parameter-name) | string | The name of the policy. | +### Parameter: `value` + +Contents of the Policy as defined by the format. + +- Required: Yes +- Type: string + ### Parameter: `apiManagementServiceName` The name of the parent API Management service. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -53,6 +62,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `format` Format of the policyContent. + - Required: No - Type: string - Default: `'xml'` @@ -69,16 +79,11 @@ Format of the policyContent. ### Parameter: `name` The name of the policy. + - Required: No - Type: string - Default: `'policy'` -### Parameter: `value` - -Contents of the Policy as defined by the format. -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/api-management/service/portalsetting/README.md b/modules/api-management/service/portalsetting/README.md index 18168fd945..05641fe1d1 100644 --- a/modules/api-management/service/portalsetting/README.md +++ b/modules/api-management/service/portalsetting/README.md @@ -36,22 +36,10 @@ This module deploys an API Management Service Portal Setting. | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`properties`](#parameter-properties) | object | Portal setting properties. | -### Parameter: `apiManagementServiceName` - -The name of the parent API Management service. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` - ### Parameter: `name` Portal setting name. + - Required: Yes - Type: string - Allowed: @@ -63,9 +51,25 @@ Portal setting name. ] ``` +### Parameter: `apiManagementServiceName` + +The name of the parent API Management service. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` + ### Parameter: `properties` Portal setting properties. + - Required: No - Type: object - Default: `{}` diff --git a/modules/api-management/service/product/README.md b/modules/api-management/service/product/README.md index 03ba03cf8b..faea3e798b 100644 --- a/modules/api-management/service/product/README.md +++ b/modules/api-management/service/product/README.md @@ -45,15 +45,24 @@ This module deploys an API Management Service Product. | [`subscriptionsLimit`](#parameter-subscriptionslimit) | int | Whether the number of subscriptions a user can have to this product at the same time. Set to null or omit to allow unlimited per user subscriptions. Can be present only if subscriptionRequired property is present and has a value of false. | | [`terms`](#parameter-terms) | string | Product terms of use. Developers trying to subscribe to the product will be presented and required to accept these terms before they can complete the subscription process. | +### Parameter: `name` + +Product Name. + +- Required: Yes +- Type: string + ### Parameter: `apiManagementServiceName` The name of the parent API Management service. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string ### Parameter: `apis` Array of Product APIs. + - Required: No - Type: array - Default: `[]` @@ -61,6 +70,7 @@ Array of Product APIs. ### Parameter: `approvalRequired` Whether subscription approval is required. If false, new subscriptions will be approved automatically enabling developers to call the products APIs immediately after subscribing. If true, administrators must manually approve the subscription before the developer can any of the products APIs. Can be present only if subscriptionRequired property is present and has a value of false. + - Required: No - Type: bool - Default: `False` @@ -68,6 +78,7 @@ Whether subscription approval is required. If false, new subscriptions will be a ### Parameter: `description` Product description. May include HTML formatting tags. + - Required: No - Type: string - Default: `''` @@ -75,6 +86,7 @@ Product description. May include HTML formatting tags. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -82,19 +94,15 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `groups` Array of Product Groups. + - Required: No - Type: array - Default: `[]` -### Parameter: `name` - -Product Name. -- Required: Yes -- Type: string - ### Parameter: `state` whether product is published or not. Published products are discoverable by users of developer portal. Non published products are visible only to administrators. Default state of Product is notPublished. - notPublished or published. + - Required: No - Type: string - Default: `'published'` @@ -102,6 +110,7 @@ whether product is published or not. Published products are discoverable by user ### Parameter: `subscriptionRequired` Whether a product subscription is required for accessing APIs included in this product. If true, the product is referred to as "protected" and a valid subscription key is required for a request to an API included in the product to succeed. If false, the product is referred to as "open" and requests to an API included in the product can be made without a subscription key. If property is omitted when creating a new product it's value is assumed to be true. + - Required: No - Type: bool - Default: `False` @@ -109,6 +118,7 @@ Whether a product subscription is required for accessing APIs included in this p ### Parameter: `subscriptionsLimit` Whether the number of subscriptions a user can have to this product at the same time. Set to null or omit to allow unlimited per user subscriptions. Can be present only if subscriptionRequired property is present and has a value of false. + - Required: No - Type: int - Default: `1` @@ -116,6 +126,7 @@ Whether the number of subscriptions a user can have to this product at the same ### Parameter: `terms` Product terms of use. Developers trying to subscribe to the product will be presented and required to accept these terms before they can complete the subscription process. + - Required: No - Type: string - Default: `''` diff --git a/modules/api-management/service/product/api/README.md b/modules/api-management/service/product/api/README.md index 3ae7df516b..67e3cbc13c 100644 --- a/modules/api-management/service/product/api/README.md +++ b/modules/api-management/service/product/api/README.md @@ -36,31 +36,35 @@ This module deploys an API Management Service Product API. | :-- | :-- | :-- | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | -### Parameter: `apiManagementServiceName` +### Parameter: `name` + +Name of the product API. -The name of the parent API Management service. Required if the template is used in a standalone deployment. - Required: Yes - Type: string -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` +### Parameter: `apiManagementServiceName` -### Parameter: `name` +The name of the parent API Management service. Required if the template is used in a standalone deployment. -Name of the product API. - Required: Yes - Type: string ### Parameter: `productName` The name of the parent Product. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` + ## Outputs diff --git a/modules/api-management/service/product/group/README.md b/modules/api-management/service/product/group/README.md index 943378da28..b5d1cf7d8d 100644 --- a/modules/api-management/service/product/group/README.md +++ b/modules/api-management/service/product/group/README.md @@ -36,31 +36,35 @@ This module deploys an API Management Service Product Group. | :-- | :-- | :-- | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | -### Parameter: `apiManagementServiceName` +### Parameter: `name` + +Name of the product group. -The name of the parent API Management service. Required if the template is used in a standalone deployment. - Required: Yes - Type: string -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` +### Parameter: `apiManagementServiceName` -### Parameter: `name` +The name of the parent API Management service. Required if the template is used in a standalone deployment. -Name of the product group. - Required: Yes - Type: string ### Parameter: `productName` The name of the parent Product. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` + ## Outputs diff --git a/modules/api-management/service/subscription/README.md b/modules/api-management/service/subscription/README.md index 81c7f5c71b..a140d3d3a6 100644 --- a/modules/api-management/service/subscription/README.md +++ b/modules/api-management/service/subscription/README.md @@ -41,35 +41,40 @@ This module deploys an API Management Service Subscription. | [`secondaryKey`](#parameter-secondarykey) | string | Secondary subscription key. If not specified during request key will be generated automatically. | | [`state`](#parameter-state) | string | Initial subscription state. If no value is specified, subscription is created with Submitted state. Possible states are "*" active "?" the subscription is active, "*" suspended "?" the subscription is blocked, and the subscriber cannot call any APIs of the product, * submitted ? the subscription request has been made by the developer, but has not yet been approved or rejected, * rejected ? the subscription request has been denied by an administrator, * cancelled ? the subscription has been cancelled by the developer or administrator, * expired ? the subscription reached its expiration date and was deactivated. - suspended, active, expired, submitted, rejected, cancelled. | -### Parameter: `allowTracing` +### Parameter: `name` -Determines whether tracing can be enabled. -- Required: No -- Type: bool -- Default: `True` +Subscription name. + +- Required: Yes +- Type: string ### Parameter: `apiManagementServiceName` The name of the parent API Management service. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string -### Parameter: `enableDefaultTelemetry` +### Parameter: `allowTracing` + +Determines whether tracing can be enabled. -Enable telemetry via a Globally Unique Identifier (GUID). - Required: No - Type: bool - Default: `True` -### Parameter: `name` +### Parameter: `enableDefaultTelemetry` -Subscription name. -- Required: Yes -- Type: string +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` ### Parameter: `ownerId` User (user ID path) for whom subscription is being created in form /users/{userId}. + - Required: No - Type: string - Default: `''` @@ -77,6 +82,7 @@ User (user ID path) for whom subscription is being created in form /users/{userI ### Parameter: `primaryKey` Primary subscription key. If not specified during request key will be generated automatically. + - Required: No - Type: string - Default: `''` @@ -84,6 +90,7 @@ Primary subscription key. If not specified during request key will be generated ### Parameter: `scope` Scope type to choose between a product, "allAPIs" or a specific API. Scope like "/products/{productId}" or "/apis" or "/apis/{apiId}". + - Required: No - Type: string - Default: `'/apis'` @@ -91,6 +98,7 @@ Scope type to choose between a product, "allAPIs" or a specific API. Scope like ### Parameter: `secondaryKey` Secondary subscription key. If not specified during request key will be generated automatically. + - Required: No - Type: string - Default: `''` @@ -98,6 +106,7 @@ Secondary subscription key. If not specified during request key will be generate ### Parameter: `state` Initial subscription state. If no value is specified, subscription is created with Submitted state. Possible states are "*" active "?" the subscription is active, "*" suspended "?" the subscription is blocked, and the subscriber cannot call any APIs of the product, * submitted ? the subscription request has been made by the developer, but has not yet been approved or rejected, * rejected ? the subscription request has been denied by an administrator, * cancelled ? the subscription has been cancelled by the developer or administrator, * expired ? the subscription reached its expiration date and was deactivated. - suspended, active, expired, submitted, rejected, cancelled. + - Required: No - Type: string - Default: `''` diff --git a/modules/app-configuration/configuration-store/README.md b/modules/app-configuration/configuration-store/README.md index 990cfe2b51..e9f8d2f80e 100644 --- a/modules/app-configuration/configuration-store/README.md +++ b/modules/app-configuration/configuration-store/README.md @@ -734,9 +734,17 @@ module configurationStore 'br:bicep/modules/app-configuration.configuration-stor | [`softDeleteRetentionInDays`](#parameter-softdeleteretentionindays) | int | The amount of time in days that the configuration store will be retained when it is soft deleted. | | [`tags`](#parameter-tags) | object | Tags of the resource. | +### Parameter: `name` + +Name of the Azure App Configuration. + +- Required: Yes +- Type: string + ### Parameter: `createMode` Indicates whether the configuration store need to be recovered. + - Required: No - Type: string - Default: `'Default'` @@ -751,41 +759,48 @@ Indicates whether the configuration store need to be recovered. ### Parameter: `customerManagedKey` The customer managed key definition. + - Required: No - Type: object +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`keyName`](#parameter-customermanagedkeykeyname) | string | The name of the customer managed key to use for encryption. | +| [`keyVaultResourceId`](#parameter-customermanagedkeykeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. | + +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`keyName`](#parameter-customermanagedkeykeyname) | Yes | string | Required. The name of the customer managed key to use for encryption. | -| [`keyVaultResourceId`](#parameter-customermanagedkeykeyvaultresourceid) | Yes | string | Required. The resource ID of a key vault to reference a customer managed key for encryption from. | -| [`keyVersion`](#parameter-customermanagedkeykeyversion) | No | string | Optional. The version of the customer managed key to reference for encryption. If not provided, using 'latest'. | -| [`userAssignedIdentityResourceId`](#parameter-customermanagedkeyuserassignedidentityresourceid) | No | string | Optional. User assigned identity to use when fetching the customer managed key. Required if no system assigned identity is available for use. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`keyVersion`](#parameter-customermanagedkeykeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, using 'latest'. | +| [`userAssignedIdentityResourceId`](#parameter-customermanagedkeyuserassignedidentityresourceid) | string | User assigned identity to use when fetching the customer managed key. Required if no system assigned identity is available for use. | ### Parameter: `customerManagedKey.keyName` -Required. The name of the customer managed key to use for encryption. +The name of the customer managed key to use for encryption. - Required: Yes - Type: string ### Parameter: `customerManagedKey.keyVaultResourceId` -Required. The resource ID of a key vault to reference a customer managed key for encryption from. +The resource ID of a key vault to reference a customer managed key for encryption from. - Required: Yes - Type: string ### Parameter: `customerManagedKey.keyVersion` -Optional. The version of the customer managed key to reference for encryption. If not provided, using 'latest'. +The version of the customer managed key to reference for encryption. If not provided, using 'latest'. - Required: No - Type: string ### Parameter: `customerManagedKey.userAssignedIdentityResourceId` -Optional. User assigned identity to use when fetching the customer managed key. Required if no system assigned identity is available for use. +User assigned identity to use when fetching the customer managed key. Required if no system assigned identity is available for use. - Required: No - Type: string @@ -793,114 +808,90 @@ Optional. User assigned identity to use when fetching the customer managed key. ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.metricCategories` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | - -### Parameter: `diagnosticSettings.metricCategories.category` - -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. - -- Required: Yes -- Type: string - - ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -908,6 +899,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `disableLocalAuth` Disables all authentication methods other than AAD authentication. + - Required: No - Type: bool - Default: `False` @@ -915,6 +907,7 @@ Disables all authentication methods other than AAD authentication. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -922,6 +915,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `enablePurgeProtection` Property specifying whether protection against purge is enabled for this configuration store. + - Required: No - Type: bool - Default: `False` @@ -929,6 +923,7 @@ Property specifying whether protection against purge is enabled for this configu ### Parameter: `keyValues` All Key / Values to create. Requires local authentication to be enabled. + - Required: No - Type: array - Default: `[]` @@ -936,6 +931,7 @@ All Key / Values to create. Requires local authentication to be enabled. ### Parameter: `location` Location for all Resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -943,26 +939,35 @@ Location for all Resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -970,229 +975,275 @@ Optional. Specify the name of lock. ### Parameter: `managedIdentities` The managed identity definition for this resource. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | No | bool | Optional. Enables system assigned managed identity on the resource. | -| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | No | array | Optional. The resource ID(s) to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | bool | Enables system assigned managed identity on the resource. | +| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. | ### Parameter: `managedIdentities.systemAssigned` -Optional. Enables system assigned managed identity on the resource. +Enables system assigned managed identity on the resource. - Required: No - Type: bool ### Parameter: `managedIdentities.userAssignedResourceIds` -Optional. The resource ID(s) to assign to the resource. +The resource ID(s) to assign to the resource. - Required: No - Type: array -### Parameter: `name` - -Name of the Azure App Configuration. -- Required: Yes -- Type: string - ### Parameter: `privateEndpoints` Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | No | array | Optional. Application security groups in which the private endpoint IP configuration is included. | -| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | No | array | Optional. Custom DNS configurations. | -| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | No | string | Optional. The custom name of the network interface attached to the private endpoint. | -| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | No | bool | Optional. Enable/Disable usage telemetry for module. | -| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | No | array | Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | -| [`location`](#parameter-privateendpointslocation) | No | string | Optional. The location to deploy the private endpoint to. | -| [`lock`](#parameter-privateendpointslock) | No | object | Optional. Specify the type of lock. | -| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | No | array | Optional. Manual PrivateLink Service Connections. | -| [`name`](#parameter-privateendpointsname) | No | string | Optional. The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | No | string | Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | -| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | No | array | Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | -| [`roleAssignments`](#parameter-privateendpointsroleassignments) | No | array | Optional. Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | No | string | Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | -| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | Yes | string | Required. Resource ID of the subnet where the endpoint needs to be created. | -| [`tags`](#parameter-privateendpointstags) | No | object | Optional. Tags to be applied on all resources/resource groups in this deployment. | - -### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | string | Resource ID of the subnet where the endpoint needs to be created. | -Optional. Application security groups in which the private endpoint IP configuration is included. +**Optional parameters** -- Required: No -- Type: array +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | array | Application security groups in which the private endpoint IP configuration is included. | +| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | array | Custom DNS configurations. | +| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | +| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | +| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | +| [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | +| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | +| [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | +| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | +| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | +| [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | +| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | +| [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | -### Parameter: `privateEndpoints.customDnsConfigs` +### Parameter: `privateEndpoints.subnetResourceId` -Optional. Custom DNS configurations. +Resource ID of the subnet where the endpoint needs to be created. -- Required: No -- Type: array - -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | No | string | Required. Fqdn that resolves to private endpoint ip address. | -| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | Yes | array | Required. A list of private ip addresses of the private endpoint. | +- Required: Yes +- Type: string -### Parameter: `privateEndpoints.customDnsConfigs.fqdn` +### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` -Required. Fqdn that resolves to private endpoint ip address. +Application security groups in which the private endpoint IP configuration is included. - Required: No -- Type: string +- Type: array -### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` +### Parameter: `privateEndpoints.customDnsConfigs` -Required. A list of private ip addresses of the private endpoint. +Custom DNS configurations. -- Required: Yes +- Required: No - Type: array - ### Parameter: `privateEndpoints.customNetworkInterfaceName` -Optional. The custom name of the network interface attached to the private endpoint. +The custom name of the network interface attached to the private endpoint. - Required: No - Type: string ### Parameter: `privateEndpoints.enableTelemetry` -Optional. Enable/Disable usage telemetry for module. +Enable/Disable usage telemetry for module. - Required: No - Type: bool ### Parameter: `privateEndpoints.ipConfigurations` -Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. +A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`name`](#parameter-privateendpointsipconfigurationsname) | Yes | string | Required. The name of the resource that is unique within a resource group. | -| [`properties`](#parameter-privateendpointsipconfigurationsproperties) | Yes | object | Required. Properties of private endpoint IP configurations. | - -### Parameter: `privateEndpoints.ipConfigurations.name` +### Parameter: `privateEndpoints.location` -Required. The name of the resource that is unique within a resource group. +The location to deploy the private endpoint to. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties` +### Parameter: `privateEndpoints.lock` -Required. Properties of private endpoint IP configurations. +Specify the type of lock. -- Required: Yes +- Required: No - Type: object -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | Yes | string | Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. | -| [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | Yes | string | Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. | -| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | Yes | string | Required. A private ip address obtained from the private endpoint's subnet. | +**Optional parameters** -### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-privateendpointslockkind) | string | Specify the type of lock. | +| [`name`](#parameter-privateendpointslockname) | string | Specify the name of lock. | -Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. +### Parameter: `privateEndpoints.lock.kind` -- Required: Yes +Specify the type of lock. + +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` -### Parameter: `privateEndpoints.ipConfigurations.properties.memberName` +### Parameter: `privateEndpoints.lock.name` -Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. +Specify the name of lock. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` +### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` -Required. A private ip address obtained from the private endpoint's subnet. +Manual PrivateLink Service Connections. -- Required: Yes -- Type: string +- Required: No +- Type: array +### Parameter: `privateEndpoints.name` +The name of the private endpoint. -### Parameter: `privateEndpoints.location` +- Required: No +- Type: string + +### Parameter: `privateEndpoints.privateDnsZoneGroupName` -Optional. The location to deploy the private endpoint to. +The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. - Required: No - Type: string -### Parameter: `privateEndpoints.lock` +### Parameter: `privateEndpoints.privateDnsZoneResourceIds` -Optional. Specify the type of lock. +The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. - Required: No -- Type: object +- Type: array -### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` +### Parameter: `privateEndpoints.roleAssignments` -Optional. Manual PrivateLink Service Connections. +Array of role assignments to create. - Required: No - Type: array -### Parameter: `privateEndpoints.name` +**Required parameters** -Optional. The name of the private endpoint. +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-privateendpointsroleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-privateendpointsroleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-privateendpointsroleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-privateendpointsroleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-privateendpointsroleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-privateendpointsroleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-privateendpointsroleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | + +### Parameter: `privateEndpoints.roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.roleAssignments.roleDefinitionIdOrName` + +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.roleAssignments.condition` + +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `privateEndpoints.privateDnsZoneGroupName` +### Parameter: `privateEndpoints.roleAssignments.conditionVersion` -Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `privateEndpoints.privateDnsZoneResourceIds` +### Parameter: `privateEndpoints.roleAssignments.delegatedManagedIdentityResourceId` -Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. +The Resource Id of the delegated managed identity resource. - Required: No -- Type: array +- Type: string -### Parameter: `privateEndpoints.roleAssignments` +### Parameter: `privateEndpoints.roleAssignments.description` -Optional. Array of role assignments to create. +The description of the role assignment. - Required: No -- Type: array +- Type: string -### Parameter: `privateEndpoints.service` +### Parameter: `privateEndpoints.roleAssignments.principalType` -Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". +The principal type of the assigned principal ID. - Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` -### Parameter: `privateEndpoints.subnetResourceId` +### Parameter: `privateEndpoints.service` -Required. Resource ID of the subnet where the endpoint needs to be created. +The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". -- Required: Yes +- Required: No - Type: string ### Parameter: `privateEndpoints.tags` -Optional. Tags to be applied on all resources/resource groups in this deployment. +Tags to be applied on all resources/resource groups in this deployment. - Required: No - Type: object @@ -1200,6 +1251,7 @@ Optional. Tags to be applied on all resources/resource groups in this deployment ### Parameter: `publicNetworkAccess` Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. + - Required: No - Type: string - Default: `''` @@ -1215,74 +1267,96 @@ Whether or not public network access is allowed for this resource. For security ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +**Optional parameters** -### Parameter: `roleAssignments.condition` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | + +### Parameter: `roleAssignments.principalId` -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +The principal ID of the principal (user/group/identity) to assign the role to. -- Required: No +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `sku` Pricing tier of App Configuration. + - Required: No - Type: string - Default: `'Standard'` @@ -1297,6 +1371,7 @@ Pricing tier of App Configuration. ### Parameter: `softDeleteRetentionInDays` The amount of time in days that the configuration store will be retained when it is soft deleted. + - Required: No - Type: int - Default: `1` @@ -1304,6 +1379,7 @@ The amount of time in days that the configuration store will be retained when it ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object diff --git a/modules/app-configuration/configuration-store/key-value/README.md b/modules/app-configuration/configuration-store/key-value/README.md index bf6dd94639..6f6a67e760 100644 --- a/modules/app-configuration/configuration-store/key-value/README.md +++ b/modules/app-configuration/configuration-store/key-value/README.md @@ -38,15 +38,31 @@ This module deploys an App Configuration Store Key Value. | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`tags`](#parameter-tags) | object | Tags of the resource. | +### Parameter: `name` + +Name of the key. + +- Required: Yes +- Type: string + +### Parameter: `value` + +Name of the value. + +- Required: Yes +- Type: string + ### Parameter: `appConfigurationName` The name of the parent app configuration store. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string ### Parameter: `contentType` The content type of the key-values value. Providing a proper content-type can enable transformations of values when they are retrieved by applications. + - Required: No - Type: string - Default: `''` @@ -54,28 +70,18 @@ The content type of the key-values value. Providing a proper content-type can en ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` -### Parameter: `name` - -Name of the key. -- Required: Yes -- Type: string - ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object -### Parameter: `value` - -Name of the value. -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/app/container-app/README.md b/modules/app/container-app/README.md index 6f88154a11..3c53161686 100644 --- a/modules/app/container-app/README.md +++ b/modules/app/container-app/README.md @@ -487,9 +487,31 @@ module containerApp 'br:bicep/modules/app.container-app:1.0.0' = { | [`volumes`](#parameter-volumes) | array | List of volume definitions for the Container App. | | [`workloadProfileType`](#parameter-workloadprofiletype) | string | Workload profile type to pin for container app execution. | +### Parameter: `containers` + +List of container definitions for the Container App. + +- Required: Yes +- Type: array + +### Parameter: `environmentId` + +Resource ID of environment. + +- Required: Yes +- Type: string + +### Parameter: `name` + +Name of the Container App. + +- Required: Yes +- Type: string + ### Parameter: `activeRevisionsMode` ActiveRevisionsMode controls how active revisions are handled for the Container app. + - Required: No - Type: string - Default: `'Single'` @@ -501,15 +523,10 @@ ActiveRevisionsMode controls how active revisions are handled for the Container ] ``` -### Parameter: `containers` - -List of container definitions for the Container App. -- Required: Yes -- Type: array - ### Parameter: `customDomains` Custom domain bindings for Container App hostnames. + - Required: No - Type: array - Default: `[]` @@ -517,6 +534,7 @@ Custom domain bindings for Container App hostnames. ### Parameter: `dapr` Dapr configuration for the Container App. + - Required: No - Type: object - Default: `{}` @@ -524,19 +542,15 @@ Dapr configuration for the Container App. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` -### Parameter: `environmentId` - -Resource ID of environment. -- Required: Yes -- Type: string - ### Parameter: `exposedPort` Exposed Port in containers for TCP traffic from ingress. + - Required: No - Type: int - Default: `0` @@ -544,6 +558,7 @@ Exposed Port in containers for TCP traffic from ingress. ### Parameter: `ingressAllowInsecure` Bool indicating if HTTP connections to is allowed. If set to false HTTP connections are automatically redirected to HTTPS connections. + - Required: No - Type: bool - Default: `True` @@ -551,6 +566,7 @@ Bool indicating if HTTP connections to is allowed. If set to false HTTP connecti ### Parameter: `ingressExternal` Bool indicating if app exposes an external http endpoint. + - Required: No - Type: bool - Default: `True` @@ -558,6 +574,7 @@ Bool indicating if app exposes an external http endpoint. ### Parameter: `ingressTargetPort` Target Port in containers for traffic from ingress. + - Required: No - Type: int - Default: `80` @@ -565,6 +582,7 @@ Target Port in containers for traffic from ingress. ### Parameter: `ingressTransport` Ingress transport protocol. + - Required: No - Type: string - Default: `'auto'` @@ -581,6 +599,7 @@ Ingress transport protocol. ### Parameter: `initContainersTemplate` List of specialized containers that run before app containers. + - Required: No - Type: array - Default: `[]` @@ -588,6 +607,7 @@ List of specialized containers that run before app containers. ### Parameter: `ipSecurityRestrictions` Rules to restrict incoming IP address. + - Required: No - Type: array - Default: `[]` @@ -595,6 +615,7 @@ Rules to restrict incoming IP address. ### Parameter: `location` Location for all Resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -602,26 +623,35 @@ Location for all Resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -629,25 +659,27 @@ Optional. Specify the name of lock. ### Parameter: `managedIdentities` The managed identity definition for this resource. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | No | bool | Optional. Enables system assigned managed identity on the resource. | -| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | No | array | Optional. The resource ID(s) to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | bool | Enables system assigned managed identity on the resource. | +| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. | ### Parameter: `managedIdentities.systemAssigned` -Optional. Enables system assigned managed identity on the resource. +Enables system assigned managed identity on the resource. - Required: No - Type: bool ### Parameter: `managedIdentities.userAssignedResourceIds` -Optional. The resource ID(s) to assign to the resource. +The resource ID(s) to assign to the resource. - Required: No - Type: array @@ -655,19 +687,15 @@ Optional. The resource ID(s) to assign to the resource. ### Parameter: `maxInactiveRevisions` Max inactive revisions a Container App can have. + - Required: No - Type: int - Default: `0` -### Parameter: `name` - -Name of the Container App. -- Required: Yes -- Type: string - ### Parameter: `registries` Collection of private container registry credentials for containers used by the Container app. + - Required: No - Type: array - Default: `[]` @@ -675,6 +703,7 @@ Collection of private container registry credentials for containers used by the ### Parameter: `revisionSuffix` User friendly suffix that is appended to the revision name. + - Required: No - Type: string - Default: `''` @@ -682,74 +711,96 @@ User friendly suffix that is appended to the revision name. ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | + +### Parameter: `roleAssignments.principalId` -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +The principal ID of the principal (user/group/identity) to assign the role to. -- Required: No +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `scaleMaxReplicas` Maximum number of container replicas. Defaults to 10 if not set. + - Required: No - Type: int - Default: `1` @@ -757,6 +808,7 @@ Maximum number of container replicas. Defaults to 10 if not set. ### Parameter: `scaleMinReplicas` Minimum number of container replicas. + - Required: No - Type: int - Default: `0` @@ -764,6 +816,7 @@ Minimum number of container replicas. ### Parameter: `scaleRules` Scaling rules. + - Required: No - Type: array - Default: `[]` @@ -771,6 +824,7 @@ Scaling rules. ### Parameter: `secrets` The secrets of the Container App. + - Required: No - Type: secureObject - Default: `{}` @@ -778,12 +832,14 @@ The secrets of the Container App. ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object ### Parameter: `trafficLabel` Associates a traffic label with a revision. Label name should be consist of lower case alphanumeric characters or dashes. + - Required: No - Type: string - Default: `'label-1'` @@ -791,6 +847,7 @@ Associates a traffic label with a revision. Label name should be consist of lowe ### Parameter: `trafficLatestRevision` Indicates that the traffic weight belongs to a latest stable revision. + - Required: No - Type: bool - Default: `True` @@ -798,6 +855,7 @@ Indicates that the traffic weight belongs to a latest stable revision. ### Parameter: `trafficRevisionName` Name of a revision. + - Required: No - Type: string - Default: `''` @@ -805,6 +863,7 @@ Name of a revision. ### Parameter: `trafficWeight` Traffic weight assigned to a revision. + - Required: No - Type: int - Default: `100` @@ -812,6 +871,7 @@ Traffic weight assigned to a revision. ### Parameter: `volumes` List of volume definitions for the Container App. + - Required: No - Type: array - Default: `[]` @@ -819,6 +879,7 @@ List of volume definitions for the Container App. ### Parameter: `workloadProfileType` Workload profile type to pin for container app execution. + - Required: No - Type: string - Default: `''` diff --git a/modules/app/job/README.md b/modules/app/job/README.md index cd12e8e51d..c041013706 100644 --- a/modules/app/job/README.md +++ b/modules/app/job/README.md @@ -548,25 +548,36 @@ module job 'br:bicep/modules/app.job:1.0.0' = { ### Parameter: `containers` List of container definitions for the Container App. + - Required: Yes - Type: array +### Parameter: `environmentId` + +Resource ID of environment. + +- Required: Yes +- Type: string + +### Parameter: `name` + +Name of the Container App. + +- Required: Yes +- Type: string + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` -### Parameter: `environmentId` - -Resource ID of environment. -- Required: Yes -- Type: string - ### Parameter: `eventTriggerConfig` Required if TriggerType is Event. Configuration of an event driven job. + - Required: No - Type: object - Default: `{}` @@ -574,6 +585,7 @@ Required if TriggerType is Event. Configuration of an event driven job. ### Parameter: `initContainersTemplate` List of specialized containers that run before app containers. + - Required: No - Type: array - Default: `[]` @@ -581,6 +593,7 @@ List of specialized containers that run before app containers. ### Parameter: `location` Location for all Resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -588,26 +601,35 @@ Location for all Resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -615,25 +637,27 @@ Optional. Specify the name of lock. ### Parameter: `managedIdentities` The managed identity definition for this resource. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | No | bool | Optional. Enables system assigned managed identity on the resource. | -| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | No | array | Optional. The resource ID(s) to assign to the resource. Required if a user assigned identity is used for encryption. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | bool | Enables system assigned managed identity on the resource. | +| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. Required if a user assigned identity is used for encryption. | ### Parameter: `managedIdentities.systemAssigned` -Optional. Enables system assigned managed identity on the resource. +Enables system assigned managed identity on the resource. - Required: No - Type: bool ### Parameter: `managedIdentities.userAssignedResourceIds` -Optional. The resource ID(s) to assign to the resource. Required if a user assigned identity is used for encryption. +The resource ID(s) to assign to the resource. Required if a user assigned identity is used for encryption. - Required: No - Type: array @@ -641,19 +665,15 @@ Optional. The resource ID(s) to assign to the resource. Required if a user assig ### Parameter: `manualTriggerConfig` Required if TriggerType is Manual. Configuration of a manual job. + - Required: No - Type: object - Default: `{}` -### Parameter: `name` - -Name of the Container App. -- Required: Yes -- Type: string - ### Parameter: `registries` Collection of private container registry credentials for containers used by the Container app. + - Required: No - Type: array - Default: `[]` @@ -661,6 +681,7 @@ Collection of private container registry credentials for containers used by the ### Parameter: `replicaRetryLimit` The maximum number of times a replica can be retried. + - Required: No - Type: int - Default: `0` @@ -668,6 +689,7 @@ The maximum number of times a replica can be retried. ### Parameter: `replicaTimeout` Maximum number of seconds a replica is allowed to run. + - Required: No - Type: int - Default: `1800` @@ -675,74 +697,96 @@ Maximum number of seconds a replica is allowed to run. ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource ID of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource ID of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource ID of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource ID of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `scheduleTriggerConfig` Required if TriggerType is Schedule. Configuration of a schedule based job. + - Required: No - Type: object - Default: `{}` @@ -750,6 +794,7 @@ Required if TriggerType is Schedule. Configuration of a schedule based job. ### Parameter: `secrets` The secrets of the Container App. + - Required: No - Type: secureObject - Default: `{}` @@ -757,6 +802,7 @@ The secrets of the Container App. ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object - Default: `{}` @@ -764,6 +810,7 @@ Tags of the resource. ### Parameter: `triggerType` Trigger type of the job. + - Required: Yes - Type: string - Allowed: @@ -778,6 +825,7 @@ Trigger type of the job. ### Parameter: `volumes` List of volume definitions for the Container App. + - Required: No - Type: array - Default: `[]` @@ -785,6 +833,7 @@ List of volume definitions for the Container App. ### Parameter: `workloadProfileName` The name of the workload profile to use. + - Required: No - Type: string - Default: `'Consumption'` diff --git a/modules/app/managed-environment/README.md b/modules/app/managed-environment/README.md index 913062b3a2..d044d9f6fa 100644 --- a/modules/app/managed-environment/README.md +++ b/modules/app/managed-environment/README.md @@ -319,9 +319,32 @@ module managedEnvironment 'br:bicep/modules/app.managed-environment:1.0.0' = { | [`workloadProfiles`](#parameter-workloadprofiles) | array | Workload profiles configured for the Managed Environment. | | [`zoneRedundant`](#parameter-zoneredundant) | bool | Whether or not this Managed Environment is zone-redundant. | +### Parameter: `logAnalyticsWorkspaceResourceId` + +Existing Log Analytics Workspace resource ID. Note: This value is not required as per the resource type. However, not providing it currently causes an issue that is tracked [here](https://github.com/Azure/bicep/issues/9990). + +- Required: Yes +- Type: string + +### Parameter: `name` + +Name of the Container Apps Managed Environment. + +- Required: Yes +- Type: string + +### Parameter: `infrastructureSubnetId` + +Resource ID of a subnet for infrastructure components. This is used to deploy the environment into a virtual network. Must not overlap with any other provided IP ranges. Required if "internal" is set to true. + +- Required: No +- Type: string +- Default: `''` + ### Parameter: `certificatePassword` Password of the certificate used by the custom domain. + - Required: No - Type: securestring - Default: `''` @@ -329,6 +352,7 @@ Password of the certificate used by the custom domain. ### Parameter: `certificateValue` Certificate to use for the custom domain. PFX or PEM. + - Required: No - Type: securestring - Default: `''` @@ -336,6 +360,7 @@ Certificate to use for the custom domain. PFX or PEM. ### Parameter: `daprAIConnectionString` Application Insights connection string used by Dapr to export Service to Service communication telemetry. + - Required: No - Type: securestring - Default: `''` @@ -343,6 +368,7 @@ Application Insights connection string used by Dapr to export Service to Service ### Parameter: `daprAIInstrumentationKey` Azure Monitor instrumentation key used by Dapr to export Service to Service communication telemetry. + - Required: No - Type: securestring - Default: `''` @@ -350,6 +376,7 @@ Azure Monitor instrumentation key used by Dapr to export Service to Service comm ### Parameter: `dnsSuffix` DNS suffix for the environment domain. + - Required: No - Type: string - Default: `''` @@ -357,6 +384,7 @@ DNS suffix for the environment domain. ### Parameter: `dockerBridgeCidr` CIDR notation IP range assigned to the Docker bridge, network. It must not overlap with any other provided IP ranges and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform. + - Required: No - Type: string - Default: `''` @@ -364,19 +392,14 @@ CIDR notation IP range assigned to the Docker bridge, network. It must not overl ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: Yes - Type: bool -### Parameter: `infrastructureSubnetId` - -Resource ID of a subnet for infrastructure components. This is used to deploy the environment into a virtual network. Must not overlap with any other provided IP ranges. Required if "internal" is set to true. -- Required: No -- Type: string -- Default: `''` - ### Parameter: `internal` Boolean indicating the environment only has an internal load balancer. These environments do not have a public static IP resource. If set to true, then "infrastructureSubnetId" must be provided. + - Required: No - Type: bool - Default: `False` @@ -384,6 +407,7 @@ Boolean indicating the environment only has an internal load balancer. These env ### Parameter: `location` Location for all Resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -391,52 +415,51 @@ Location for all Resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string -### Parameter: `logAnalyticsWorkspaceResourceId` - -Existing Log Analytics Workspace resource ID. Note: This value is not required as per the resource type. However, not providing it currently causes an issue that is tracked [here](https://github.com/Azure/bicep/issues/9990). -- Required: Yes -- Type: string - ### Parameter: `logsDestination` Logs destination. + - Required: No - Type: string - Default: `'log-analytics'` -### Parameter: `name` - -Name of the Container Apps Managed Environment. -- Required: Yes -- Type: string - ### Parameter: `platformReservedCidr` IP range in CIDR notation that can be reserved for environment infrastructure IP addresses. It must not overlap with any other provided IP ranges and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform. + - Required: No - Type: string - Default: `''` @@ -444,6 +467,7 @@ IP range in CIDR notation that can be reserved for environment infrastructure IP ### Parameter: `platformReservedDnsIP` An IP address from the IP range defined by "platformReservedCidr" that will be reserved for the internal DNS server. It must not be the first address in the range and can only be used when the environment is deployed into a virtual network. If not provided, it will be set with a default value by the platform. + - Required: No - Type: string - Default: `''` @@ -451,74 +475,96 @@ An IP address from the IP range defined by "platformReservedCidr" that will be r ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `skuName` Managed environment SKU. + - Required: No - Type: string - Default: `'Consumption'` @@ -533,12 +579,14 @@ Managed environment SKU. ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object ### Parameter: `workloadProfiles` Workload profiles configured for the Managed Environment. + - Required: No - Type: array - Default: `[]` @@ -546,6 +594,7 @@ Workload profiles configured for the Managed Environment. ### Parameter: `zoneRedundant` Whether or not this Managed Environment is zone-redundant. + - Required: No - Type: bool - Default: `False` diff --git a/modules/authorization/lock/README.md b/modules/authorization/lock/README.md index 7e2543aee3..20a037b24f 100644 --- a/modules/authorization/lock/README.md +++ b/modules/authorization/lock/README.md @@ -158,16 +158,10 @@ module lock 'br:bicep/modules/authorization.lock:1.0.0' = { | [`resourceGroupName`](#parameter-resourcegroupname) | string | Name of the Resource Group to assign the lock to. If Resource Group name is provided, and Subscription ID is provided, the module deploys at resource group level, therefore assigns the provided lock to the resource group. | | [`subscriptionId`](#parameter-subscriptionid) | string | Subscription ID of the subscription to assign the lock to. If not provided, will use the current scope for deployment. If no resource group name is provided, the module deploys at subscription level, therefore assigns the provided locks to the subscription. | -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` - ### Parameter: `level` Set lock level. + - Required: Yes - Type: string - Allowed: @@ -178,9 +172,18 @@ Set lock level. ] ``` +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` + ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[deployment().location]` @@ -188,6 +191,7 @@ Location for all resources. ### Parameter: `notes` The decription attached to the lock. + - Required: No - Type: string - Default: `[if(equals(parameters('level'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]` @@ -195,6 +199,7 @@ The decription attached to the lock. ### Parameter: `resourceGroupName` Name of the Resource Group to assign the lock to. If Resource Group name is provided, and Subscription ID is provided, the module deploys at resource group level, therefore assigns the provided lock to the resource group. + - Required: No - Type: string - Default: `''` @@ -202,6 +207,7 @@ Name of the Resource Group to assign the lock to. If Resource Group name is prov ### Parameter: `subscriptionId` Subscription ID of the subscription to assign the lock to. If not provided, will use the current scope for deployment. If no resource group name is provided, the module deploys at subscription level, therefore assigns the provided locks to the subscription. + - Required: No - Type: string - Default: `[subscription().id]` diff --git a/modules/authorization/lock/resource-group/README.md b/modules/authorization/lock/resource-group/README.md index 2195850acd..a74295ef1a 100644 --- a/modules/authorization/lock/resource-group/README.md +++ b/modules/authorization/lock/resource-group/README.md @@ -31,16 +31,10 @@ This module deploys an Authorization Lock at a Resource Group scope. | [`name`](#parameter-name) | string | The name of the lock. | | [`notes`](#parameter-notes) | string | The decription attached to the lock. | -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` - ### Parameter: `level` Set lock level. + - Required: Yes - Type: string - Allowed: @@ -51,9 +45,18 @@ Set lock level. ] ``` +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` + ### Parameter: `name` The name of the lock. + - Required: No - Type: string - Default: `[format('{0}-lock', parameters('level'))]` @@ -61,6 +64,7 @@ The name of the lock. ### Parameter: `notes` The decription attached to the lock. + - Required: No - Type: string - Default: `[if(equals(parameters('level'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]` diff --git a/modules/authorization/lock/subscription/README.md b/modules/authorization/lock/subscription/README.md index 7da7ff5614..2458071e3c 100644 --- a/modules/authorization/lock/subscription/README.md +++ b/modules/authorization/lock/subscription/README.md @@ -31,16 +31,10 @@ This module deploys an Authorization Lock at a Subscription scope. | [`name`](#parameter-name) | string | The name of the lock. | | [`notes`](#parameter-notes) | string | The decription attached to the lock. | -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` - ### Parameter: `level` Set lock level. + - Required: Yes - Type: string - Allowed: @@ -51,9 +45,18 @@ Set lock level. ] ``` +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` + ### Parameter: `name` The name of the lock. + - Required: No - Type: string - Default: `[format('{0}-lock', parameters('level'))]` @@ -61,6 +64,7 @@ The name of the lock. ### Parameter: `notes` The decription attached to the lock. + - Required: No - Type: string - Default: `[if(equals(parameters('level'), 'CanNotDelete'), 'Cannot delete resource or child resources.', 'Cannot modify the resource or child resources.')]` diff --git a/modules/authorization/policy-assignment/README.md b/modules/authorization/policy-assignment/README.md index ec478b7f18..fcbd860880 100644 --- a/modules/authorization/policy-assignment/README.md +++ b/modules/authorization/policy-assignment/README.md @@ -869,9 +869,24 @@ module policyAssignment 'br:bicep/modules/authorization.policy-assignment:1.0.0' | [`subscriptionId`](#parameter-subscriptionid) | string | The Target Scope for the Policy. The subscription ID of the subscription for the policy assignment. | | [`userAssignedIdentityId`](#parameter-userassignedidentityid) | string | The Resource ID for the user assigned identity to assign to the policy assignment. | +### Parameter: `name` + +Specifies the name of the policy assignment. Maximum length is 24 characters for management group scope, 64 characters for subscription and resource group scopes. + +- Required: Yes +- Type: string + +### Parameter: `policyDefinitionId` + +Specifies the ID of the policy definition or policy set definition being assigned. + +- Required: Yes +- Type: string + ### Parameter: `description` This message will be part of response in case of policy violation. + - Required: No - Type: string - Default: `''` @@ -879,6 +894,7 @@ This message will be part of response in case of policy violation. ### Parameter: `displayName` The display name of the policy assignment. Maximum length is 128 characters. + - Required: No - Type: string - Default: `''` @@ -886,6 +902,7 @@ The display name of the policy assignment. Maximum length is 128 characters. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -893,6 +910,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `enforcementMode` The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce. + - Required: No - Type: string - Default: `'Default'` @@ -907,6 +925,7 @@ The policy assignment enforcement mode. Possible values are Default and DoNotEnf ### Parameter: `identity` The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. + - Required: No - Type: string - Default: `'SystemAssigned'` @@ -922,6 +941,7 @@ The managed identity associated with the policy assignment. Policy assignments m ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[deployment().location]` @@ -929,6 +949,7 @@ Location for all resources. ### Parameter: `managementGroupId` The Target Scope for the Policy. The name of the management group for the policy assignment. If not provided, will use the current scope for deployment. + - Required: No - Type: string - Default: `[managementGroup().name]` @@ -936,19 +957,15 @@ The Target Scope for the Policy. The name of the management group for the policy ### Parameter: `metadata` The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs. + - Required: No - Type: object - Default: `{}` -### Parameter: `name` - -Specifies the name of the policy assignment. Maximum length is 24 characters for management group scope, 64 characters for subscription and resource group scopes. -- Required: Yes -- Type: string - ### Parameter: `nonComplianceMessages` The messages that describe why a resource is non-compliant with the policy. + - Required: No - Type: array - Default: `[]` @@ -956,6 +973,7 @@ The messages that describe why a resource is non-compliant with the policy. ### Parameter: `notScopes` The policy excluded scopes. + - Required: No - Type: array - Default: `[]` @@ -963,6 +981,7 @@ The policy excluded scopes. ### Parameter: `overrides` The policy property value override. Allows changing the effect of a policy definition without modifying the underlying policy definition or using a parameterized effect in the policy definition. + - Required: No - Type: array - Default: `[]` @@ -970,19 +989,15 @@ The policy property value override. Allows changing the effect of a policy defin ### Parameter: `parameters` Parameters for the policy assignment if needed. + - Required: No - Type: object - Default: `{}` -### Parameter: `policyDefinitionId` - -Specifies the ID of the policy definition or policy set definition being assigned. -- Required: Yes -- Type: string - ### Parameter: `resourceGroupName` The Target Scope for the Policy. The name of the resource group for the policy assignment. + - Required: No - Type: string - Default: `''` @@ -990,6 +1005,7 @@ The Target Scope for the Policy. The name of the resource group for the policy a ### Parameter: `resourceSelectors` The resource selector list to filter policies by resource properties. Facilitates safe deployment practices (SDP) by enabling gradual roll out policy assignments based on factors like resource location, resource type, or whether a resource has a location. + - Required: No - Type: array - Default: `[]` @@ -997,6 +1013,7 @@ The resource selector list to filter policies by resource properties. Facilitate ### Parameter: `roleDefinitionIds` The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. + - Required: No - Type: array - Default: `[]` @@ -1004,6 +1021,7 @@ The IDs Of the Azure Role Definition list that is used to assign permissions to ### Parameter: `subscriptionId` The Target Scope for the Policy. The subscription ID of the subscription for the policy assignment. + - Required: No - Type: string - Default: `''` @@ -1011,6 +1029,7 @@ The Target Scope for the Policy. The subscription ID of the subscription for the ### Parameter: `userAssignedIdentityId` The Resource ID for the user assigned identity to assign to the policy assignment. + - Required: No - Type: string - Default: `''` diff --git a/modules/authorization/policy-assignment/management-group/README.md b/modules/authorization/policy-assignment/management-group/README.md index 76cbe8d5b4..c49026c652 100644 --- a/modules/authorization/policy-assignment/management-group/README.md +++ b/modules/authorization/policy-assignment/management-group/README.md @@ -45,9 +45,24 @@ This module deploys a Policy Assignment at a Management Group scope. | [`roleDefinitionIds`](#parameter-roledefinitionids) | array | The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. | | [`userAssignedIdentityId`](#parameter-userassignedidentityid) | string | The Resource ID for the user assigned identity to assign to the policy assignment. | +### Parameter: `name` + +Specifies the name of the policy assignment. Maximum length is 24 characters for management group scope. + +- Required: Yes +- Type: string + +### Parameter: `policyDefinitionId` + +Specifies the ID of the policy definition or policy set definition being assigned. + +- Required: Yes +- Type: string + ### Parameter: `description` This message will be part of response in case of policy violation. + - Required: No - Type: string - Default: `''` @@ -55,6 +70,7 @@ This message will be part of response in case of policy violation. ### Parameter: `displayName` The display name of the policy assignment. Maximum length is 128 characters. + - Required: No - Type: string - Default: `''` @@ -62,6 +78,7 @@ The display name of the policy assignment. Maximum length is 128 characters. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -69,6 +86,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `enforcementMode` The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce. + - Required: No - Type: string - Default: `'Default'` @@ -83,6 +101,7 @@ The policy assignment enforcement mode. Possible values are Default and DoNotEnf ### Parameter: `identity` The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. + - Required: No - Type: string - Default: `'SystemAssigned'` @@ -98,6 +117,7 @@ The managed identity associated with the policy assignment. Policy assignments m ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[deployment().location]` @@ -105,6 +125,7 @@ Location for all resources. ### Parameter: `managementGroupId` The Target Scope for the Policy. The name of the management group for the policy assignment. If not provided, will use the current scope for deployment. + - Required: No - Type: string - Default: `[managementGroup().name]` @@ -112,19 +133,15 @@ The Target Scope for the Policy. The name of the management group for the policy ### Parameter: `metadata` The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs. + - Required: No - Type: object - Default: `{}` -### Parameter: `name` - -Specifies the name of the policy assignment. Maximum length is 24 characters for management group scope. -- Required: Yes -- Type: string - ### Parameter: `nonComplianceMessages` The messages that describe why a resource is non-compliant with the policy. + - Required: No - Type: array - Default: `[]` @@ -132,6 +149,7 @@ The messages that describe why a resource is non-compliant with the policy. ### Parameter: `notScopes` The policy excluded scopes. + - Required: No - Type: array - Default: `[]` @@ -139,6 +157,7 @@ The policy excluded scopes. ### Parameter: `overrides` The policy property value override. Allows changing the effect of a policy definition without modifying the underlying policy definition or using a parameterized effect in the policy definition. + - Required: No - Type: array - Default: `[]` @@ -146,19 +165,15 @@ The policy property value override. Allows changing the effect of a policy defin ### Parameter: `parameters` Parameters for the policy assignment if needed. + - Required: No - Type: object - Default: `{}` -### Parameter: `policyDefinitionId` - -Specifies the ID of the policy definition or policy set definition being assigned. -- Required: Yes -- Type: string - ### Parameter: `resourceSelectors` The resource selector list to filter policies by resource properties. Facilitates safe deployment practices (SDP) by enabling gradual roll out policy assignments based on factors like resource location, resource type, or whether a resource has a location. + - Required: No - Type: array - Default: `[]` @@ -166,6 +181,7 @@ The resource selector list to filter policies by resource properties. Facilitate ### Parameter: `roleDefinitionIds` The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. + - Required: No - Type: array - Default: `[]` @@ -173,6 +189,7 @@ The IDs Of the Azure Role Definition list that is used to assign permissions to ### Parameter: `userAssignedIdentityId` The Resource ID for the user assigned identity to assign to the policy assignment. + - Required: No - Type: string - Default: `''` diff --git a/modules/authorization/policy-assignment/resource-group/README.md b/modules/authorization/policy-assignment/resource-group/README.md index 450859dbd6..da543f77c1 100644 --- a/modules/authorization/policy-assignment/resource-group/README.md +++ b/modules/authorization/policy-assignment/resource-group/README.md @@ -46,9 +46,24 @@ This module deploys a Policy Assignment at a Resource Group scope. | [`subscriptionId`](#parameter-subscriptionid) | string | The Target Scope for the Policy. The subscription ID of the subscription for the policy assignment. If not provided, will use the current scope for deployment. | | [`userAssignedIdentityId`](#parameter-userassignedidentityid) | string | The Resource ID for the user assigned identity to assign to the policy assignment. | +### Parameter: `name` + +Specifies the name of the policy assignment. Maximum length is 64 characters for resource group scope. + +- Required: Yes +- Type: string + +### Parameter: `policyDefinitionId` + +Specifies the ID of the policy definition or policy set definition being assigned. + +- Required: Yes +- Type: string + ### Parameter: `description` This message will be part of response in case of policy violation. + - Required: No - Type: string - Default: `''` @@ -56,6 +71,7 @@ This message will be part of response in case of policy violation. ### Parameter: `displayName` The display name of the policy assignment. Maximum length is 128 characters. + - Required: No - Type: string - Default: `''` @@ -63,6 +79,7 @@ The display name of the policy assignment. Maximum length is 128 characters. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -70,6 +87,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `enforcementMode` The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce. + - Required: No - Type: string - Default: `'Default'` @@ -84,6 +102,7 @@ The policy assignment enforcement mode. Possible values are Default and DoNotEnf ### Parameter: `identity` The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. + - Required: No - Type: string - Default: `'SystemAssigned'` @@ -99,6 +118,7 @@ The managed identity associated with the policy assignment. Policy assignments m ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -106,19 +126,15 @@ Location for all resources. ### Parameter: `metadata` The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs. + - Required: No - Type: object - Default: `{}` -### Parameter: `name` - -Specifies the name of the policy assignment. Maximum length is 64 characters for resource group scope. -- Required: Yes -- Type: string - ### Parameter: `nonComplianceMessages` The messages that describe why a resource is non-compliant with the policy. + - Required: No - Type: array - Default: `[]` @@ -126,6 +142,7 @@ The messages that describe why a resource is non-compliant with the policy. ### Parameter: `notScopes` The policy excluded scopes. + - Required: No - Type: array - Default: `[]` @@ -133,6 +150,7 @@ The policy excluded scopes. ### Parameter: `overrides` The policy property value override. Allows changing the effect of a policy definition without modifying the underlying policy definition or using a parameterized effect in the policy definition. + - Required: No - Type: array - Default: `[]` @@ -140,19 +158,15 @@ The policy property value override. Allows changing the effect of a policy defin ### Parameter: `parameters` Parameters for the policy assignment if needed. + - Required: No - Type: object - Default: `{}` -### Parameter: `policyDefinitionId` - -Specifies the ID of the policy definition or policy set definition being assigned. -- Required: Yes -- Type: string - ### Parameter: `resourceGroupName` The Target Scope for the Policy. The name of the resource group for the policy assignment. If not provided, will use the current scope for deployment. + - Required: No - Type: string - Default: `[resourceGroup().name]` @@ -160,6 +174,7 @@ The Target Scope for the Policy. The name of the resource group for the policy a ### Parameter: `resourceSelectors` The resource selector list to filter policies by resource properties. Facilitates safe deployment practices (SDP) by enabling gradual roll out policy assignments based on factors like resource location, resource type, or whether a resource has a location. + - Required: No - Type: array - Default: `[]` @@ -167,6 +182,7 @@ The resource selector list to filter policies by resource properties. Facilitate ### Parameter: `roleDefinitionIds` The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. + - Required: No - Type: array - Default: `[]` @@ -174,6 +190,7 @@ The IDs Of the Azure Role Definition list that is used to assign permissions to ### Parameter: `subscriptionId` The Target Scope for the Policy. The subscription ID of the subscription for the policy assignment. If not provided, will use the current scope for deployment. + - Required: No - Type: string - Default: `[subscription().subscriptionId]` @@ -181,6 +198,7 @@ The Target Scope for the Policy. The subscription ID of the subscription for the ### Parameter: `userAssignedIdentityId` The Resource ID for the user assigned identity to assign to the policy assignment. + - Required: No - Type: string - Default: `''` diff --git a/modules/authorization/policy-assignment/subscription/README.md b/modules/authorization/policy-assignment/subscription/README.md index 112ba9f51f..3cdd823dd4 100644 --- a/modules/authorization/policy-assignment/subscription/README.md +++ b/modules/authorization/policy-assignment/subscription/README.md @@ -45,9 +45,24 @@ This module deploys a Policy Assignment at a Subscription scope. | [`subscriptionId`](#parameter-subscriptionid) | string | The Target Scope for the Policy. The subscription ID of the subscription for the policy assignment. If not provided, will use the current scope for deployment. | | [`userAssignedIdentityId`](#parameter-userassignedidentityid) | string | The Resource ID for the user assigned identity to assign to the policy assignment. | +### Parameter: `name` + +Specifies the name of the policy assignment. Maximum length is 64 characters for subscription scope. + +- Required: Yes +- Type: string + +### Parameter: `policyDefinitionId` + +Specifies the ID of the policy definition or policy set definition being assigned. + +- Required: Yes +- Type: string + ### Parameter: `description` This message will be part of response in case of policy violation. + - Required: No - Type: string - Default: `''` @@ -55,6 +70,7 @@ This message will be part of response in case of policy violation. ### Parameter: `displayName` The display name of the policy assignment. Maximum length is 128 characters. + - Required: No - Type: string - Default: `''` @@ -62,6 +78,7 @@ The display name of the policy assignment. Maximum length is 128 characters. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -69,6 +86,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `enforcementMode` The policy assignment enforcement mode. Possible values are Default and DoNotEnforce. - Default or DoNotEnforce. + - Required: No - Type: string - Default: `'Default'` @@ -83,6 +101,7 @@ The policy assignment enforcement mode. Possible values are Default and DoNotEnf ### Parameter: `identity` The managed identity associated with the policy assignment. Policy assignments must include a resource identity when assigning 'Modify' policy definitions. + - Required: No - Type: string - Default: `'SystemAssigned'` @@ -98,6 +117,7 @@ The managed identity associated with the policy assignment. Policy assignments m ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[deployment().location]` @@ -105,19 +125,15 @@ Location for all resources. ### Parameter: `metadata` The policy assignment metadata. Metadata is an open ended object and is typically a collection of key-value pairs. + - Required: No - Type: object - Default: `{}` -### Parameter: `name` - -Specifies the name of the policy assignment. Maximum length is 64 characters for subscription scope. -- Required: Yes -- Type: string - ### Parameter: `nonComplianceMessages` The messages that describe why a resource is non-compliant with the policy. + - Required: No - Type: array - Default: `[]` @@ -125,6 +141,7 @@ The messages that describe why a resource is non-compliant with the policy. ### Parameter: `notScopes` The policy excluded scopes. + - Required: No - Type: array - Default: `[]` @@ -132,6 +149,7 @@ The policy excluded scopes. ### Parameter: `overrides` The policy property value override. Allows changing the effect of a policy definition without modifying the underlying policy definition or using a parameterized effect in the policy definition. + - Required: No - Type: array - Default: `[]` @@ -139,19 +157,15 @@ The policy property value override. Allows changing the effect of a policy defin ### Parameter: `parameters` Parameters for the policy assignment if needed. + - Required: No - Type: object - Default: `{}` -### Parameter: `policyDefinitionId` - -Specifies the ID of the policy definition or policy set definition being assigned. -- Required: Yes -- Type: string - ### Parameter: `resourceSelectors` The resource selector list to filter policies by resource properties. Facilitates safe deployment practices (SDP) by enabling gradual roll out policy assignments based on factors like resource location, resource type, or whether a resource has a location. + - Required: No - Type: array - Default: `[]` @@ -159,6 +173,7 @@ The resource selector list to filter policies by resource properties. Facilitate ### Parameter: `roleDefinitionIds` The IDs Of the Azure Role Definition list that is used to assign permissions to the identity. You need to provide either the fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'.. See https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles for the list IDs for built-in Roles. They must match on what is on the policy definition. + - Required: No - Type: array - Default: `[]` @@ -166,6 +181,7 @@ The IDs Of the Azure Role Definition list that is used to assign permissions to ### Parameter: `subscriptionId` The Target Scope for the Policy. The subscription ID of the subscription for the policy assignment. If not provided, will use the current scope for deployment. + - Required: No - Type: string - Default: `[subscription().subscriptionId]` @@ -173,6 +189,7 @@ The Target Scope for the Policy. The subscription ID of the subscription for the ### Parameter: `userAssignedIdentityId` The Resource ID for the user assigned identity to assign to the policy assignment. + - Required: No - Type: string - Default: `''` diff --git a/modules/authorization/policy-definition/README.md b/modules/authorization/policy-definition/README.md index ed1607f680..4e0ff7369a 100644 --- a/modules/authorization/policy-definition/README.md +++ b/modules/authorization/policy-definition/README.md @@ -550,9 +550,24 @@ module policyDefinition 'br:bicep/modules/authorization.policy-definition:1.0.0' | [`parameters`](#parameter-parameters) | object | The policy definition parameters that can be used in policy definition references. | | [`subscriptionId`](#parameter-subscriptionid) | string | The subscription ID of the subscription (Scope). Cannot be used with managementGroupId. | +### Parameter: `name` + +Specifies the name of the policy definition. Maximum length is 64 characters for management group scope and subscription scope. + +- Required: Yes +- Type: string + +### Parameter: `policyRule` + +The Policy Rule details for the Policy Definition. + +- Required: Yes +- Type: object + ### Parameter: `description` The policy definition description. + - Required: No - Type: string - Default: `''` @@ -560,6 +575,7 @@ The policy definition description. ### Parameter: `displayName` The display name of the policy definition. Maximum length is 128 characters. + - Required: No - Type: string - Default: `''` @@ -567,6 +583,7 @@ The display name of the policy definition. Maximum length is 128 characters. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -574,6 +591,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` Location deployment metadata. + - Required: No - Type: string - Default: `[deployment().location]` @@ -581,6 +599,7 @@ Location deployment metadata. ### Parameter: `managementGroupId` The group ID of the Management Group (Scope). If not provided, will use the current scope for deployment. + - Required: No - Type: string - Default: `[managementGroup().name]` @@ -588,6 +607,7 @@ The group ID of the Management Group (Scope). If not provided, will use the curr ### Parameter: `metadata` The policy Definition metadata. Metadata is an open ended object and is typically a collection of key-value pairs. + - Required: No - Type: object - Default: `{}` @@ -595,6 +615,7 @@ The policy Definition metadata. Metadata is an open ended object and is typicall ### Parameter: `mode` The policy definition mode. Default is All, Some examples are All, Indexed, Microsoft.KeyVault.Data. + - Required: No - Type: string - Default: `'All'` @@ -610,28 +631,18 @@ The policy definition mode. Default is All, Some examples are All, Indexed, Micr ] ``` -### Parameter: `name` - -Specifies the name of the policy definition. Maximum length is 64 characters for management group scope and subscription scope. -- Required: Yes -- Type: string - ### Parameter: `parameters` The policy definition parameters that can be used in policy definition references. + - Required: No - Type: object - Default: `{}` -### Parameter: `policyRule` - -The Policy Rule details for the Policy Definition. -- Required: Yes -- Type: object - ### Parameter: `subscriptionId` The subscription ID of the subscription (Scope). Cannot be used with managementGroupId. + - Required: No - Type: string - Default: `''` diff --git a/modules/authorization/policy-definition/management-group/README.md b/modules/authorization/policy-definition/management-group/README.md index 63cfc770a2..610d78baf7 100644 --- a/modules/authorization/policy-definition/management-group/README.md +++ b/modules/authorization/policy-definition/management-group/README.md @@ -36,9 +36,24 @@ This module deploys a Policy Definition at a Management Group scope. | [`mode`](#parameter-mode) | string | The policy definition mode. Default is All, Some examples are All, Indexed, Microsoft.KeyVault.Data. | | [`parameters`](#parameter-parameters) | object | The policy definition parameters that can be used in policy definition references. | +### Parameter: `name` + +Specifies the name of the policy definition. Maximum length is 64 characters. + +- Required: Yes +- Type: string + +### Parameter: `policyRule` + +The Policy Rule details for the Policy Definition. + +- Required: Yes +- Type: object + ### Parameter: `description` The policy definition description. + - Required: No - Type: string - Default: `''` @@ -46,6 +61,7 @@ The policy definition description. ### Parameter: `displayName` The display name of the policy definition. Maximum length is 128 characters. + - Required: No - Type: string - Default: `''` @@ -53,6 +69,7 @@ The display name of the policy definition. Maximum length is 128 characters. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -60,6 +77,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` Location deployment metadata. + - Required: No - Type: string - Default: `[deployment().location]` @@ -67,6 +85,7 @@ Location deployment metadata. ### Parameter: `metadata` The policy Definition metadata. Metadata is an open ended object and is typically a collection of key-value pairs. + - Required: No - Type: object - Default: `{}` @@ -74,6 +93,7 @@ The policy Definition metadata. Metadata is an open ended object and is typicall ### Parameter: `mode` The policy definition mode. Default is All, Some examples are All, Indexed, Microsoft.KeyVault.Data. + - Required: No - Type: string - Default: `'All'` @@ -89,25 +109,14 @@ The policy definition mode. Default is All, Some examples are All, Indexed, Micr ] ``` -### Parameter: `name` - -Specifies the name of the policy definition. Maximum length is 64 characters. -- Required: Yes -- Type: string - ### Parameter: `parameters` The policy definition parameters that can be used in policy definition references. + - Required: No - Type: object - Default: `{}` -### Parameter: `policyRule` - -The Policy Rule details for the Policy Definition. -- Required: Yes -- Type: object - ## Outputs diff --git a/modules/authorization/policy-definition/subscription/README.md b/modules/authorization/policy-definition/subscription/README.md index c7e4f1a2de..6de136d33a 100644 --- a/modules/authorization/policy-definition/subscription/README.md +++ b/modules/authorization/policy-definition/subscription/README.md @@ -36,9 +36,24 @@ This module deploys a Policy Definition at a Subscription scope. | [`mode`](#parameter-mode) | string | The policy definition mode. Default is All, Some examples are All, Indexed, Microsoft.KeyVault.Data. | | [`parameters`](#parameter-parameters) | object | The policy definition parameters that can be used in policy definition references. | +### Parameter: `name` + +Specifies the name of the policy definition. Maximum length is 64 characters. + +- Required: Yes +- Type: string + +### Parameter: `policyRule` + +The Policy Rule details for the Policy Definition. + +- Required: Yes +- Type: object + ### Parameter: `description` The policy definition description. + - Required: No - Type: string - Default: `''` @@ -46,6 +61,7 @@ The policy definition description. ### Parameter: `displayName` The display name of the policy definition. Maximum length is 128 characters. + - Required: No - Type: string - Default: `''` @@ -53,6 +69,7 @@ The display name of the policy definition. Maximum length is 128 characters. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -60,6 +77,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` Location deployment metadata. + - Required: No - Type: string - Default: `[deployment().location]` @@ -67,6 +85,7 @@ Location deployment metadata. ### Parameter: `metadata` The policy Definition metadata. Metadata is an open ended object and is typically a collection of key-value pairs. + - Required: No - Type: object - Default: `{}` @@ -74,6 +93,7 @@ The policy Definition metadata. Metadata is an open ended object and is typicall ### Parameter: `mode` The policy definition mode. Default is All, Some examples are All, Indexed, Microsoft.KeyVault.Data. + - Required: No - Type: string - Default: `'All'` @@ -89,25 +109,14 @@ The policy definition mode. Default is All, Some examples are All, Indexed, Micr ] ``` -### Parameter: `name` - -Specifies the name of the policy definition. Maximum length is 64 characters. -- Required: Yes -- Type: string - ### Parameter: `parameters` The policy definition parameters that can be used in policy definition references. + - Required: No - Type: object - Default: `{}` -### Parameter: `policyRule` - -The Policy Rule details for the Policy Definition. -- Required: Yes -- Type: object - ## Outputs diff --git a/modules/authorization/policy-exemption/README.md b/modules/authorization/policy-exemption/README.md index 826ca7aacc..365732cdd7 100644 --- a/modules/authorization/policy-exemption/README.md +++ b/modules/authorization/policy-exemption/README.md @@ -546,9 +546,24 @@ module policyExemption 'br:bicep/modules/authorization.policy-exemption:1.0.0' = | [`resourceSelectors`](#parameter-resourceselectors) | array | The resource selector list to filter policies by resource properties. | | [`subscriptionId`](#parameter-subscriptionid) | string | The subscription ID of the subscription to be exempted from the policy assignment. Cannot use with management group ID parameter. | +### Parameter: `name` + +Specifies the name of the policy exemption. Maximum length is 64 characters for management group, subscription and resource group scopes. + +- Required: Yes +- Type: string + +### Parameter: `policyAssignmentId` + +The resource ID of the policy assignment that is being exempted. + +- Required: Yes +- Type: string + ### Parameter: `assignmentScopeValidation` The option whether validate the exemption is at or under the assignment scope. + - Required: No - Type: string - Default: `''` @@ -564,6 +579,7 @@ The option whether validate the exemption is at or under the assignment scope. ### Parameter: `description` The description of the policy exemption. + - Required: No - Type: string - Default: `''` @@ -571,6 +587,7 @@ The description of the policy exemption. ### Parameter: `displayName` The display name of the policy exemption. Maximum length is 128 characters. + - Required: No - Type: string - Default: `''` @@ -578,6 +595,7 @@ The display name of the policy exemption. Maximum length is 128 characters. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -585,6 +603,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `exemptionCategory` The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated. + - Required: No - Type: string - Default: `'Mitigated'` @@ -599,6 +618,7 @@ The policy exemption category. Possible values are Waiver and Mitigated. Default ### Parameter: `expiresOn` The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z. + - Required: No - Type: string - Default: `''` @@ -606,6 +626,7 @@ The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of th ### Parameter: `location` Location deployment metadata. + - Required: No - Type: string - Default: `[deployment().location]` @@ -613,6 +634,7 @@ Location deployment metadata. ### Parameter: `managementGroupId` The group ID of the management group to be exempted from the policy assignment. If not provided, will use the current scope for deployment. + - Required: No - Type: string - Default: `[managementGroup().name]` @@ -620,25 +642,15 @@ The group ID of the management group to be exempted from the policy assignment. ### Parameter: `metadata` The policy exemption metadata. Metadata is an open ended object and is typically a collection of key-value pairs. + - Required: No - Type: object - Default: `{}` -### Parameter: `name` - -Specifies the name of the policy exemption. Maximum length is 64 characters for management group, subscription and resource group scopes. -- Required: Yes -- Type: string - -### Parameter: `policyAssignmentId` - -The resource ID of the policy assignment that is being exempted. -- Required: Yes -- Type: string - ### Parameter: `policyDefinitionReferenceIds` The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. + - Required: No - Type: array - Default: `[]` @@ -646,6 +658,7 @@ The policy definition reference ID list when the associated policy assignment is ### Parameter: `resourceGroupName` The name of the resource group to be exempted from the policy assignment. Must also use the subscription ID parameter. + - Required: No - Type: string - Default: `''` @@ -653,6 +666,7 @@ The name of the resource group to be exempted from the policy assignment. Must a ### Parameter: `resourceSelectors` The resource selector list to filter policies by resource properties. + - Required: No - Type: array - Default: `[]` @@ -660,6 +674,7 @@ The resource selector list to filter policies by resource properties. ### Parameter: `subscriptionId` The subscription ID of the subscription to be exempted from the policy assignment. Cannot use with management group ID parameter. + - Required: No - Type: string - Default: `''` diff --git a/modules/authorization/policy-exemption/management-group/README.md b/modules/authorization/policy-exemption/management-group/README.md index b244cc53ba..303d90d848 100644 --- a/modules/authorization/policy-exemption/management-group/README.md +++ b/modules/authorization/policy-exemption/management-group/README.md @@ -39,9 +39,24 @@ This module deploys a Policy Exemption at a Management Group scope. | [`policyDefinitionReferenceIds`](#parameter-policydefinitionreferenceids) | array | The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. | | [`resourceSelectors`](#parameter-resourceselectors) | array | The resource selector list to filter policies by resource properties. | +### Parameter: `name` + +Specifies the name of the policy exemption. Maximum length is 64 characters for management group scope. + +- Required: Yes +- Type: string + +### Parameter: `policyAssignmentId` + +The resource ID of the policy assignment that is being exempted. + +- Required: Yes +- Type: string + ### Parameter: `assignmentScopeValidation` The option whether validate the exemption is at or under the assignment scope. + - Required: No - Type: string - Default: `''` @@ -57,6 +72,7 @@ The option whether validate the exemption is at or under the assignment scope. ### Parameter: `description` The description of the policy exemption. + - Required: No - Type: string - Default: `''` @@ -64,6 +80,7 @@ The description of the policy exemption. ### Parameter: `displayName` The display name of the policy assignment. Maximum length is 128 characters. + - Required: No - Type: string - Default: `''` @@ -71,6 +88,7 @@ The display name of the policy assignment. Maximum length is 128 characters. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -78,6 +96,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `exemptionCategory` The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated. + - Required: No - Type: string - Default: `'Mitigated'` @@ -92,6 +111,7 @@ The policy exemption category. Possible values are Waiver and Mitigated. Default ### Parameter: `expiresOn` The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z. + - Required: No - Type: string - Default: `''` @@ -99,6 +119,7 @@ The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of th ### Parameter: `location` Location deployment metadata. + - Required: No - Type: string - Default: `[deployment().location]` @@ -106,25 +127,15 @@ Location deployment metadata. ### Parameter: `metadata` The policy exemption metadata. Metadata is an open ended object and is typically a collection of key-value pairs. + - Required: No - Type: object - Default: `{}` -### Parameter: `name` - -Specifies the name of the policy exemption. Maximum length is 64 characters for management group scope. -- Required: Yes -- Type: string - -### Parameter: `policyAssignmentId` - -The resource ID of the policy assignment that is being exempted. -- Required: Yes -- Type: string - ### Parameter: `policyDefinitionReferenceIds` The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. + - Required: No - Type: array - Default: `[]` @@ -132,6 +143,7 @@ The policy definition reference ID list when the associated policy assignment is ### Parameter: `resourceSelectors` The resource selector list to filter policies by resource properties. + - Required: No - Type: array - Default: `[]` diff --git a/modules/authorization/policy-exemption/resource-group/README.md b/modules/authorization/policy-exemption/resource-group/README.md index 96f7a76d2a..0db23d6178 100644 --- a/modules/authorization/policy-exemption/resource-group/README.md +++ b/modules/authorization/policy-exemption/resource-group/README.md @@ -38,9 +38,24 @@ This module deploys a Policy Exemption at a Resource Group scope. | [`policyDefinitionReferenceIds`](#parameter-policydefinitionreferenceids) | array | The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. | | [`resourceSelectors`](#parameter-resourceselectors) | array | The resource selector list to filter policies by resource properties. | +### Parameter: `name` + +Specifies the name of the policy exemption. Maximum length is 64 characters for resource group scope. + +- Required: Yes +- Type: string + +### Parameter: `policyAssignmentId` + +The resource ID of the policy assignment that is being exempted. + +- Required: Yes +- Type: string + ### Parameter: `assignmentScopeValidation` The option whether validate the exemption is at or under the assignment scope. + - Required: No - Type: string - Default: `''` @@ -56,6 +71,7 @@ The option whether validate the exemption is at or under the assignment scope. ### Parameter: `description` The description of the policy exemption. + - Required: No - Type: string - Default: `''` @@ -63,6 +79,7 @@ The description of the policy exemption. ### Parameter: `displayName` The display name of the policy exemption. Maximum length is 128 characters. + - Required: No - Type: string - Default: `''` @@ -70,6 +87,7 @@ The display name of the policy exemption. Maximum length is 128 characters. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -77,6 +95,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `exemptionCategory` The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated. + - Required: No - Type: string - Default: `'Mitigated'` @@ -91,6 +110,7 @@ The policy exemption category. Possible values are Waiver and Mitigated. Default ### Parameter: `expiresOn` The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z. + - Required: No - Type: string - Default: `''` @@ -98,25 +118,15 @@ The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of th ### Parameter: `metadata` The policy exemption metadata. Metadata is an open ended object and is typically a collection of key-value pairs. + - Required: No - Type: object - Default: `{}` -### Parameter: `name` - -Specifies the name of the policy exemption. Maximum length is 64 characters for resource group scope. -- Required: Yes -- Type: string - -### Parameter: `policyAssignmentId` - -The resource ID of the policy assignment that is being exempted. -- Required: Yes -- Type: string - ### Parameter: `policyDefinitionReferenceIds` The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. + - Required: No - Type: array - Default: `[]` @@ -124,6 +134,7 @@ The policy definition reference ID list when the associated policy assignment is ### Parameter: `resourceSelectors` The resource selector list to filter policies by resource properties. + - Required: No - Type: array - Default: `[]` diff --git a/modules/authorization/policy-exemption/subscription/README.md b/modules/authorization/policy-exemption/subscription/README.md index 7b9995a326..3240cff663 100644 --- a/modules/authorization/policy-exemption/subscription/README.md +++ b/modules/authorization/policy-exemption/subscription/README.md @@ -39,9 +39,24 @@ This module deploys a Policy Exemption at a Subscription scope. | [`policyDefinitionReferenceIds`](#parameter-policydefinitionreferenceids) | array | The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. | | [`resourceSelectors`](#parameter-resourceselectors) | array | The resource selector list to filter policies by resource properties. | +### Parameter: `name` + +Specifies the name of the policy exemption. Maximum length is 64 characters for subscription scope. + +- Required: Yes +- Type: string + +### Parameter: `policyAssignmentId` + +The resource ID of the policy assignment that is being exempted. + +- Required: Yes +- Type: string + ### Parameter: `assignmentScopeValidation` The option whether validate the exemption is at or under the assignment scope. + - Required: No - Type: string - Default: `''` @@ -57,6 +72,7 @@ The option whether validate the exemption is at or under the assignment scope. ### Parameter: `description` The description of the policy exemption. + - Required: No - Type: string - Default: `''` @@ -64,6 +80,7 @@ The description of the policy exemption. ### Parameter: `displayName` The display name of the policy exemption. Maximum length is 128 characters. + - Required: No - Type: string - Default: `''` @@ -71,6 +88,7 @@ The display name of the policy exemption. Maximum length is 128 characters. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -78,6 +96,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `exemptionCategory` The policy exemption category. Possible values are Waiver and Mitigated. Default is Mitigated. + - Required: No - Type: string - Default: `'Mitigated'` @@ -92,6 +111,7 @@ The policy exemption category. Possible values are Waiver and Mitigated. Default ### Parameter: `expiresOn` The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of the policy exemption. e.g. 2021-10-02T03:57:00.000Z. + - Required: No - Type: string - Default: `''` @@ -99,6 +119,7 @@ The expiration date and time (in UTC ISO 8601 format yyyy-MM-ddTHH:mm:ssZ) of th ### Parameter: `location` Location deployment metadata. + - Required: No - Type: string - Default: `[deployment().location]` @@ -106,25 +127,15 @@ Location deployment metadata. ### Parameter: `metadata` The policy exemption metadata. Metadata is an open ended object and is typically a collection of key-value pairs. + - Required: No - Type: object - Default: `{}` -### Parameter: `name` - -Specifies the name of the policy exemption. Maximum length is 64 characters for subscription scope. -- Required: Yes -- Type: string - -### Parameter: `policyAssignmentId` - -The resource ID of the policy assignment that is being exempted. -- Required: Yes -- Type: string - ### Parameter: `policyDefinitionReferenceIds` The policy definition reference ID list when the associated policy assignment is an assignment of a policy set definition. + - Required: No - Type: array - Default: `[]` @@ -132,6 +143,7 @@ The policy definition reference ID list when the associated policy assignment is ### Parameter: `resourceSelectors` The resource selector list to filter policies by resource properties. + - Required: No - Type: array - Default: `[]` diff --git a/modules/authorization/policy-set-definition/README.md b/modules/authorization/policy-set-definition/README.md index ea439e2b56..7cca9b5479 100644 --- a/modules/authorization/policy-set-definition/README.md +++ b/modules/authorization/policy-set-definition/README.md @@ -482,9 +482,24 @@ module policySetDefinition 'br:bicep/modules/authorization.policy-set-definition | [`policyDefinitionGroups`](#parameter-policydefinitiongroups) | array | The metadata describing groups of policy definition references within the Policy Set Definition (Initiative). | | [`subscriptionId`](#parameter-subscriptionid) | string | The subscription ID of the subscription (Scope). Cannot be used with managementGroupId. | +### Parameter: `name` + +Specifies the name of the policy Set Definition (Initiative). + +- Required: Yes +- Type: string + +### Parameter: `policyDefinitions` + +The array of Policy definitions object to include for this policy set. Each object must include the Policy definition ID, and optionally other properties like parameters. + +- Required: Yes +- Type: array + ### Parameter: `description` The description name of the Set Definition (Initiative). + - Required: No - Type: string - Default: `''` @@ -492,6 +507,7 @@ The description name of the Set Definition (Initiative). ### Parameter: `displayName` The display name of the Set Definition (Initiative). Maximum length is 128 characters. + - Required: No - Type: string - Default: `''` @@ -499,6 +515,7 @@ The display name of the Set Definition (Initiative). Maximum length is 128 chara ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -506,6 +523,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` Location deployment metadata. + - Required: No - Type: string - Default: `[deployment().location]` @@ -513,6 +531,7 @@ Location deployment metadata. ### Parameter: `managementGroupId` The group ID of the Management Group (Scope). If not provided, will use the current scope for deployment. + - Required: No - Type: string - Default: `[managementGroup().name]` @@ -520,19 +539,15 @@ The group ID of the Management Group (Scope). If not provided, will use the curr ### Parameter: `metadata` The Set Definition (Initiative) metadata. Metadata is an open ended object and is typically a collection of key-value pairs. + - Required: No - Type: object - Default: `{}` -### Parameter: `name` - -Specifies the name of the policy Set Definition (Initiative). -- Required: Yes -- Type: string - ### Parameter: `parameters` The Set Definition (Initiative) parameters that can be used in policy definition references. + - Required: No - Type: object - Default: `{}` @@ -540,19 +555,15 @@ The Set Definition (Initiative) parameters that can be used in policy definition ### Parameter: `policyDefinitionGroups` The metadata describing groups of policy definition references within the Policy Set Definition (Initiative). + - Required: No - Type: array - Default: `[]` -### Parameter: `policyDefinitions` - -The array of Policy definitions object to include for this policy set. Each object must include the Policy definition ID, and optionally other properties like parameters. -- Required: Yes -- Type: array - ### Parameter: `subscriptionId` The subscription ID of the subscription (Scope). Cannot be used with managementGroupId. + - Required: No - Type: string - Default: `''` diff --git a/modules/authorization/policy-set-definition/management-group/README.md b/modules/authorization/policy-set-definition/management-group/README.md index bc32aac337..b34845fcab 100644 --- a/modules/authorization/policy-set-definition/management-group/README.md +++ b/modules/authorization/policy-set-definition/management-group/README.md @@ -36,9 +36,24 @@ This module deploys a Policy Set Definition (Initiative) at a Management Group s | [`parameters`](#parameter-parameters) | object | The Set Definition (Initiative) parameters that can be used in policy definition references. | | [`policyDefinitionGroups`](#parameter-policydefinitiongroups) | array | The metadata describing groups of policy definition references within the Policy Set Definition (Initiative). | +### Parameter: `name` + +Specifies the name of the policy Set Definition (Initiative). + +- Required: Yes +- Type: string + +### Parameter: `policyDefinitions` + +The array of Policy definitions object to include for this policy set. Each object must include the Policy definition ID, and optionally other properties like parameters. + +- Required: Yes +- Type: array + ### Parameter: `description` The description name of the Set Definition (Initiative). + - Required: No - Type: string - Default: `''` @@ -46,6 +61,7 @@ The description name of the Set Definition (Initiative). ### Parameter: `displayName` The display name of the Set Definition (Initiative). Maximum length is 128 characters. + - Required: No - Type: string - Default: `''` @@ -53,6 +69,7 @@ The display name of the Set Definition (Initiative). Maximum length is 128 chara ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -60,6 +77,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` Location deployment metadata. + - Required: No - Type: string - Default: `[deployment().location]` @@ -67,19 +85,15 @@ Location deployment metadata. ### Parameter: `metadata` The Set Definition (Initiative) metadata. Metadata is an open ended object and is typically a collection of key-value pairs. + - Required: No - Type: object - Default: `{}` -### Parameter: `name` - -Specifies the name of the policy Set Definition (Initiative). -- Required: Yes -- Type: string - ### Parameter: `parameters` The Set Definition (Initiative) parameters that can be used in policy definition references. + - Required: No - Type: object - Default: `{}` @@ -87,16 +101,11 @@ The Set Definition (Initiative) parameters that can be used in policy definition ### Parameter: `policyDefinitionGroups` The metadata describing groups of policy definition references within the Policy Set Definition (Initiative). + - Required: No - Type: array - Default: `[]` -### Parameter: `policyDefinitions` - -The array of Policy definitions object to include for this policy set. Each object must include the Policy definition ID, and optionally other properties like parameters. -- Required: Yes -- Type: array - ## Outputs diff --git a/modules/authorization/policy-set-definition/subscription/README.md b/modules/authorization/policy-set-definition/subscription/README.md index 61c950bffb..1b567eeea5 100644 --- a/modules/authorization/policy-set-definition/subscription/README.md +++ b/modules/authorization/policy-set-definition/subscription/README.md @@ -36,9 +36,24 @@ This module deploys a Policy Set Definition (Initiative) at a Subscription scope | [`parameters`](#parameter-parameters) | object | The Set Definition (Initiative) parameters that can be used in policy definition references. | | [`policyDefinitionGroups`](#parameter-policydefinitiongroups) | array | The metadata describing groups of policy definition references within the Policy Set Definition (Initiative). | +### Parameter: `name` + +Specifies the name of the policy Set Definition (Initiative). Maximum length is 64 characters for subscription scope. + +- Required: Yes +- Type: string + +### Parameter: `policyDefinitions` + +The array of Policy definitions object to include for this policy set. Each object must include the Policy definition ID, and optionally other properties like parameters. + +- Required: Yes +- Type: array + ### Parameter: `description` The description name of the Set Definition (Initiative). + - Required: No - Type: string - Default: `''` @@ -46,6 +61,7 @@ The description name of the Set Definition (Initiative). ### Parameter: `displayName` The display name of the Set Definition (Initiative). Maximum length is 128 characters. + - Required: No - Type: string - Default: `''` @@ -53,6 +69,7 @@ The display name of the Set Definition (Initiative). Maximum length is 128 chara ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -60,6 +77,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` Location deployment metadata. + - Required: No - Type: string - Default: `[deployment().location]` @@ -67,19 +85,15 @@ Location deployment metadata. ### Parameter: `metadata` The Set Definition (Initiative) metadata. Metadata is an open ended object and is typically a collection of key-value pairs. + - Required: No - Type: object - Default: `{}` -### Parameter: `name` - -Specifies the name of the policy Set Definition (Initiative). Maximum length is 64 characters for subscription scope. -- Required: Yes -- Type: string - ### Parameter: `parameters` The Set Definition (Initiative) parameters that can be used in policy definition references. + - Required: No - Type: object - Default: `{}` @@ -87,16 +101,11 @@ The Set Definition (Initiative) parameters that can be used in policy definition ### Parameter: `policyDefinitionGroups` The metadata describing groups of policy definition references within the Policy Set Definition (Initiative). + - Required: No - Type: array - Default: `[]` -### Parameter: `policyDefinitions` - -The array of Policy definitions object to include for this policy set. Each object must include the Policy definition ID, and optionally other properties like parameters. -- Required: Yes -- Type: array - ## Outputs diff --git a/modules/authorization/role-assignment/README.md b/modules/authorization/role-assignment/README.md index f8980b222d..f71f9cf46a 100644 --- a/modules/authorization/role-assignment/README.md +++ b/modules/authorization/role-assignment/README.md @@ -415,9 +415,24 @@ module roleAssignment 'br:bicep/modules/authorization.role-assignment:1.0.0' = { | [`resourceGroupName`](#parameter-resourcegroupname) | string | Name of the Resource Group to assign the RBAC role to. If Resource Group name is provided, and Subscription ID is provided, the module deploys at resource group level, therefore assigns the provided RBAC role to the resource group. | | [`subscriptionId`](#parameter-subscriptionid) | string | Subscription ID of the subscription to assign the RBAC role to. If no Resource Group name is provided, the module deploys at subscription level, therefore assigns the provided RBAC role to the subscription. | +### Parameter: `principalId` + +The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity). + +- Required: Yes +- Type: string + +### Parameter: `roleDefinitionIdOrName` + +You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + +- Required: Yes +- Type: string + ### Parameter: `condition` The conditions on the role assignment. This limits the resources it can be assigned to. + - Required: No - Type: string - Default: `''` @@ -425,6 +440,7 @@ The conditions on the role assignment. This limits the resources it can be assig ### Parameter: `conditionVersion` Version of the condition. Currently accepted value is "2.0". + - Required: No - Type: string - Default: `'2.0'` @@ -438,6 +454,7 @@ Version of the condition. Currently accepted value is "2.0". ### Parameter: `delegatedManagedIdentityResourceId` ID of the delegated managed identity resource. + - Required: No - Type: string - Default: `''` @@ -445,6 +462,7 @@ ID of the delegated managed identity resource. ### Parameter: `description` The description of the role assignment. + - Required: No - Type: string - Default: `''` @@ -452,6 +470,7 @@ The description of the role assignment. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -459,6 +478,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` Location deployment metadata. + - Required: No - Type: string - Default: `[deployment().location]` @@ -466,19 +486,15 @@ Location deployment metadata. ### Parameter: `managementGroupId` Group ID of the Management Group to assign the RBAC role to. If not provided, will use the current scope for deployment. + - Required: No - Type: string - Default: `[managementGroup().name]` -### Parameter: `principalId` - -The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity). -- Required: Yes -- Type: string - ### Parameter: `principalType` The principal type of the assigned principal ID. + - Required: No - Type: string - Default: `''` @@ -497,19 +513,15 @@ The principal type of the assigned principal ID. ### Parameter: `resourceGroupName` Name of the Resource Group to assign the RBAC role to. If Resource Group name is provided, and Subscription ID is provided, the module deploys at resource group level, therefore assigns the provided RBAC role to the resource group. + - Required: No - Type: string - Default: `''` -### Parameter: `roleDefinitionIdOrName` - -You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: Yes -- Type: string - ### Parameter: `subscriptionId` Subscription ID of the subscription to assign the RBAC role to. If no Resource Group name is provided, the module deploys at subscription level, therefore assigns the provided RBAC role to the subscription. + - Required: No - Type: string - Default: `''` diff --git a/modules/authorization/role-assignment/management-group/README.md b/modules/authorization/role-assignment/management-group/README.md index 07603f6817..e021e05271 100644 --- a/modules/authorization/role-assignment/management-group/README.md +++ b/modules/authorization/role-assignment/management-group/README.md @@ -37,9 +37,24 @@ This module deploys a Role Assignment at a Management Group scope. | [`managementGroupId`](#parameter-managementgroupid) | string | Group ID of the Management Group to assign the RBAC role to. If not provided, will use the current scope for deployment. | | [`principalType`](#parameter-principaltype) | string | The principal type of the assigned principal ID. | +### Parameter: `principalId` + +The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity). + +- Required: Yes +- Type: string + +### Parameter: `roleDefinitionIdOrName` + +You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + +- Required: Yes +- Type: string + ### Parameter: `condition` The conditions on the role assignment. This limits the resources it can be assigned to. + - Required: No - Type: string - Default: `''` @@ -47,6 +62,7 @@ The conditions on the role assignment. This limits the resources it can be assig ### Parameter: `conditionVersion` Version of the condition. Currently accepted value is "2.0". + - Required: No - Type: string - Default: `'2.0'` @@ -60,6 +76,7 @@ Version of the condition. Currently accepted value is "2.0". ### Parameter: `delegatedManagedIdentityResourceId` ID of the delegated managed identity resource. + - Required: No - Type: string - Default: `''` @@ -67,6 +84,7 @@ ID of the delegated managed identity resource. ### Parameter: `description` The description of the role assignment. + - Required: No - Type: string - Default: `''` @@ -74,6 +92,7 @@ The description of the role assignment. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -81,6 +100,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` Location deployment metadata. + - Required: No - Type: string - Default: `[deployment().location]` @@ -88,19 +108,15 @@ Location deployment metadata. ### Parameter: `managementGroupId` Group ID of the Management Group to assign the RBAC role to. If not provided, will use the current scope for deployment. + - Required: No - Type: string - Default: `[managementGroup().name]` -### Parameter: `principalId` - -The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity). -- Required: Yes -- Type: string - ### Parameter: `principalType` The principal type of the assigned principal ID. + - Required: No - Type: string - Default: `''` @@ -116,12 +132,6 @@ The principal type of the assigned principal ID. ] ``` -### Parameter: `roleDefinitionIdOrName` - -You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/authorization/role-assignment/resource-group/README.md b/modules/authorization/role-assignment/resource-group/README.md index 941feeb254..1a09562d67 100644 --- a/modules/authorization/role-assignment/resource-group/README.md +++ b/modules/authorization/role-assignment/resource-group/README.md @@ -37,9 +37,24 @@ This module deploys a Role Assignment at a Resource Group scope. | [`resourceGroupName`](#parameter-resourcegroupname) | string | Name of the Resource Group to assign the RBAC role to. If not provided, will use the current scope for deployment. | | [`subscriptionId`](#parameter-subscriptionid) | string | Subscription ID of the subscription to assign the RBAC role to. If not provided, will use the current scope for deployment. | +### Parameter: `principalId` + +The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity). + +- Required: Yes +- Type: string + +### Parameter: `roleDefinitionIdOrName` + +You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + +- Required: Yes +- Type: string + ### Parameter: `condition` The conditions on the role assignment. This limits the resources it can be assigned to. + - Required: No - Type: string - Default: `''` @@ -47,6 +62,7 @@ The conditions on the role assignment. This limits the resources it can be assig ### Parameter: `conditionVersion` Version of the condition. Currently accepted value is "2.0". + - Required: No - Type: string - Default: `'2.0'` @@ -60,6 +76,7 @@ Version of the condition. Currently accepted value is "2.0". ### Parameter: `delegatedManagedIdentityResourceId` ID of the delegated managed identity resource. + - Required: No - Type: string - Default: `''` @@ -67,6 +84,7 @@ ID of the delegated managed identity resource. ### Parameter: `description` The description of the role assignment. + - Required: No - Type: string - Default: `''` @@ -74,19 +92,15 @@ The description of the role assignment. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` -### Parameter: `principalId` - -The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity). -- Required: Yes -- Type: string - ### Parameter: `principalType` The principal type of the assigned principal ID. + - Required: No - Type: string - Default: `''` @@ -105,19 +119,15 @@ The principal type of the assigned principal ID. ### Parameter: `resourceGroupName` Name of the Resource Group to assign the RBAC role to. If not provided, will use the current scope for deployment. + - Required: No - Type: string - Default: `[resourceGroup().name]` -### Parameter: `roleDefinitionIdOrName` - -You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: Yes -- Type: string - ### Parameter: `subscriptionId` Subscription ID of the subscription to assign the RBAC role to. If not provided, will use the current scope for deployment. + - Required: No - Type: string - Default: `[subscription().subscriptionId]` diff --git a/modules/authorization/role-assignment/subscription/README.md b/modules/authorization/role-assignment/subscription/README.md index 04b004fd39..7f0b4ada16 100644 --- a/modules/authorization/role-assignment/subscription/README.md +++ b/modules/authorization/role-assignment/subscription/README.md @@ -37,9 +37,24 @@ This module deploys a Role Assignment at a Subscription scope. | [`principalType`](#parameter-principaltype) | string | The principal type of the assigned principal ID. | | [`subscriptionId`](#parameter-subscriptionid) | string | Subscription ID of the subscription to assign the RBAC role to. If not provided, will use the current scope for deployment. | +### Parameter: `principalId` + +The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity). + +- Required: Yes +- Type: string + +### Parameter: `roleDefinitionIdOrName` + +You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + +- Required: Yes +- Type: string + ### Parameter: `condition` The conditions on the role assignment. This limits the resources it can be assigned to. + - Required: No - Type: string - Default: `''` @@ -47,6 +62,7 @@ The conditions on the role assignment. This limits the resources it can be assig ### Parameter: `conditionVersion` Version of the condition. Currently accepted value is "2.0". + - Required: No - Type: string - Default: `'2.0'` @@ -60,6 +76,7 @@ Version of the condition. Currently accepted value is "2.0". ### Parameter: `delegatedManagedIdentityResourceId` ID of the delegated managed identity resource. + - Required: No - Type: string - Default: `''` @@ -67,6 +84,7 @@ ID of the delegated managed identity resource. ### Parameter: `description` The description of the role assignment. + - Required: No - Type: string - Default: `''` @@ -74,6 +92,7 @@ The description of the role assignment. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -81,19 +100,15 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` Location deployment metadata. + - Required: No - Type: string - Default: `[deployment().location]` -### Parameter: `principalId` - -The Principal or Object ID of the Security Principal (User, Group, Service Principal, Managed Identity). -- Required: Yes -- Type: string - ### Parameter: `principalType` The principal type of the assigned principal ID. + - Required: No - Type: string - Default: `''` @@ -109,15 +124,10 @@ The principal type of the assigned principal ID. ] ``` -### Parameter: `roleDefinitionIdOrName` - -You can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: Yes -- Type: string - ### Parameter: `subscriptionId` Subscription ID of the subscription to assign the RBAC role to. If not provided, will use the current scope for deployment. + - Required: No - Type: string - Default: `[subscription().subscriptionId]` diff --git a/modules/authorization/role-definition/README.md b/modules/authorization/role-definition/README.md index 0008ff66c4..626454d49c 100644 --- a/modules/authorization/role-definition/README.md +++ b/modules/authorization/role-definition/README.md @@ -495,9 +495,17 @@ module roleDefinition 'br:bicep/modules/authorization.role-definition:1.0.0' = { | [`resourceGroupName`](#parameter-resourcegroupname) | string | The name of the Resource Group where the Role Definition and Target Scope will be applied to. | | [`subscriptionId`](#parameter-subscriptionid) | string | The subscription ID where the Role Definition and Target Scope will be applied to. Use for both Subscription level and Resource Group Level. | +### Parameter: `roleName` + +Name of the custom RBAC role to be created. + +- Required: Yes +- Type: string + ### Parameter: `actions` List of allowed actions. + - Required: No - Type: array - Default: `[]` @@ -505,6 +513,7 @@ List of allowed actions. ### Parameter: `assignableScopes` Role definition assignable scopes. If not provided, will use the current scope provided. + - Required: No - Type: array - Default: `[]` @@ -512,6 +521,7 @@ Role definition assignable scopes. If not provided, will use the current scope p ### Parameter: `dataActions` List of allowed data actions. This is not supported if the assignableScopes contains Management Group Scopes. + - Required: No - Type: array - Default: `[]` @@ -519,6 +529,7 @@ List of allowed data actions. This is not supported if the assignableScopes cont ### Parameter: `description` Description of the custom RBAC role to be created. + - Required: No - Type: string - Default: `''` @@ -526,6 +537,7 @@ Description of the custom RBAC role to be created. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -533,6 +545,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` Location deployment metadata. + - Required: No - Type: string - Default: `[deployment().location]` @@ -540,6 +553,7 @@ Location deployment metadata. ### Parameter: `managementGroupId` The group ID of the Management Group where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. + - Required: No - Type: string - Default: `[managementGroup().name]` @@ -547,6 +561,7 @@ The group ID of the Management Group where the Role Definition and Target Scope ### Parameter: `notActions` List of denied actions. + - Required: No - Type: array - Default: `[]` @@ -554,6 +569,7 @@ List of denied actions. ### Parameter: `notDataActions` List of denied data actions. This is not supported if the assignableScopes contains Management Group Scopes. + - Required: No - Type: array - Default: `[]` @@ -561,19 +577,15 @@ List of denied data actions. This is not supported if the assignableScopes conta ### Parameter: `resourceGroupName` The name of the Resource Group where the Role Definition and Target Scope will be applied to. + - Required: No - Type: string - Default: `''` -### Parameter: `roleName` - -Name of the custom RBAC role to be created. -- Required: Yes -- Type: string - ### Parameter: `subscriptionId` The subscription ID where the Role Definition and Target Scope will be applied to. Use for both Subscription level and Resource Group Level. + - Required: No - Type: string - Default: `''` diff --git a/modules/authorization/role-definition/management-group/README.md b/modules/authorization/role-definition/management-group/README.md index e892466ced..0c9b29c7a5 100644 --- a/modules/authorization/role-definition/management-group/README.md +++ b/modules/authorization/role-definition/management-group/README.md @@ -35,9 +35,17 @@ This module deploys a Role Definition at a Management Group scope. | [`managementGroupId`](#parameter-managementgroupid) | string | The group ID of the Management Group where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. | | [`notActions`](#parameter-notactions) | array | List of denied actions. | +### Parameter: `roleName` + +Name of the custom RBAC role to be created. + +- Required: Yes +- Type: string + ### Parameter: `actions` List of allowed actions. + - Required: No - Type: array - Default: `[]` @@ -45,6 +53,7 @@ List of allowed actions. ### Parameter: `assignableScopes` Role definition assignable scopes. If not provided, will use the current scope provided. + - Required: No - Type: array - Default: `[]` @@ -52,6 +61,7 @@ Role definition assignable scopes. If not provided, will use the current scope p ### Parameter: `description` Description of the custom RBAC role to be created. + - Required: No - Type: string - Default: `''` @@ -59,6 +69,7 @@ Description of the custom RBAC role to be created. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -66,6 +77,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` Location deployment metadata. + - Required: No - Type: string - Default: `[deployment().location]` @@ -73,6 +85,7 @@ Location deployment metadata. ### Parameter: `managementGroupId` The group ID of the Management Group where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. + - Required: No - Type: string - Default: `[managementGroup().name]` @@ -80,16 +93,11 @@ The group ID of the Management Group where the Role Definition and Target Scope ### Parameter: `notActions` List of denied actions. + - Required: No - Type: array - Default: `[]` -### Parameter: `roleName` - -Name of the custom RBAC role to be created. -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/authorization/role-definition/resource-group/README.md b/modules/authorization/role-definition/resource-group/README.md index 1e5da9a0d7..f8a299f434 100644 --- a/modules/authorization/role-definition/resource-group/README.md +++ b/modules/authorization/role-definition/resource-group/README.md @@ -37,9 +37,17 @@ This module deploys a Role Definition at a Resource Group scope. | [`resourceGroupName`](#parameter-resourcegroupname) | string | The name of the Resource Group where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. | | [`subscriptionId`](#parameter-subscriptionid) | string | The subscription ID where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. | +### Parameter: `roleName` + +Name of the custom RBAC role to be created. + +- Required: Yes +- Type: string + ### Parameter: `actions` List of allowed actions. + - Required: No - Type: array - Default: `[]` @@ -47,6 +55,7 @@ List of allowed actions. ### Parameter: `assignableScopes` Role definition assignable scopes. If not provided, will use the current scope provided. + - Required: No - Type: array - Default: `[]` @@ -54,6 +63,7 @@ Role definition assignable scopes. If not provided, will use the current scope p ### Parameter: `dataActions` List of allowed data actions. This is not supported if the assignableScopes contains Management Group Scopes. + - Required: No - Type: array - Default: `[]` @@ -61,6 +71,7 @@ List of allowed data actions. This is not supported if the assignableScopes cont ### Parameter: `description` Description of the custom RBAC role to be created. + - Required: No - Type: string - Default: `''` @@ -68,6 +79,7 @@ Description of the custom RBAC role to be created. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -75,6 +87,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `notActions` List of denied actions. + - Required: No - Type: array - Default: `[]` @@ -82,6 +95,7 @@ List of denied actions. ### Parameter: `notDataActions` List of denied data actions. This is not supported if the assignableScopes contains Management Group Scopes. + - Required: No - Type: array - Default: `[]` @@ -89,19 +103,15 @@ List of denied data actions. This is not supported if the assignableScopes conta ### Parameter: `resourceGroupName` The name of the Resource Group where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. + - Required: No - Type: string - Default: `[resourceGroup().name]` -### Parameter: `roleName` - -Name of the custom RBAC role to be created. -- Required: Yes -- Type: string - ### Parameter: `subscriptionId` The subscription ID where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. + - Required: No - Type: string - Default: `[subscription().subscriptionId]` diff --git a/modules/authorization/role-definition/subscription/README.md b/modules/authorization/role-definition/subscription/README.md index e0f96a3894..5737fd2aff 100644 --- a/modules/authorization/role-definition/subscription/README.md +++ b/modules/authorization/role-definition/subscription/README.md @@ -37,9 +37,17 @@ This module deploys a Role Definition at a Subscription scope. | [`notDataActions`](#parameter-notdataactions) | array | List of denied data actions. This is not supported if the assignableScopes contains Management Group Scopes. | | [`subscriptionId`](#parameter-subscriptionid) | string | The subscription ID where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. | +### Parameter: `roleName` + +Name of the custom RBAC role to be created. + +- Required: Yes +- Type: string + ### Parameter: `actions` List of allowed actions. + - Required: No - Type: array - Default: `[]` @@ -47,6 +55,7 @@ List of allowed actions. ### Parameter: `assignableScopes` Role definition assignable scopes. If not provided, will use the current scope provided. + - Required: No - Type: array - Default: `[]` @@ -54,6 +63,7 @@ Role definition assignable scopes. If not provided, will use the current scope p ### Parameter: `dataActions` List of allowed data actions. This is not supported if the assignableScopes contains Management Group Scopes. + - Required: No - Type: array - Default: `[]` @@ -61,6 +71,7 @@ List of allowed data actions. This is not supported if the assignableScopes cont ### Parameter: `description` Description of the custom RBAC role to be created. + - Required: No - Type: string - Default: `''` @@ -68,6 +79,7 @@ Description of the custom RBAC role to be created. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -75,6 +87,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` Location deployment metadata. + - Required: No - Type: string - Default: `[deployment().location]` @@ -82,6 +95,7 @@ Location deployment metadata. ### Parameter: `notActions` List of denied actions. + - Required: No - Type: array - Default: `[]` @@ -89,19 +103,15 @@ List of denied actions. ### Parameter: `notDataActions` List of denied data actions. This is not supported if the assignableScopes contains Management Group Scopes. + - Required: No - Type: array - Default: `[]` -### Parameter: `roleName` - -Name of the custom RBAC role to be created. -- Required: Yes -- Type: string - ### Parameter: `subscriptionId` The subscription ID where the Role Definition and Target Scope will be applied to. If not provided, will use the current scope for deployment. + - Required: No - Type: string - Default: `[subscription().subscriptionId]` diff --git a/modules/automation/automation-account/README.md b/modules/automation/automation-account/README.md index fb894b62e8..c4be8ef65e 100644 --- a/modules/automation/automation-account/README.md +++ b/modules/automation/automation-account/README.md @@ -1109,44 +1109,58 @@ module automationAccount 'br:bicep/modules/automation.automation-account:1.0.0' | [`tags`](#parameter-tags) | object | Tags of the Automation Account resource. | | [`variables`](#parameter-variables) | array | List of variables to be created in the automation account. | +### Parameter: `name` + +Name of the Automation Account. + +- Required: Yes +- Type: string + ### Parameter: `customerManagedKey` The customer managed key definition. + - Required: No - Type: object +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`keyName`](#parameter-customermanagedkeykeyname) | string | The name of the customer managed key to use for encryption. | +| [`keyVaultResourceId`](#parameter-customermanagedkeykeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. | + +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`keyName`](#parameter-customermanagedkeykeyname) | Yes | string | Required. The name of the customer managed key to use for encryption. | -| [`keyVaultResourceId`](#parameter-customermanagedkeykeyvaultresourceid) | Yes | string | Required. The resource ID of a key vault to reference a customer managed key for encryption from. | -| [`keyVersion`](#parameter-customermanagedkeykeyversion) | No | string | Optional. The version of the customer managed key to reference for encryption. If not provided, using 'latest'. | -| [`userAssignedIdentityResourceId`](#parameter-customermanagedkeyuserassignedidentityresourceid) | No | string | Optional. User assigned identity to use when fetching the customer managed key. Required if no system assigned identity is available for use. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`keyVersion`](#parameter-customermanagedkeykeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, using 'latest'. | +| [`userAssignedIdentityResourceId`](#parameter-customermanagedkeyuserassignedidentityresourceid) | string | User assigned identity to use when fetching the customer managed key. Required if no system assigned identity is available for use. | ### Parameter: `customerManagedKey.keyName` -Required. The name of the customer managed key to use for encryption. +The name of the customer managed key to use for encryption. - Required: Yes - Type: string ### Parameter: `customerManagedKey.keyVaultResourceId` -Required. The resource ID of a key vault to reference a customer managed key for encryption from. +The resource ID of a key vault to reference a customer managed key for encryption from. - Required: Yes - Type: string ### Parameter: `customerManagedKey.keyVersion` -Optional. The version of the customer managed key to reference for encryption. If not provided, using 'latest'. +The version of the customer managed key to reference for encryption. If not provided, using 'latest'. - Required: No - Type: string ### Parameter: `customerManagedKey.userAssignedIdentityResourceId` -Optional. User assigned identity to use when fetching the customer managed key. Required if no system assigned identity is available for use. +User assigned identity to use when fetching the customer managed key. Required if no system assigned identity is available for use. - Required: No - Type: string @@ -1154,114 +1168,90 @@ Optional. User assigned identity to use when fetching the customer managed key. ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.metricCategories` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | - -### Parameter: `diagnosticSettings.metricCategories.category` - -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. - -- Required: Yes -- Type: string - - ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -1269,6 +1259,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `disableLocalAuth` Disable local authentication profile used within the resource. + - Required: No - Type: bool - Default: `True` @@ -1276,6 +1267,7 @@ Disable local authentication profile used within the resource. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -1283,6 +1275,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `gallerySolutions` List of gallerySolutions to be created in the linked log analytics workspace. + - Required: No - Type: array - Default: `[]` @@ -1290,6 +1283,7 @@ List of gallerySolutions to be created in the linked log analytics workspace. ### Parameter: `jobSchedules` List of jobSchedules to be created in the automation account. + - Required: No - Type: array - Default: `[]` @@ -1297,6 +1291,7 @@ List of jobSchedules to be created in the automation account. ### Parameter: `linkedWorkspaceResourceId` ID of the log analytics workspace to be linked to the deployed automation account. + - Required: No - Type: string - Default: `''` @@ -1304,6 +1299,7 @@ ID of the log analytics workspace to be linked to the deployed automation accoun ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -1311,26 +1307,35 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -1338,25 +1343,27 @@ Optional. Specify the name of lock. ### Parameter: `managedIdentities` The managed identity definition for this resource. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | No | bool | Optional. Enables system assigned managed identity on the resource. | -| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | No | array | Optional. The resource ID(s) to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | bool | Enables system assigned managed identity on the resource. | +| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. | ### Parameter: `managedIdentities.systemAssigned` -Optional. Enables system assigned managed identity on the resource. +Enables system assigned managed identity on the resource. - Required: No - Type: bool ### Parameter: `managedIdentities.userAssignedResourceIds` -Optional. The resource ID(s) to assign to the resource. +The resource ID(s) to assign to the resource. - Required: No - Type: array @@ -1364,210 +1371,255 @@ Optional. The resource ID(s) to assign to the resource. ### Parameter: `modules` List of modules to be created in the automation account. + - Required: No - Type: array - Default: `[]` -### Parameter: `name` - -Name of the Automation Account. -- Required: Yes -- Type: string - ### Parameter: `privateEndpoints` Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | No | array | Optional. Application security groups in which the private endpoint IP configuration is included. | -| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | No | array | Optional. Custom DNS configurations. | -| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | No | string | Optional. The custom name of the network interface attached to the private endpoint. | -| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | No | bool | Optional. Enable/Disable usage telemetry for module. | -| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | No | array | Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | -| [`location`](#parameter-privateendpointslocation) | No | string | Optional. The location to deploy the private endpoint to. | -| [`lock`](#parameter-privateendpointslock) | No | object | Optional. Specify the type of lock. | -| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | No | array | Optional. Manual PrivateLink Service Connections. | -| [`name`](#parameter-privateendpointsname) | No | string | Optional. The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | No | string | Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | -| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | No | array | Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | -| [`roleAssignments`](#parameter-privateendpointsroleassignments) | No | array | Optional. Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | Yes | string | Required. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | -| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | Yes | string | Required. Resource ID of the subnet where the endpoint needs to be created. | -| [`tags`](#parameter-privateendpointstags) | No | object | Optional. Tags to be applied on all resources/resource groups in this deployment. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | +| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | string | Resource ID of the subnet where the endpoint needs to be created. | -### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | array | Application security groups in which the private endpoint IP configuration is included. | +| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | array | Custom DNS configurations. | +| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | +| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | +| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | +| [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | +| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | +| [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | +| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | +| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | +| [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | +| [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | -Optional. Application security groups in which the private endpoint IP configuration is included. +### Parameter: `privateEndpoints.service` -- Required: No -- Type: array +The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". -### Parameter: `privateEndpoints.customDnsConfigs` +- Required: Yes +- Type: string -Optional. Custom DNS configurations. +### Parameter: `privateEndpoints.subnetResourceId` -- Required: No -- Type: array +Resource ID of the subnet where the endpoint needs to be created. -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | No | string | Required. Fqdn that resolves to private endpoint ip address. | -| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | Yes | array | Required. A list of private ip addresses of the private endpoint. | +- Required: Yes +- Type: string -### Parameter: `privateEndpoints.customDnsConfigs.fqdn` +### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` -Required. Fqdn that resolves to private endpoint ip address. +Application security groups in which the private endpoint IP configuration is included. - Required: No -- Type: string +- Type: array -### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` +### Parameter: `privateEndpoints.customDnsConfigs` -Required. A list of private ip addresses of the private endpoint. +Custom DNS configurations. -- Required: Yes +- Required: No - Type: array - ### Parameter: `privateEndpoints.customNetworkInterfaceName` -Optional. The custom name of the network interface attached to the private endpoint. +The custom name of the network interface attached to the private endpoint. - Required: No - Type: string ### Parameter: `privateEndpoints.enableTelemetry` -Optional. Enable/Disable usage telemetry for module. +Enable/Disable usage telemetry for module. - Required: No - Type: bool ### Parameter: `privateEndpoints.ipConfigurations` -Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. +A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`name`](#parameter-privateendpointsipconfigurationsname) | Yes | string | Required. The name of the resource that is unique within a resource group. | -| [`properties`](#parameter-privateendpointsipconfigurationsproperties) | Yes | object | Required. Properties of private endpoint IP configurations. | - -### Parameter: `privateEndpoints.ipConfigurations.name` +### Parameter: `privateEndpoints.location` -Required. The name of the resource that is unique within a resource group. +The location to deploy the private endpoint to. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties` +### Parameter: `privateEndpoints.lock` -Required. Properties of private endpoint IP configurations. +Specify the type of lock. -- Required: Yes +- Required: No - Type: object -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | Yes | string | Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. | -| [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | Yes | string | Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. | -| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | Yes | string | Required. A private ip address obtained from the private endpoint's subnet. | +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-privateendpointslockkind) | string | Specify the type of lock. | +| [`name`](#parameter-privateendpointslockname) | string | Specify the name of lock. | -### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` +### Parameter: `privateEndpoints.lock.kind` -Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. +Specify the type of lock. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` -### Parameter: `privateEndpoints.ipConfigurations.properties.memberName` +### Parameter: `privateEndpoints.lock.name` -Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. +Specify the name of lock. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` +### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` -Required. A private ip address obtained from the private endpoint's subnet. +Manual PrivateLink Service Connections. -- Required: Yes -- Type: string +- Required: No +- Type: array +### Parameter: `privateEndpoints.name` +The name of the private endpoint. -### Parameter: `privateEndpoints.location` +- Required: No +- Type: string -Optional. The location to deploy the private endpoint to. +### Parameter: `privateEndpoints.privateDnsZoneGroupName` + +The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. - Required: No - Type: string -### Parameter: `privateEndpoints.lock` +### Parameter: `privateEndpoints.privateDnsZoneResourceIds` -Optional. Specify the type of lock. +The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. - Required: No -- Type: object +- Type: array -### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` +### Parameter: `privateEndpoints.roleAssignments` -Optional. Manual PrivateLink Service Connections. +Array of role assignments to create. - Required: No - Type: array -### Parameter: `privateEndpoints.name` +**Required parameters** -Optional. The name of the private endpoint. +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-privateendpointsroleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-privateendpointsroleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -- Required: No +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-privateendpointsroleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-privateendpointsroleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-privateendpointsroleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-privateendpointsroleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-privateendpointsroleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | + +### Parameter: `privateEndpoints.roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `privateEndpoints.privateDnsZoneGroupName` +### Parameter: `privateEndpoints.roleAssignments.roleDefinitionIdOrName` + +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.roleAssignments.condition` -Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `privateEndpoints.privateDnsZoneResourceIds` +### Parameter: `privateEndpoints.roleAssignments.conditionVersion` -Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. +Version of the condition. - Required: No -- Type: array +- Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `privateEndpoints.roleAssignments` +### Parameter: `privateEndpoints.roleAssignments.delegatedManagedIdentityResourceId` -Optional. Array of role assignments to create. +The Resource Id of the delegated managed identity resource. - Required: No -- Type: array +- Type: string -### Parameter: `privateEndpoints.service` +### Parameter: `privateEndpoints.roleAssignments.description` -Required. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". +The description of the role assignment. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.subnetResourceId` +### Parameter: `privateEndpoints.roleAssignments.principalType` -Required. Resource ID of the subnet where the endpoint needs to be created. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `privateEndpoints.tags` -Optional. Tags to be applied on all resources/resource groups in this deployment. +Tags to be applied on all resources/resource groups in this deployment. - Required: No - Type: object @@ -1575,6 +1627,7 @@ Optional. Tags to be applied on all resources/resource groups in this deployment ### Parameter: `publicNetworkAccess` Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. + - Required: No - Type: string - Default: `''` @@ -1590,74 +1643,96 @@ Whether or not public network access is allowed for this resource. For security ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `runbooks` List of runbooks to be created in the automation account. + - Required: No - Type: array - Default: `[]` @@ -1665,6 +1740,7 @@ List of runbooks to be created in the automation account. ### Parameter: `schedules` List of schedules to be created in the automation account. + - Required: No - Type: array - Default: `[]` @@ -1672,6 +1748,7 @@ List of schedules to be created in the automation account. ### Parameter: `skuName` SKU name of the account. + - Required: No - Type: string - Default: `'Basic'` @@ -1686,6 +1763,7 @@ SKU name of the account. ### Parameter: `softwareUpdateConfigurations` List of softwareUpdateConfigurations to be created in the automation account. + - Required: No - Type: array - Default: `[]` @@ -1693,12 +1771,14 @@ List of softwareUpdateConfigurations to be created in the automation account. ### Parameter: `tags` Tags of the Automation Account resource. + - Required: No - Type: object ### Parameter: `variables` List of variables to be created in the automation account. + - Required: No - Type: array - Default: `[]` diff --git a/modules/automation/automation-account/job-schedule/README.md b/modules/automation/automation-account/job-schedule/README.md index 1faf4e3c61..05dd4ccf1e 100644 --- a/modules/automation/automation-account/job-schedule/README.md +++ b/modules/automation/automation-account/job-schedule/README.md @@ -44,51 +44,58 @@ This module deploys an Azure Automation Account Job Schedule. | :-- | :-- | :-- | | [`name`](#parameter-name) | string | Name of the Automation Account job schedule. Must be a GUID and is autogenerated. No need to provide this value. | +### Parameter: `runbookName` + +The runbook property associated with the entity. + +- Required: Yes +- Type: string + +### Parameter: `scheduleName` + +The schedule property associated with the entity. + +- Required: Yes +- Type: string + ### Parameter: `automationAccountName` The name of the parent Automation Account. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` -### Parameter: `name` - -Name of the Automation Account job schedule. Must be a GUID and is autogenerated. No need to provide this value. -- Required: No -- Type: string -- Default: `[newGuid()]` - ### Parameter: `parameters` List of job properties. + - Required: No - Type: object - Default: `{}` -### Parameter: `runbookName` - -The runbook property associated with the entity. -- Required: Yes -- Type: string - ### Parameter: `runOn` The hybrid worker group that the scheduled job should run on. + - Required: No - Type: string - Default: `''` -### Parameter: `scheduleName` +### Parameter: `name` -The schedule property associated with the entity. -- Required: Yes +Name of the Automation Account job schedule. Must be a GUID and is autogenerated. No need to provide this value. + +- Required: No - Type: string +- Default: `[newGuid()]` ## Outputs diff --git a/modules/automation/automation-account/module/README.md b/modules/automation/automation-account/module/README.md index 71d279aaf2..558c759726 100644 --- a/modules/automation/automation-account/module/README.md +++ b/modules/automation/automation-account/module/README.md @@ -39,15 +39,31 @@ This module deploys an Azure Automation Account Module. | [`tags`](#parameter-tags) | object | Tags of the Automation Account resource. | | [`version`](#parameter-version) | string | Module version or specify latest to get the latest version. | +### Parameter: `name` + +Name of the Automation Account module. + +- Required: Yes +- Type: string + +### Parameter: `uri` + +Module package URI, e.g. https://www.powershellgallery.com/api/v2/package. + +- Required: Yes +- Type: string + ### Parameter: `automationAccountName` The name of the parent Automation Account. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -55,31 +71,22 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` -### Parameter: `name` - -Name of the Automation Account module. -- Required: Yes -- Type: string - ### Parameter: `tags` Tags of the Automation Account resource. + - Required: No - Type: object -### Parameter: `uri` - -Module package URI, e.g. https://www.powershellgallery.com/api/v2/package. -- Required: Yes -- Type: string - ### Parameter: `version` Module version or specify latest to get the latest version. + - Required: No - Type: string - Default: `'latest'` diff --git a/modules/automation/automation-account/runbook/README.md b/modules/automation/automation-account/runbook/README.md index e3b163f55f..6baba0a6a7 100644 --- a/modules/automation/automation-account/runbook/README.md +++ b/modules/automation/automation-account/runbook/README.md @@ -49,22 +49,41 @@ This module deploys an Azure Automation Account Runbook. | :-- | :-- | :-- | | [`baseTime`](#parameter-basetime) | string | Time used as a basis for e.g. the schedule start date. | -### Parameter: `automationAccountName` +### Parameter: `name` + +Name of the Automation Account runbook. -The name of the parent Automation Account. Required if the template is used in a standalone deployment. - Required: Yes - Type: string -### Parameter: `baseTime` +### Parameter: `type` -Time used as a basis for e.g. the schedule start date. -- Required: No +The type of the runbook. + +- Required: Yes +- Type: string +- Allowed: + ```Bicep + [ + 'Graph' + 'GraphPowerShell' + 'GraphPowerShellWorkflow' + 'PowerShell' + 'PowerShellWorkflow' + ] + ``` + +### Parameter: `automationAccountName` + +The name of the parent Automation Account. Required if the template is used in a standalone deployment. + +- Required: Yes - Type: string -- Default: `[utcNow('u')]` ### Parameter: `description` The description of the runbook. + - Required: No - Type: string - Default: `''` @@ -72,6 +91,7 @@ The description of the runbook. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -79,19 +99,15 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` -### Parameter: `name` - -Name of the Automation Account runbook. -- Required: Yes -- Type: string - ### Parameter: `sasTokenValidityLength` SAS token validity length. Usage: 'PT8H' - valid for 8 hours; 'P5D' - valid for 5 days; 'P1Y' - valid for 1 year. When not provided, the SAS token will be valid for 8 hours. + - Required: No - Type: string - Default: `'PT8H'` @@ -99,34 +115,21 @@ SAS token validity length. Usage: 'PT8H' - valid for 8 hours; 'P5D' - valid for ### Parameter: `scriptStorageAccountResourceId` Resource Id of the runbook storage account. + - Required: No - Type: string ### Parameter: `tags` Tags of the Automation Account resource. + - Required: No - Type: object -### Parameter: `type` - -The type of the runbook. -- Required: Yes -- Type: string -- Allowed: - ```Bicep - [ - 'Graph' - 'GraphPowerShell' - 'GraphPowerShellWorkflow' - 'PowerShell' - 'PowerShellWorkflow' - ] - ``` - ### Parameter: `uri` The uri of the runbook content. + - Required: No - Type: string - Default: `''` @@ -134,10 +137,19 @@ The uri of the runbook content. ### Parameter: `version` The version of the runbook content. + - Required: No - Type: string - Default: `''` +### Parameter: `baseTime` + +Time used as a basis for e.g. the schedule start date. + +- Required: No +- Type: string +- Default: `[utcNow('u')]` + ## Outputs diff --git a/modules/automation/automation-account/schedule/README.md b/modules/automation/automation-account/schedule/README.md index b4f572ed41..c322245c12 100644 --- a/modules/automation/automation-account/schedule/README.md +++ b/modules/automation/automation-account/schedule/README.md @@ -48,29 +48,32 @@ This module deploys an Azure Automation Account Schedule. | :-- | :-- | :-- | | [`baseTime`](#parameter-basetime) | string | Time used as a basis for e.g. the schedule start date. | -### Parameter: `advancedSchedule` +### Parameter: `name` -The properties of the create Advanced Schedule. -- Required: No -- Type: object -- Default: `{}` +Name of the Automation Account schedule. + +- Required: Yes +- Type: string ### Parameter: `automationAccountName` The name of the parent Automation Account. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string -### Parameter: `baseTime` +### Parameter: `advancedSchedule` + +The properties of the create Advanced Schedule. -Time used as a basis for e.g. the schedule start date. - Required: No -- Type: string -- Default: `[utcNow('u')]` +- Type: object +- Default: `{}` ### Parameter: `description` The description of the schedule. + - Required: No - Type: string - Default: `''` @@ -78,6 +81,7 @@ The description of the schedule. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -85,6 +89,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `expiryTime` The end time of the schedule. + - Required: No - Type: string - Default: `''` @@ -92,6 +97,7 @@ The end time of the schedule. ### Parameter: `frequency` The frequency of the schedule. + - Required: No - Type: string - Default: `'OneTime'` @@ -110,19 +116,15 @@ The frequency of the schedule. ### Parameter: `interval` Anything. + - Required: No - Type: int - Default: `0` -### Parameter: `name` - -Name of the Automation Account schedule. -- Required: Yes -- Type: string - ### Parameter: `startTime` The start time of the schedule. + - Required: No - Type: string - Default: `''` @@ -130,10 +132,19 @@ The start time of the schedule. ### Parameter: `timeZone` The time zone of the schedule. + - Required: No - Type: string - Default: `''` +### Parameter: `baseTime` + +Time used as a basis for e.g. the schedule start date. + +- Required: No +- Type: string +- Default: `[utcNow('u')]` + ## Outputs diff --git a/modules/automation/automation-account/software-update-configuration/README.md b/modules/automation/automation-account/software-update-configuration/README.md index 0090d203d5..da37b18b6e 100644 --- a/modules/automation/automation-account/software-update-configuration/README.md +++ b/modules/automation/automation-account/software-update-configuration/README.md @@ -72,29 +72,79 @@ This module deploys an Azure Automation Account Software Update Configuration. | :-- | :-- | :-- | | [`baseTime`](#parameter-basetime) | string | Do not touch. Is used to provide the base time for time comparison for startTime. If startTime is specified in HH:MM format, baseTime is used to check if the provided startTime has passed, adding one day before setting the deployment schedule. | +### Parameter: `frequency` + +The frequency of the deployment schedule. When using 'Hour', 'Day', 'Week' or 'Month', an interval needs to be provided. + +- Required: Yes +- Type: string +- Allowed: + ```Bicep + [ + 'Day' + 'Hour' + 'Month' + 'OneTime' + 'Week' + ] + ``` + +### Parameter: `name` + +The name of the Deployment schedule. + +- Required: Yes +- Type: string + +### Parameter: `operatingSystem` + +The operating system to be configured by the deployment schedule. + +- Required: Yes +- Type: string +- Allowed: + ```Bicep + [ + 'Linux' + 'Windows' + ] + ``` + +### Parameter: `rebootSetting` + +Reboot setting for the deployment schedule. + +- Required: Yes +- Type: string +- Allowed: + ```Bicep + [ + 'Always' + 'IfRequired' + 'Never' + 'RebootOnly' + ] + ``` + ### Parameter: `automationAccountName` The name of the parent Automation Account. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string ### Parameter: `azureVirtualMachines` List of azure resource IDs for azure virtual machines in scope for the deployment schedule. + - Required: No - Type: array - Default: `[]` -### Parameter: `baseTime` - -Do not touch. Is used to provide the base time for time comparison for startTime. If startTime is specified in HH:MM format, baseTime is used to check if the provided startTime has passed, adding one day before setting the deployment schedule. -- Required: No -- Type: string -- Default: `[utcNow('u')]` - ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -102,6 +152,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `excludeUpdates` KB numbers or Linux packages excluded in the deployment schedule. + - Required: No - Type: array - Default: `[]` @@ -109,6 +160,7 @@ KB numbers or Linux packages excluded in the deployment schedule. ### Parameter: `expiryTime` The end time of the deployment schedule in ISO 8601 format. YYYY-MM-DDTHH:MM:SS, 2021-12-31T23:00:00. + - Required: No - Type: string - Default: `''` @@ -116,29 +168,15 @@ The end time of the deployment schedule in ISO 8601 format. YYYY-MM-DDTHH:MM:SS, ### Parameter: `expiryTimeOffsetMinutes` The expiry time's offset in minutes. + - Required: No - Type: int - Default: `0` -### Parameter: `frequency` - -The frequency of the deployment schedule. When using 'Hour', 'Day', 'Week' or 'Month', an interval needs to be provided. -- Required: Yes -- Type: string -- Allowed: - ```Bicep - [ - 'Day' - 'Hour' - 'Month' - 'OneTime' - 'Week' - ] - ``` - ### Parameter: `includeUpdates` KB numbers or Linux packages included in the deployment schedule. + - Required: No - Type: array - Default: `[]` @@ -146,6 +184,7 @@ KB numbers or Linux packages included in the deployment schedule. ### Parameter: `interval` The interval of the frequency for the deployment schedule. 1 Hour is every hour, 2 Day is every second day, etc. + - Required: No - Type: int - Default: `1` @@ -153,6 +192,7 @@ The interval of the frequency for the deployment schedule. 1 Hour is every hour, ### Parameter: `isEnabled` Enables the deployment schedule. + - Required: No - Type: bool - Default: `True` @@ -160,6 +200,7 @@ Enables the deployment schedule. ### Parameter: `maintenanceWindow` Maximum time allowed for the deployment schedule to run. Duration needs to be specified using the format PT[n]H[n]M[n]S as per ISO8601. + - Required: No - Type: string - Default: `'PT2H'` @@ -167,6 +208,7 @@ Maximum time allowed for the deployment schedule to run. Duration needs to be sp ### Parameter: `monthDays` Can be used with frequency 'Month'. Provides the specific days of the month to run the deployment schedule. + - Required: No - Type: array - Default: `[]` @@ -210,19 +252,15 @@ Can be used with frequency 'Month'. Provides the specific days of the month to r ### Parameter: `monthlyOccurrences` Can be used with frequency 'Month'. Provides the pattern/cadence for running the deployment schedule in a month. Takes objects formed like this {occurance(int),day(string)}. Day is the name of the day to run the deployment schedule, the occurance specifies which occurance of that day to run the deployment schedule. + - Required: No - Type: array - Default: `[]` -### Parameter: `name` - -The name of the Deployment schedule. -- Required: Yes -- Type: string - ### Parameter: `nextRun` The next time the deployment schedule runs in ISO 8601 format. YYYY-MM-DDTHH:MM:SS, 2021-12-31T23:00:00. + - Required: No - Type: string - Default: `''` @@ -230,6 +268,7 @@ The next time the deployment schedule runs in ISO 8601 format. YYYY-MM-DDTHH:MM: ### Parameter: `nextRunOffsetMinutes` The next run's offset in minutes. + - Required: No - Type: int - Default: `0` @@ -237,6 +276,7 @@ The next run's offset in minutes. ### Parameter: `nonAzureComputerNames` List of names of non-azure machines in scope for the deployment schedule. + - Required: No - Type: array - Default: `[]` @@ -244,26 +284,15 @@ List of names of non-azure machines in scope for the deployment schedule. ### Parameter: `nonAzureQueries` Array of functions from a Log Analytics workspace, used to scope the deployment schedule. + - Required: No - Type: array - Default: `[]` -### Parameter: `operatingSystem` - -The operating system to be configured by the deployment schedule. -- Required: Yes -- Type: string -- Allowed: - ```Bicep - [ - 'Linux' - 'Windows' - ] - ``` - ### Parameter: `postTaskParameters` Parameters provided to the task running after the deployment schedule. + - Required: No - Type: object - Default: `{}` @@ -271,6 +300,7 @@ Parameters provided to the task running after the deployment schedule. ### Parameter: `postTaskSource` The source of the task running after the deployment schedule. + - Required: No - Type: string - Default: `''` @@ -278,6 +308,7 @@ The source of the task running after the deployment schedule. ### Parameter: `preTaskParameters` Parameters provided to the task running before the deployment schedule. + - Required: No - Type: object - Default: `{}` @@ -285,28 +316,15 @@ Parameters provided to the task running before the deployment schedule. ### Parameter: `preTaskSource` The source of the task running before the deployment schedule. + - Required: No - Type: string - Default: `''` -### Parameter: `rebootSetting` - -Reboot setting for the deployment schedule. -- Required: Yes -- Type: string -- Allowed: - ```Bicep - [ - 'Always' - 'IfRequired' - 'Never' - 'RebootOnly' - ] - ``` - ### Parameter: `scheduleDescription` The schedules description. + - Required: No - Type: string - Default: `''` @@ -314,6 +332,7 @@ The schedules description. ### Parameter: `scopeByLocations` Specify locations to which to scope the deployment schedule to. + - Required: No - Type: array - Default: `[]` @@ -321,6 +340,7 @@ Specify locations to which to scope the deployment schedule to. ### Parameter: `scopeByResources` Specify the resources to scope the deployment schedule to. + - Required: No - Type: array - Default: @@ -333,6 +353,7 @@ Specify the resources to scope the deployment schedule to. ### Parameter: `scopeByTags` Specify tags to which to scope the deployment schedule to. + - Required: No - Type: object - Default: `{}` @@ -340,6 +361,7 @@ Specify tags to which to scope the deployment schedule to. ### Parameter: `scopeByTagsOperation` Enables the scopeByTags to require All (Tag A and Tag B) or Any (Tag A or Tag B). + - Required: No - Type: string - Default: `'All'` @@ -354,6 +376,7 @@ Enables the scopeByTags to require All (Tag A and Tag B) or Any (Tag A or Tag B) ### Parameter: `startTime` The start time of the deployment schedule in ISO 8601 format. To specify a specific time use YYYY-MM-DDTHH:MM:SS, 2021-12-31T23:00:00. For schedules where we want to start the deployment as soon as possible, specify the time segment only in 24 hour format, HH:MM, 22:00. + - Required: No - Type: string - Default: `''` @@ -361,6 +384,7 @@ The start time of the deployment schedule in ISO 8601 format. To specify a speci ### Parameter: `timeZone` Time zone for the deployment schedule. IANA ID or a Windows Time Zone ID. + - Required: No - Type: string - Default: `'UTC'` @@ -368,6 +392,7 @@ Time zone for the deployment schedule. IANA ID or a Windows Time Zone ID. ### Parameter: `updateClassifications` Update classification included in the deployment schedule. + - Required: No - Type: array - Default: @@ -395,6 +420,7 @@ Update classification included in the deployment schedule. ### Parameter: `weekDays` Required when used with frequency 'Week'. Specified the day of the week to run the deployment schedule. + - Required: No - Type: array - Default: `[]` @@ -411,6 +437,14 @@ Required when used with frequency 'Week'. Specified the day of the week to run t ] ``` +### Parameter: `baseTime` + +Do not touch. Is used to provide the base time for time comparison for startTime. If startTime is specified in HH:MM format, baseTime is used to check if the provided startTime has passed, adding one day before setting the deployment schedule. + +- Required: No +- Type: string +- Default: `[utcNow('u')]` + ## Outputs diff --git a/modules/automation/automation-account/variable/README.md b/modules/automation/automation-account/variable/README.md index 99ec5a4985..f6b15abae7 100644 --- a/modules/automation/automation-account/variable/README.md +++ b/modules/automation/automation-account/variable/README.md @@ -39,15 +39,31 @@ This module deploys an Azure Automation Account Variable. | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`isEncrypted`](#parameter-isencrypted) | bool | If the variable should be encrypted. For security reasons encryption of variables should be enabled. | +### Parameter: `name` + +The name of the variable. + +- Required: Yes +- Type: string + +### Parameter: `value` + +The value of the variable. For security best practices, this value is always passed as a secure string as it could contain an encrypted value when the "isEncrypted" property is set to true. + +- Required: Yes +- Type: securestring + ### Parameter: `automationAccountName` The name of the parent Automation Account. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string ### Parameter: `description` The description of the variable. + - Required: No - Type: string - Default: `''` @@ -55,6 +71,7 @@ The description of the variable. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -62,22 +79,11 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `isEncrypted` If the variable should be encrypted. For security reasons encryption of variables should be enabled. + - Required: No - Type: bool - Default: `True` -### Parameter: `name` - -The name of the variable. -- Required: Yes -- Type: string - -### Parameter: `value` - -The value of the variable. For security best practices, this value is always passed as a secure string as it could contain an encrypted value when the "isEncrypted" property is set to true. -- Required: Yes -- Type: securestring - ## Outputs diff --git a/modules/batch/batch-account/README.md b/modules/batch/batch-account/README.md index 74b8f009b7..74a78f3d57 100644 --- a/modules/batch/batch-account/README.md +++ b/modules/batch/batch-account/README.md @@ -614,9 +614,40 @@ module batchAccount 'br:bicep/modules/batch.batch-account:1.0.0' = { | [`storageAuthenticationMode`](#parameter-storageauthenticationmode) | string | The authentication mode which the Batch service will use to manage the auto-storage account. | | [`tags`](#parameter-tags) | object | Tags of the resource. | +### Parameter: `name` + +Name of the Azure Batch. + +- Required: Yes +- Type: string + +### Parameter: `storageAccountId` + +The resource ID of the storage account to be used for auto-storage account. + +- Required: Yes +- Type: string + +### Parameter: `cMKKeyVaultResourceId` + +The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. + +- Required: No +- Type: string +- Default: `''` + +### Parameter: `keyVaultReferenceResourceId` + +The key vault to associate with the Batch account. Required if the 'poolAllocationMode' is set to 'UserSubscription' and requires the service principal 'Microsoft Azure Batch' to be granted contributor permissions on this key vault. + +- Required: No +- Type: string +- Default: `''` + ### Parameter: `allowedAuthenticationModes` List of allowed authentication modes for the Batch account that can be used to authenticate with the data plane. + - Required: No - Type: array - Default: `[]` @@ -632,13 +663,7 @@ List of allowed authentication modes for the Batch account that can be used to a ### Parameter: `cMKKeyName` The name of the customer managed key to use for encryption. -- Required: No -- Type: string -- Default: `''` - -### Parameter: `cMKKeyVaultResourceId` -The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. - Required: No - Type: string - Default: `''` @@ -646,6 +671,7 @@ The resource ID of a key vault to reference a customer managed key for encryptio ### Parameter: `cMKKeyVersion` The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. + - Required: No - Type: string - Default: `''` @@ -653,114 +679,90 @@ The version of the customer managed key to reference for encryption. If not prov ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.metricCategories` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | - -### Parameter: `diagnosticSettings.metricCategories.category` - -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. - -- Required: Yes -- Type: string - - ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -768,20 +770,15 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` -### Parameter: `keyVaultReferenceResourceId` - -The key vault to associate with the Batch account. Required if the 'poolAllocationMode' is set to 'UserSubscription' and requires the service principal 'Microsoft Azure Batch' to be granted contributor permissions on this key vault. -- Required: No -- Type: string -- Default: `''` - ### Parameter: `location` Location for all Resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -789,26 +786,35 @@ Location for all Resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -816,38 +822,35 @@ Optional. Specify the name of lock. ### Parameter: `managedIdentities` The managed identity definition for this resource. Only one type of identity is supported: system-assigned or user-assigned, but not both. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | No | bool | Optional. Enables system assigned managed identity on the resource. | -| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | No | array | Optional. The resource ID(s) to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | bool | Enables system assigned managed identity on the resource. | +| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. | ### Parameter: `managedIdentities.systemAssigned` -Optional. Enables system assigned managed identity on the resource. +Enables system assigned managed identity on the resource. - Required: No - Type: bool ### Parameter: `managedIdentities.userAssignedResourceIds` -Optional. The resource ID(s) to assign to the resource. +The resource ID(s) to assign to the resource. - Required: No - Type: array -### Parameter: `name` - -Name of the Azure Batch. -- Required: Yes -- Type: string - ### Parameter: `networkProfileAllowedIpRanges` Array of IP ranges to filter client IP address. It is only applicable when publicNetworkAccess is not explicitly disabled. + - Required: No - Type: array - Default: `[]` @@ -855,6 +858,7 @@ Array of IP ranges to filter client IP address. It is only applicable when publi ### Parameter: `networkProfileDefaultAction` The network profile default action for endpoint access. It is only applicable when publicNetworkAccess is not explicitly disabled. + - Required: No - Type: string - Default: `'Deny'` @@ -869,6 +873,7 @@ The network profile default action for endpoint access. It is only applicable wh ### Parameter: `poolAllocationMode` The allocation mode for creating pools in the Batch account. Determines which quota will be used. + - Required: No - Type: string - Default: `'BatchService'` @@ -883,197 +888,247 @@ The allocation mode for creating pools in the Batch account. Determines which qu ### Parameter: `privateEndpoints` Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | No | array | Optional. Application security groups in which the private endpoint IP configuration is included. | -| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | No | array | Optional. Custom DNS configurations. | -| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | No | string | Optional. The custom name of the network interface attached to the private endpoint. | -| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | No | bool | Optional. Enable/Disable usage telemetry for module. | -| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | No | array | Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | -| [`location`](#parameter-privateendpointslocation) | No | string | Optional. The location to deploy the private endpoint to. | -| [`lock`](#parameter-privateendpointslock) | No | object | Optional. Specify the type of lock. | -| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | No | array | Optional. Manual PrivateLink Service Connections. | -| [`name`](#parameter-privateendpointsname) | No | string | Optional. The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | No | string | Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | -| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | No | array | Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | -| [`roleAssignments`](#parameter-privateendpointsroleassignments) | No | array | Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| [`service`](#parameter-privateendpointsservice) | No | string | Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | -| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | Yes | string | Required. Resource ID of the subnet where the endpoint needs to be created. | -| [`tags`](#parameter-privateendpointstags) | No | object | Optional. Tags to be applied on all resources/resource groups in this deployment. | - -### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | string | Resource ID of the subnet where the endpoint needs to be created. | -Optional. Application security groups in which the private endpoint IP configuration is included. +**Optional parameters** -- Required: No -- Type: array +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | array | Application security groups in which the private endpoint IP configuration is included. | +| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | array | Custom DNS configurations. | +| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | +| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | +| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | +| [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | +| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | +| [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | +| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | +| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | +| [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | +| [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | -### Parameter: `privateEndpoints.customDnsConfigs` +### Parameter: `privateEndpoints.subnetResourceId` -Optional. Custom DNS configurations. +Resource ID of the subnet where the endpoint needs to be created. -- Required: No -- Type: array - -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | No | string | Required. Fqdn that resolves to private endpoint ip address. | -| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | Yes | array | Required. A list of private ip addresses of the private endpoint. | +- Required: Yes +- Type: string -### Parameter: `privateEndpoints.customDnsConfigs.fqdn` +### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` -Required. Fqdn that resolves to private endpoint ip address. +Application security groups in which the private endpoint IP configuration is included. - Required: No -- Type: string +- Type: array -### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` +### Parameter: `privateEndpoints.customDnsConfigs` -Required. A list of private ip addresses of the private endpoint. +Custom DNS configurations. -- Required: Yes +- Required: No - Type: array - ### Parameter: `privateEndpoints.customNetworkInterfaceName` -Optional. The custom name of the network interface attached to the private endpoint. +The custom name of the network interface attached to the private endpoint. - Required: No - Type: string ### Parameter: `privateEndpoints.enableTelemetry` -Optional. Enable/Disable usage telemetry for module. +Enable/Disable usage telemetry for module. - Required: No - Type: bool ### Parameter: `privateEndpoints.ipConfigurations` -Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. +A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`name`](#parameter-privateendpointsipconfigurationsname) | Yes | string | Required. The name of the resource that is unique within a resource group. | -| [`properties`](#parameter-privateendpointsipconfigurationsproperties) | Yes | object | Required. Properties of private endpoint IP configurations. | - -### Parameter: `privateEndpoints.ipConfigurations.name` +### Parameter: `privateEndpoints.location` -Required. The name of the resource that is unique within a resource group. +The location to deploy the private endpoint to. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties` +### Parameter: `privateEndpoints.lock` -Required. Properties of private endpoint IP configurations. +Specify the type of lock. -- Required: Yes +- Required: No - Type: object -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | Yes | string | Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. | -| [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | Yes | string | Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. | -| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | Yes | string | Required. A private ip address obtained from the private endpoint's subnet. | +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-privateendpointslockkind) | string | Specify the type of lock. | +| [`name`](#parameter-privateendpointslockname) | string | Specify the name of lock. | -### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` +### Parameter: `privateEndpoints.lock.kind` -Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. +Specify the type of lock. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` -### Parameter: `privateEndpoints.ipConfigurations.properties.memberName` +### Parameter: `privateEndpoints.lock.name` -Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. +Specify the name of lock. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` +### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` + +Manual PrivateLink Service Connections. -Required. A private ip address obtained from the private endpoint's subnet. +- Required: No +- Type: array -- Required: Yes -- Type: string +### Parameter: `privateEndpoints.name` +The name of the private endpoint. +- Required: No +- Type: string -### Parameter: `privateEndpoints.location` +### Parameter: `privateEndpoints.privateDnsZoneGroupName` -Optional. The location to deploy the private endpoint to. +The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. - Required: No - Type: string -### Parameter: `privateEndpoints.lock` +### Parameter: `privateEndpoints.privateDnsZoneResourceIds` -Optional. Specify the type of lock. +The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. - Required: No -- Type: object +- Type: array -### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` +### Parameter: `privateEndpoints.roleAssignments` -Optional. Manual PrivateLink Service Connections. +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. - Required: No - Type: array -### Parameter: `privateEndpoints.name` +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-privateendpointsroleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-privateendpointsroleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-privateendpointsroleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-privateendpointsroleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-privateendpointsroleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-privateendpointsroleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-privateendpointsroleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | + +### Parameter: `privateEndpoints.roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes +- Type: string -Optional. The name of the private endpoint. +### Parameter: `privateEndpoints.roleAssignments.roleDefinitionIdOrName` + +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.roleAssignments.condition` + +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `privateEndpoints.privateDnsZoneGroupName` +### Parameter: `privateEndpoints.roleAssignments.conditionVersion` -Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `privateEndpoints.privateDnsZoneResourceIds` +### Parameter: `privateEndpoints.roleAssignments.delegatedManagedIdentityResourceId` -Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. +The Resource Id of the delegated managed identity resource. - Required: No -- Type: array +- Type: string -### Parameter: `privateEndpoints.roleAssignments` +### Parameter: `privateEndpoints.roleAssignments.description` -Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The description of the role assignment. - Required: No -- Type: array +- Type: string -### Parameter: `privateEndpoints.service` +### Parameter: `privateEndpoints.roleAssignments.principalType` -Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". +The principal type of the assigned principal ID. - Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` -### Parameter: `privateEndpoints.subnetResourceId` +### Parameter: `privateEndpoints.service` -Required. Resource ID of the subnet where the endpoint needs to be created. +The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". -- Required: Yes +- Required: No - Type: string ### Parameter: `privateEndpoints.tags` -Optional. Tags to be applied on all resources/resource groups in this deployment. +Tags to be applied on all resources/resource groups in this deployment. - Required: No - Type: object @@ -1081,6 +1136,7 @@ Optional. Tags to be applied on all resources/resource groups in this deployment ### Parameter: `publicNetworkAccess` Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and networkProfileAllowedIpRanges are not set. + - Required: No - Type: string - Default: `''` @@ -1096,87 +1152,104 @@ Whether or not public network access is allowed for this resource. For security ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + - Required: No - Type: array +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | +**Optional parameters** -### Parameter: `roleAssignments.condition` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +### Parameter: `roleAssignments.principalId` -- Required: No +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `storageAccessIdentity` The resource ID of a user assigned identity assigned to pools which have compute nodes that need access to auto-storage. + - Required: No - Type: string - Default: `''` -### Parameter: `storageAccountId` - -The resource ID of the storage account to be used for auto-storage account. -- Required: Yes -- Type: string - ### Parameter: `storageAuthenticationMode` The authentication mode which the Batch service will use to manage the auto-storage account. + - Required: No - Type: string - Default: `'StorageKeys'` @@ -1191,6 +1264,7 @@ The authentication mode which the Batch service will use to manage the auto-stor ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object diff --git a/modules/cache/redis-enterprise/README.md b/modules/cache/redis-enterprise/README.md index e818d8120c..c39d1698a8 100644 --- a/modules/cache/redis-enterprise/README.md +++ b/modules/cache/redis-enterprise/README.md @@ -622,9 +622,17 @@ module redisEnterprise 'br:bicep/modules/cache.redis-enterprise:1.0.0' = { | [`tags`](#parameter-tags) | object | Tags of the resource. | | [`zoneRedundant`](#parameter-zoneredundant) | bool | When true, the cluster will be deployed across availability zones. | +### Parameter: `name` + +The name of the Redis Cache Enterprise resource. + +- Required: Yes +- Type: string + ### Parameter: `capacity` The size of the Redis Enterprise Cluster. Defaults to 2. Valid values are (2, 4, 6, ...) for Enterprise SKUs and (3, 9, 15, ...) for Flash SKUs. + - Required: No - Type: int - Default: `2` @@ -632,6 +640,7 @@ The size of the Redis Enterprise Cluster. Defaults to 2. Valid values are (2, 4, ### Parameter: `databases` The databases to create in the Redis Cache Enterprise Cluster. + - Required: No - Type: array - Default: `[]` @@ -639,86 +648,82 @@ The databases to create in the Redis Cache Enterprise Cluster. ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.metricCategories` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | - -### Parameter: `diagnosticSettings.metricCategories.category` - -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. - -- Required: Yes -- Type: string - - ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -726,6 +731,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -733,6 +739,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` The geo-location where the resource lives. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -740,26 +747,35 @@ The geo-location where the resource lives. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -767,6 +783,7 @@ Optional. Specify the name of lock. ### Parameter: `minimumTlsVersion` Requires clients to use a specified TLS version (or higher) to connect. + - Required: No - Type: string - Default: `'1.2'` @@ -779,206 +796,250 @@ Requires clients to use a specified TLS version (or higher) to connect. ] ``` -### Parameter: `name` - -The name of the Redis Cache Enterprise resource. -- Required: Yes -- Type: string - ### Parameter: `privateEndpoints` Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | No | array | Optional. Application security groups in which the private endpoint IP configuration is included. | -| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | No | array | Optional. Custom DNS configurations. | -| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | No | string | Optional. The custom name of the network interface attached to the private endpoint. | -| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | No | bool | Optional. Enable/Disable usage telemetry for module. | -| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | No | array | Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | -| [`location`](#parameter-privateendpointslocation) | No | string | Optional. The location to deploy the private endpoint to. | -| [`lock`](#parameter-privateendpointslock) | No | object | Optional. Specify the type of lock. | -| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | No | array | Optional. Manual PrivateLink Service Connections. | -| [`name`](#parameter-privateendpointsname) | No | string | Optional. The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | No | string | Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | -| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | No | array | Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | -| [`roleAssignments`](#parameter-privateendpointsroleassignments) | No | array | Optional. Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | No | string | Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | -| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | Yes | string | Required. Resource ID of the subnet where the endpoint needs to be created. | -| [`tags`](#parameter-privateendpointstags) | No | object | Optional. Tags to be applied on all resources/resource groups in this deployment. | - -### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` - -Optional. Application security groups in which the private endpoint IP configuration is included. +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | string | Resource ID of the subnet where the endpoint needs to be created. | -- Required: No -- Type: array +**Optional parameters** -### Parameter: `privateEndpoints.customDnsConfigs` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | array | Application security groups in which the private endpoint IP configuration is included. | +| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | array | Custom DNS configurations. | +| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | +| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | +| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | +| [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | +| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | +| [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | +| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | +| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | +| [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | +| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | +| [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | -Optional. Custom DNS configurations. +### Parameter: `privateEndpoints.subnetResourceId` -- Required: No -- Type: array +Resource ID of the subnet where the endpoint needs to be created. -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | No | string | Required. Fqdn that resolves to private endpoint ip address. | -| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | Yes | array | Required. A list of private ip addresses of the private endpoint. | +- Required: Yes +- Type: string -### Parameter: `privateEndpoints.customDnsConfigs.fqdn` +### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` -Required. Fqdn that resolves to private endpoint ip address. +Application security groups in which the private endpoint IP configuration is included. - Required: No -- Type: string +- Type: array -### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` +### Parameter: `privateEndpoints.customDnsConfigs` -Required. A list of private ip addresses of the private endpoint. +Custom DNS configurations. -- Required: Yes +- Required: No - Type: array - ### Parameter: `privateEndpoints.customNetworkInterfaceName` -Optional. The custom name of the network interface attached to the private endpoint. +The custom name of the network interface attached to the private endpoint. - Required: No - Type: string ### Parameter: `privateEndpoints.enableTelemetry` -Optional. Enable/Disable usage telemetry for module. +Enable/Disable usage telemetry for module. - Required: No - Type: bool ### Parameter: `privateEndpoints.ipConfigurations` -Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. +A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`name`](#parameter-privateendpointsipconfigurationsname) | Yes | string | Required. The name of the resource that is unique within a resource group. | -| [`properties`](#parameter-privateendpointsipconfigurationsproperties) | Yes | object | Required. Properties of private endpoint IP configurations. | - -### Parameter: `privateEndpoints.ipConfigurations.name` +### Parameter: `privateEndpoints.location` -Required. The name of the resource that is unique within a resource group. +The location to deploy the private endpoint to. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties` +### Parameter: `privateEndpoints.lock` -Required. Properties of private endpoint IP configurations. +Specify the type of lock. -- Required: Yes +- Required: No - Type: object -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | Yes | string | Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. | -| [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | Yes | string | Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. | -| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | Yes | string | Required. A private ip address obtained from the private endpoint's subnet. | +**Optional parameters** -### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-privateendpointslockkind) | string | Specify the type of lock. | +| [`name`](#parameter-privateendpointslockname) | string | Specify the name of lock. | -Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. +### Parameter: `privateEndpoints.lock.kind` -- Required: Yes +Specify the type of lock. + +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` -### Parameter: `privateEndpoints.ipConfigurations.properties.memberName` +### Parameter: `privateEndpoints.lock.name` -Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. +Specify the name of lock. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` +### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` -Required. A private ip address obtained from the private endpoint's subnet. +Manual PrivateLink Service Connections. -- Required: Yes -- Type: string +- Required: No +- Type: array +### Parameter: `privateEndpoints.name` +The name of the private endpoint. -### Parameter: `privateEndpoints.location` +- Required: No +- Type: string -Optional. The location to deploy the private endpoint to. +### Parameter: `privateEndpoints.privateDnsZoneGroupName` + +The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. - Required: No - Type: string -### Parameter: `privateEndpoints.lock` +### Parameter: `privateEndpoints.privateDnsZoneResourceIds` -Optional. Specify the type of lock. +The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. - Required: No -- Type: object +- Type: array -### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` +### Parameter: `privateEndpoints.roleAssignments` -Optional. Manual PrivateLink Service Connections. +Array of role assignments to create. - Required: No - Type: array -### Parameter: `privateEndpoints.name` +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-privateendpointsroleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-privateendpointsroleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-privateendpointsroleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-privateendpointsroleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-privateendpointsroleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-privateendpointsroleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-privateendpointsroleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | + +### Parameter: `privateEndpoints.roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes +- Type: string -Optional. The name of the private endpoint. +### Parameter: `privateEndpoints.roleAssignments.roleDefinitionIdOrName` + +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.roleAssignments.condition` + +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `privateEndpoints.privateDnsZoneGroupName` +### Parameter: `privateEndpoints.roleAssignments.conditionVersion` -Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `privateEndpoints.privateDnsZoneResourceIds` +### Parameter: `privateEndpoints.roleAssignments.delegatedManagedIdentityResourceId` -Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. +The Resource Id of the delegated managed identity resource. - Required: No -- Type: array +- Type: string -### Parameter: `privateEndpoints.roleAssignments` +### Parameter: `privateEndpoints.roleAssignments.description` -Optional. Array of role assignments to create. +The description of the role assignment. - Required: No -- Type: array +- Type: string -### Parameter: `privateEndpoints.service` +### Parameter: `privateEndpoints.roleAssignments.principalType` -Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". +The principal type of the assigned principal ID. - Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` -### Parameter: `privateEndpoints.subnetResourceId` +### Parameter: `privateEndpoints.service` -Required. Resource ID of the subnet where the endpoint needs to be created. +The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". -- Required: Yes +- Required: No - Type: string ### Parameter: `privateEndpoints.tags` -Optional. Tags to be applied on all resources/resource groups in this deployment. +Tags to be applied on all resources/resource groups in this deployment. - Required: No - Type: object @@ -986,74 +1047,96 @@ Optional. Tags to be applied on all resources/resource groups in this deployment ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +**Optional parameters** -### Parameter: `roleAssignments.condition` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +### Parameter: `roleAssignments.principalId` -- Required: No +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `skuName` The type of Redis Enterprise Cluster to deploy. + - Required: No - Type: string - Default: `'Enterprise_E10'` @@ -1073,12 +1156,14 @@ The type of Redis Enterprise Cluster to deploy. ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object ### Parameter: `zoneRedundant` When true, the cluster will be deployed across availability zones. + - Required: No - Type: bool - Default: `True` diff --git a/modules/cache/redis-enterprise/database/README.md b/modules/cache/redis-enterprise/database/README.md index 6e8576ffaf..31f20ebd4b 100644 --- a/modules/cache/redis-enterprise/database/README.md +++ b/modules/cache/redis-enterprise/database/README.md @@ -41,9 +41,50 @@ This module deploys a Redis Cache Enterprise Database. | [`persistenceRdbEnabled`](#parameter-persistencerdbenabled) | bool | Sets whether RDB is enabled. RDB and AOF persistence cannot be enabled at the same time. | | [`port`](#parameter-port) | int | TCP port of the database endpoint. Specified at create time. Default is (-1) meaning value is not set and defaults to an available port. Current supported port is 10000. | +### Parameter: `persistenceAofFrequency` + +Sets the frequency at which data is written to disk. Required if AOF persistence is enabled. + +- Required: No +- Type: string +- Default: `''` +- Allowed: + ```Bicep + [ + '' + '1s' + 'always' + ] + ``` + +### Parameter: `persistenceRdbFrequency` + +Sets the frequency at which a snapshot of the database is created. Required if RDB persistence is enabled. + +- Required: No +- Type: string +- Default: `''` +- Allowed: + ```Bicep + [ + '' + '12h' + '1h' + '6h' + ] + ``` + +### Parameter: `redisCacheEnterpriseName` + +The name of the parent Redis Cache Enterprise Cluster. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `clientProtocol` Specifies whether redis clients can connect using TLS-encrypted or plaintext redis protocols. Default is TLS-encrypted. + - Required: No - Type: string - Default: `'Encrypted'` @@ -58,6 +99,7 @@ Specifies whether redis clients can connect using TLS-encrypted or plaintext red ### Parameter: `clusteringPolicy` Specifies the clustering policy to enable at creation time of the Redis Cache Enterprise Cluster. + - Required: No - Type: string - Default: `'OSSCluster'` @@ -72,6 +114,7 @@ Specifies the clustering policy to enable at creation time of the Redis Cache En ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -79,6 +122,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `evictionPolicy` Redis eviction policy - default is VolatileLRU. + - Required: No - Type: string - Default: `'VolatileLRU'` @@ -99,6 +143,7 @@ Redis eviction policy - default is VolatileLRU. ### Parameter: `geoReplication` Optional set of properties to configure geo replication for this database. Geo replication prerequisites must be met. See "https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-how-to-active-geo-replication#active-geo-replication-prerequisites" for more information. + - Required: No - Type: object - Default: `{}` @@ -106,6 +151,7 @@ Optional set of properties to configure geo replication for this database. Geo r ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -113,6 +159,7 @@ Location for all resources. ### Parameter: `modules` Optional set of redis modules to enable in this database - modules can only be added at creation time. + - Required: No - Type: array - Default: `[]` @@ -120,61 +167,27 @@ Optional set of redis modules to enable in this database - modules can only be a ### Parameter: `persistenceAofEnabled` Sets whether AOF is enabled. Required if setting AOF frequency. AOF and RDB persistence cannot be enabled at the same time. + - Required: No - Type: bool - Default: `False` -### Parameter: `persistenceAofFrequency` - -Sets the frequency at which data is written to disk. Required if AOF persistence is enabled. -- Required: No -- Type: string -- Default: `''` -- Allowed: - ```Bicep - [ - '' - '1s' - 'always' - ] - ``` - ### Parameter: `persistenceRdbEnabled` Sets whether RDB is enabled. RDB and AOF persistence cannot be enabled at the same time. + - Required: No - Type: bool - Default: `False` -### Parameter: `persistenceRdbFrequency` - -Sets the frequency at which a snapshot of the database is created. Required if RDB persistence is enabled. -- Required: No -- Type: string -- Default: `''` -- Allowed: - ```Bicep - [ - '' - '12h' - '1h' - '6h' - ] - ``` - ### Parameter: `port` TCP port of the database endpoint. Specified at create time. Default is (-1) meaning value is not set and defaults to an available port. Current supported port is 10000. + - Required: No - Type: int - Default: `-1` -### Parameter: `redisCacheEnterpriseName` - -The name of the parent Redis Cache Enterprise Cluster. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/cache/redis/README.md b/modules/cache/redis/README.md index 33f02d5c1f..5f026c7c76 100644 --- a/modules/cache/redis/README.md +++ b/modules/cache/redis/README.md @@ -483,9 +483,17 @@ module redis 'br:bicep/modules/cache.redis:1.0.0' = { | [`zoneRedundant`](#parameter-zoneredundant) | bool | When true, replicas will be provisioned in availability zones specified in the zones parameter. | | [`zones`](#parameter-zones) | array | If the zoneRedundant parameter is true, replicas will be provisioned in the availability zones specified here. Otherwise, the service will choose where replicas are deployed. | +### Parameter: `name` + +The name of the Redis cache resource. + +- Required: Yes +- Type: string + ### Parameter: `capacity` The size of the Redis cache to deploy. Valid values: for C (Basic/Standard) family (0, 1, 2, 3, 4, 5, 6), for P (Premium) family (1, 2, 3, 4). + - Required: No - Type: int - Default: `1` @@ -505,114 +513,90 @@ The size of the Redis cache to deploy. Valid values: for C (Basic/Standard) fami ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.metricCategories` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | - -### Parameter: `diagnosticSettings.metricCategories.category` - -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. - -- Required: Yes -- Type: string - - ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -620,6 +604,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -627,6 +612,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `enableNonSslPort` Specifies whether the non-ssl Redis server port (6379) is enabled. + - Required: No - Type: bool - Default: `False` @@ -634,6 +620,7 @@ Specifies whether the non-ssl Redis server port (6379) is enabled. ### Parameter: `location` The location to deploy the Redis cache service. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -641,26 +628,35 @@ The location to deploy the Redis cache service. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -668,25 +664,27 @@ Optional. Specify the name of lock. ### Parameter: `managedIdentities` The managed identity definition for this resource. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | No | bool | Optional. Enables system assigned managed identity on the resource. | -| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | No | array | Optional. The resource ID(s) to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | bool | Enables system assigned managed identity on the resource. | +| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. | ### Parameter: `managedIdentities.systemAssigned` -Optional. Enables system assigned managed identity on the resource. +Enables system assigned managed identity on the resource. - Required: No - Type: bool ### Parameter: `managedIdentities.userAssignedResourceIds` -Optional. The resource ID(s) to assign to the resource. +The resource ID(s) to assign to the resource. - Required: No - Type: array @@ -694,6 +692,7 @@ Optional. The resource ID(s) to assign to the resource. ### Parameter: `minimumTlsVersion` Requires clients to use a specified TLS version (or higher) to connect. + - Required: No - Type: string - Default: `'1.2'` @@ -706,206 +705,250 @@ Requires clients to use a specified TLS version (or higher) to connect. ] ``` -### Parameter: `name` - -The name of the Redis cache resource. -- Required: Yes -- Type: string - ### Parameter: `privateEndpoints` Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | No | array | Optional. Application security groups in which the private endpoint IP configuration is included. | -| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | No | array | Optional. Custom DNS configurations. | -| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | No | string | Optional. The custom name of the network interface attached to the private endpoint. | -| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | No | bool | Optional. Enable/Disable usage telemetry for module. | -| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | No | array | Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | -| [`location`](#parameter-privateendpointslocation) | No | string | Optional. The location to deploy the private endpoint to. | -| [`lock`](#parameter-privateendpointslock) | No | object | Optional. Specify the type of lock. | -| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | No | array | Optional. Manual PrivateLink Service Connections. | -| [`name`](#parameter-privateendpointsname) | No | string | Optional. The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | No | string | Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | -| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | No | array | Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | -| [`roleAssignments`](#parameter-privateendpointsroleassignments) | No | array | Optional. Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | No | string | Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | -| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | Yes | string | Required. Resource ID of the subnet where the endpoint needs to be created. | -| [`tags`](#parameter-privateendpointstags) | No | object | Optional. Tags to be applied on all resources/resource groups in this deployment. | - -### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` - -Optional. Application security groups in which the private endpoint IP configuration is included. +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | string | Resource ID of the subnet where the endpoint needs to be created. | -- Required: No -- Type: array +**Optional parameters** -### Parameter: `privateEndpoints.customDnsConfigs` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | array | Application security groups in which the private endpoint IP configuration is included. | +| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | array | Custom DNS configurations. | +| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | +| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | +| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | +| [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | +| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | +| [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | +| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | +| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | +| [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | +| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | +| [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | -Optional. Custom DNS configurations. +### Parameter: `privateEndpoints.subnetResourceId` -- Required: No -- Type: array +Resource ID of the subnet where the endpoint needs to be created. -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | No | string | Required. Fqdn that resolves to private endpoint ip address. | -| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | Yes | array | Required. A list of private ip addresses of the private endpoint. | +- Required: Yes +- Type: string -### Parameter: `privateEndpoints.customDnsConfigs.fqdn` +### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` -Required. Fqdn that resolves to private endpoint ip address. +Application security groups in which the private endpoint IP configuration is included. - Required: No -- Type: string +- Type: array -### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` +### Parameter: `privateEndpoints.customDnsConfigs` -Required. A list of private ip addresses of the private endpoint. +Custom DNS configurations. -- Required: Yes +- Required: No - Type: array - ### Parameter: `privateEndpoints.customNetworkInterfaceName` -Optional. The custom name of the network interface attached to the private endpoint. +The custom name of the network interface attached to the private endpoint. - Required: No - Type: string ### Parameter: `privateEndpoints.enableTelemetry` -Optional. Enable/Disable usage telemetry for module. +Enable/Disable usage telemetry for module. - Required: No - Type: bool ### Parameter: `privateEndpoints.ipConfigurations` -Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. +A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`name`](#parameter-privateendpointsipconfigurationsname) | Yes | string | Required. The name of the resource that is unique within a resource group. | -| [`properties`](#parameter-privateendpointsipconfigurationsproperties) | Yes | object | Required. Properties of private endpoint IP configurations. | - -### Parameter: `privateEndpoints.ipConfigurations.name` +### Parameter: `privateEndpoints.location` -Required. The name of the resource that is unique within a resource group. +The location to deploy the private endpoint to. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties` +### Parameter: `privateEndpoints.lock` -Required. Properties of private endpoint IP configurations. +Specify the type of lock. -- Required: Yes +- Required: No - Type: object -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | Yes | string | Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. | -| [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | Yes | string | Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. | -| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | Yes | string | Required. A private ip address obtained from the private endpoint's subnet. | +**Optional parameters** -### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-privateendpointslockkind) | string | Specify the type of lock. | +| [`name`](#parameter-privateendpointslockname) | string | Specify the name of lock. | -Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. +### Parameter: `privateEndpoints.lock.kind` -- Required: Yes +Specify the type of lock. + +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` -### Parameter: `privateEndpoints.ipConfigurations.properties.memberName` +### Parameter: `privateEndpoints.lock.name` -Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. +Specify the name of lock. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` +### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` -Required. A private ip address obtained from the private endpoint's subnet. +Manual PrivateLink Service Connections. -- Required: Yes -- Type: string +- Required: No +- Type: array +### Parameter: `privateEndpoints.name` +The name of the private endpoint. -### Parameter: `privateEndpoints.location` +- Required: No +- Type: string -Optional. The location to deploy the private endpoint to. +### Parameter: `privateEndpoints.privateDnsZoneGroupName` + +The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. - Required: No - Type: string -### Parameter: `privateEndpoints.lock` +### Parameter: `privateEndpoints.privateDnsZoneResourceIds` -Optional. Specify the type of lock. +The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. - Required: No -- Type: object +- Type: array -### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` +### Parameter: `privateEndpoints.roleAssignments` -Optional. Manual PrivateLink Service Connections. +Array of role assignments to create. - Required: No - Type: array -### Parameter: `privateEndpoints.name` +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-privateendpointsroleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-privateendpointsroleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-privateendpointsroleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-privateendpointsroleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-privateendpointsroleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-privateendpointsroleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-privateendpointsroleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | + +### Parameter: `privateEndpoints.roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.roleAssignments.roleDefinitionIdOrName` -Optional. The name of the private endpoint. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.roleAssignments.condition` + +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `privateEndpoints.privateDnsZoneGroupName` +### Parameter: `privateEndpoints.roleAssignments.conditionVersion` -Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `privateEndpoints.privateDnsZoneResourceIds` +### Parameter: `privateEndpoints.roleAssignments.delegatedManagedIdentityResourceId` -Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. +The Resource Id of the delegated managed identity resource. - Required: No -- Type: array +- Type: string -### Parameter: `privateEndpoints.roleAssignments` +### Parameter: `privateEndpoints.roleAssignments.description` -Optional. Array of role assignments to create. +The description of the role assignment. - Required: No -- Type: array +- Type: string -### Parameter: `privateEndpoints.service` +### Parameter: `privateEndpoints.roleAssignments.principalType` -Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". +The principal type of the assigned principal ID. - Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` -### Parameter: `privateEndpoints.subnetResourceId` +### Parameter: `privateEndpoints.service` -Required. Resource ID of the subnet where the endpoint needs to be created. +The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". -- Required: Yes +- Required: No - Type: string ### Parameter: `privateEndpoints.tags` -Optional. Tags to be applied on all resources/resource groups in this deployment. +Tags to be applied on all resources/resource groups in this deployment. - Required: No - Type: object @@ -913,6 +956,7 @@ Optional. Tags to be applied on all resources/resource groups in this deployment ### Parameter: `publicNetworkAccess` Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. + - Required: No - Type: string - Default: `''` @@ -928,6 +972,7 @@ Whether or not public network access is allowed for this resource. For security ### Parameter: `redisConfiguration` All Redis Settings. Few possible keys: rdb-backup-enabled,rdb-storage-connection-string,rdb-backup-frequency,maxmemory-delta,maxmemory-policy,notify-keyspace-events,maxmemory-samples,slowlog-log-slower-than,slowlog-max-len,list-max-ziplist-entries,list-max-ziplist-value,hash-max-ziplist-entries,hash-max-ziplist-value,set-max-intset-entries,zset-max-ziplist-entries,zset-max-ziplist-value etc. + - Required: No - Type: object - Default: `{}` @@ -935,6 +980,7 @@ All Redis Settings. Few possible keys: rdb-backup-enabled,rdb-storage-connection ### Parameter: `redisVersion` Redis version. Only major version will be used in PUT/PATCH request with current valid values: (4, 6). + - Required: No - Type: string - Default: `'6'` @@ -949,6 +995,7 @@ Redis version. Only major version will be used in PUT/PATCH request with current ### Parameter: `replicasPerMaster` The number of replicas to be created per primary. + - Required: No - Type: int - Default: `1` @@ -956,6 +1003,7 @@ The number of replicas to be created per primary. ### Parameter: `replicasPerPrimary` The number of replicas to be created per primary. + - Required: No - Type: int - Default: `1` @@ -963,74 +1011,96 @@ The number of replicas to be created per primary. ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `shardCount` The number of shards to be created on a Premium Cluster Cache. + - Required: No - Type: int - Default: `1` @@ -1038,6 +1108,7 @@ The number of shards to be created on a Premium Cluster Cache. ### Parameter: `skuName` The type of Redis cache to deploy. + - Required: No - Type: string - Default: `'Basic'` @@ -1053,6 +1124,7 @@ The type of Redis cache to deploy. ### Parameter: `staticIP` Static IP address. Optionally, may be specified when deploying a Redis cache inside an existing Azure Virtual Network; auto assigned by default. + - Required: No - Type: string - Default: `''` @@ -1060,6 +1132,7 @@ Static IP address. Optionally, may be specified when deploying a Redis cache ins ### Parameter: `subnetId` The full resource ID of a subnet in a virtual network to deploy the Redis cache in. Example format: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/Microsoft.{Network|ClassicNetwork}/VirtualNetworks/vnet1/subnets/subnet1. + - Required: No - Type: string - Default: `''` @@ -1067,12 +1140,14 @@ The full resource ID of a subnet in a virtual network to deploy the Redis cache ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object ### Parameter: `tenantSettings` A dictionary of tenant settings. + - Required: No - Type: object - Default: `{}` @@ -1080,6 +1155,7 @@ A dictionary of tenant settings. ### Parameter: `zoneRedundant` When true, replicas will be provisioned in availability zones specified in the zones parameter. + - Required: No - Type: bool - Default: `True` @@ -1087,6 +1163,7 @@ When true, replicas will be provisioned in availability zones specified in the z ### Parameter: `zones` If the zoneRedundant parameter is true, replicas will be provisioned in the availability zones specified here. Otherwise, the service will choose where replicas are deployed. + - Required: No - Type: array - Default: `[]` diff --git a/modules/cdn/profile/README.md b/modules/cdn/profile/README.md index 81efa1a9e1..cb61a8f771 100644 --- a/modules/cdn/profile/README.md +++ b/modules/cdn/profile/README.md @@ -610,9 +610,50 @@ module profile 'br:bicep/modules/cdn.profile:1.0.0' = { | [`secrets`](#parameter-secrets) | array | Array of secret objects. | | [`tags`](#parameter-tags) | object | Endpoint tags. | +### Parameter: `name` + +Name of the CDN profile. + +- Required: Yes +- Type: string + +### Parameter: `sku` + +The pricing tier (defines a CDN provider, feature list and rate) of the CDN profile. + +- Required: Yes +- Type: string +- Allowed: + ```Bicep + [ + 'Custom_Verizon' + 'Premium_AzureFrontDoor' + 'Premium_Verizon' + 'Standard_955BandWidth_ChinaCdn' + 'Standard_Akamai' + 'Standard_AvgBandWidth_ChinaCdn' + 'Standard_AzureFrontDoor' + 'Standard_ChinaCdn' + 'Standard_Microsoft' + 'Standard_Verizon' + 'StandardPlus_955BandWidth_ChinaCdn' + 'StandardPlus_AvgBandWidth_ChinaCdn' + 'StandardPlus_ChinaCdn' + ] + ``` + +### Parameter: `origionGroups` + +Array of origin group objects. Required if the afdEndpoints is specified. + +- Required: No +- Type: array +- Default: `[]` + ### Parameter: `afdEndpoints` Array of AFD endpoint objects. + - Required: No - Type: array - Default: `[]` @@ -620,6 +661,7 @@ Array of AFD endpoint objects. ### Parameter: `customDomains` Array of custom domain objects. + - Required: No - Type: array - Default: `[]` @@ -627,6 +669,7 @@ Array of custom domain objects. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -634,6 +677,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `endpointName` Name of the endpoint under the profile which is unique globally. + - Required: No - Type: string - Default: `''` @@ -641,6 +685,7 @@ Name of the endpoint under the profile which is unique globally. ### Parameter: `endpointProperties` Endpoint properties (see https://learn.microsoft.com/en-us/azure/templates/microsoft.cdn/profiles/endpoints?pivots=deployment-language-bicep#endpointproperties for details). + - Required: No - Type: object - Default: `{}` @@ -648,6 +693,7 @@ Endpoint properties (see https://learn.microsoft.com/en-us/azure/templates/micro ### Parameter: `location` Location for all Resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -655,121 +701,140 @@ Location for all Resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string -### Parameter: `name` - -Name of the CDN profile. -- Required: Yes -- Type: string - ### Parameter: `originResponseTimeoutSeconds` Send and receive timeout on forwarding request to the origin. + - Required: No - Type: int - Default: `60` -### Parameter: `origionGroups` - -Array of origin group objects. Required if the afdEndpoints is specified. -- Required: No -- Type: array -- Default: `[]` - ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `ruleSets` Array of rule set objects. + - Required: No - Type: array - Default: `[]` @@ -777,37 +842,15 @@ Array of rule set objects. ### Parameter: `secrets` Array of secret objects. + - Required: No - Type: array - Default: `[]` -### Parameter: `sku` - -The pricing tier (defines a CDN provider, feature list and rate) of the CDN profile. -- Required: Yes -- Type: string -- Allowed: - ```Bicep - [ - 'Custom_Verizon' - 'Premium_AzureFrontDoor' - 'Premium_Verizon' - 'Standard_955BandWidth_ChinaCdn' - 'Standard_Akamai' - 'Standard_AvgBandWidth_ChinaCdn' - 'Standard_AzureFrontDoor' - 'Standard_ChinaCdn' - 'Standard_Microsoft' - 'Standard_Verizon' - 'StandardPlus_955BandWidth_ChinaCdn' - 'StandardPlus_AvgBandWidth_ChinaCdn' - 'StandardPlus_ChinaCdn' - ] - ``` - ### Parameter: `tags` Endpoint tags. + - Required: No - Type: object diff --git a/modules/cdn/profile/afdEndpoint/README.md b/modules/cdn/profile/afdEndpoint/README.md index 550b574e0e..d2bd8ba7d6 100644 --- a/modules/cdn/profile/afdEndpoint/README.md +++ b/modules/cdn/profile/afdEndpoint/README.md @@ -41,9 +41,24 @@ This module deploys a CDN Profile AFD Endpoint. | [`routes`](#parameter-routes) | array | The list of routes for this AFD Endpoint. | | [`tags`](#parameter-tags) | object | The tags of the AFD Endpoint. | +### Parameter: `name` + +The name of the AFD Endpoint. + +- Required: Yes +- Type: string + +### Parameter: `profileName` + +The name of the parent CDN profile. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `autoGeneratedDomainNameLabelScope` Indicates the endpoint name reuse scope. The default value is TenantReuse. + - Required: No - Type: string - Default: `'TenantReuse'` @@ -60,6 +75,7 @@ Indicates the endpoint name reuse scope. The default value is TenantReuse. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -67,6 +83,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `enabledState` Indicates whether the AFD Endpoint is enabled. The default value is Enabled. + - Required: No - Type: string - Default: `'Enabled'` @@ -81,25 +98,15 @@ Indicates whether the AFD Endpoint is enabled. The default value is Enabled. ### Parameter: `location` The location of the AFD Endpoint. + - Required: No - Type: string - Default: `[resourceGroup().location]` -### Parameter: `name` - -The name of the AFD Endpoint. -- Required: Yes -- Type: string - -### Parameter: `profileName` - -The name of the parent CDN profile. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `routes` The list of routes for this AFD Endpoint. + - Required: No - Type: array - Default: `[]` @@ -107,6 +114,7 @@ The list of routes for this AFD Endpoint. ### Parameter: `tags` The tags of the AFD Endpoint. + - Required: No - Type: object diff --git a/modules/cdn/profile/afdEndpoint/route/README.md b/modules/cdn/profile/afdEndpoint/route/README.md index ee38e36c07..f00b17c993 100644 --- a/modules/cdn/profile/afdEndpoint/route/README.md +++ b/modules/cdn/profile/afdEndpoint/route/README.md @@ -45,12 +45,36 @@ This module deploys a CDN Profile AFD Endpoint route. ### Parameter: `afdEndpointName` The name of the AFD endpoint. + +- Required: Yes +- Type: string + +### Parameter: `name` + +The name of the route. + +- Required: Yes +- Type: string + +### Parameter: `originGroupName` + +The name of the origin group. The origin group must be defined in the profile originGroups. + +- Required: No +- Type: string +- Default: `''` + +### Parameter: `profileName` + +The name of the parent CDN profile. + - Required: Yes - Type: string ### Parameter: `cacheConfiguration` The caching configuration for this route. To disable caching, do not provide a cacheConfiguration object. + - Required: No - Type: object - Default: `{}` @@ -58,12 +82,14 @@ The caching configuration for this route. To disable caching, do not provide a c ### Parameter: `customDomainName` The name of the custom domain. The custom domain must be defined in the profile customDomains. + - Required: Yes - Type: string ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -71,6 +97,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `enabledState` Whether this route is enabled. + - Required: No - Type: string - Default: `'Enabled'` @@ -85,6 +112,7 @@ Whether this route is enabled. ### Parameter: `forwardingProtocol` The protocol this rule will use when forwarding traffic to backends. + - Required: No - Type: string - Default: `'MatchRequest'` @@ -100,6 +128,7 @@ The protocol this rule will use when forwarding traffic to backends. ### Parameter: `httpsRedirect` Whether to automatically redirect HTTP traffic to HTTPS traffic. + - Required: No - Type: string - Default: `'Enabled'` @@ -114,6 +143,7 @@ Whether to automatically redirect HTTP traffic to HTTPS traffic. ### Parameter: `linkToDefaultDomain` Whether this route will be linked to the default endpoint domain. + - Required: No - Type: string - Default: `'Enabled'` @@ -125,22 +155,10 @@ Whether this route will be linked to the default endpoint domain. ] ``` -### Parameter: `name` - -The name of the route. -- Required: Yes -- Type: string - -### Parameter: `originGroupName` - -The name of the origin group. The origin group must be defined in the profile originGroups. -- Required: No -- Type: string -- Default: `''` - ### Parameter: `originPath` A directory path on the origin that AzureFrontDoor can use to retrieve content from, e.g. contoso.cloudapp.net/originpath. + - Required: No - Type: string - Default: `''` @@ -148,19 +166,15 @@ A directory path on the origin that AzureFrontDoor can use to retrieve content f ### Parameter: `patternsToMatch` The route patterns of the rule. + - Required: No - Type: array - Default: `[]` -### Parameter: `profileName` - -The name of the parent CDN profile. -- Required: Yes -- Type: string - ### Parameter: `ruleSets` The rule sets of the rule. The rule sets must be defined in the profile ruleSets. + - Required: No - Type: array - Default: `[]` @@ -168,6 +182,7 @@ The rule sets of the rule. The rule sets must be defined in the profile ruleSets ### Parameter: `supportedProtocols` The supported protocols of the rule. + - Required: No - Type: array - Default: `[]` diff --git a/modules/cdn/profile/customdomain/README.md b/modules/cdn/profile/customdomain/README.md index 7ce7762573..33c0144835 100644 --- a/modules/cdn/profile/customdomain/README.md +++ b/modules/cdn/profile/customdomain/README.md @@ -42,16 +42,10 @@ This module deploys a CDN Profile Custom Domains. | :-- | :-- | :-- | | [`azureDnsZoneResourceId`](#parameter-azurednszoneresourceid) | string | Resource reference to the Azure DNS zone. | -### Parameter: `azureDnsZoneResourceId` - -Resource reference to the Azure DNS zone. -- Required: No -- Type: string -- Default: `''` - ### Parameter: `certificateType` The type of the certificate used for secure delivery. + - Required: Yes - Type: string - Allowed: @@ -62,9 +56,31 @@ The type of the certificate used for secure delivery. ] ``` +### Parameter: `hostName` + +The host name of the domain. Must be a domain name. + +- Required: Yes +- Type: string + +### Parameter: `name` + +The name of the custom domain. + +- Required: Yes +- Type: string + +### Parameter: `profileName` + +The name of the CDN profile. + +- Required: Yes +- Type: string + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -72,19 +88,15 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `extendedProperties` Key-Value pair representing migration properties for domains. + - Required: No - Type: object - Default: `{}` -### Parameter: `hostName` - -The host name of the domain. Must be a domain name. -- Required: Yes -- Type: string - ### Parameter: `minimumTlsVersion` The minimum TLS version required for the custom domain. Default value: TLS12. + - Required: No - Type: string - Default: `'TLS12'` @@ -96,28 +108,26 @@ The minimum TLS version required for the custom domain. Default value: TLS12. ] ``` -### Parameter: `name` - -The name of the custom domain. -- Required: Yes -- Type: string - ### Parameter: `preValidatedCustomDomainResourceId` Resource reference to the Azure resource where custom domain ownership was prevalidated. + - Required: No - Type: string - Default: `''` -### Parameter: `profileName` +### Parameter: `secretName` -The name of the CDN profile. -- Required: Yes +The name of the secret. ie. subs/rg/profile/secret. + +- Required: No - Type: string +- Default: `''` -### Parameter: `secretName` +### Parameter: `azureDnsZoneResourceId` + +Resource reference to the Azure DNS zone. -The name of the secret. ie. subs/rg/profile/secret. - Required: No - Type: string - Default: `''` diff --git a/modules/cdn/profile/endpoint/README.md b/modules/cdn/profile/endpoint/README.md index f1a4da9f0f..2ed256dbe2 100644 --- a/modules/cdn/profile/endpoint/README.md +++ b/modules/cdn/profile/endpoint/README.md @@ -39,41 +39,47 @@ This module deploys a CDN Profile Endpoint. | [`location`](#parameter-location) | string | Resource location. | | [`tags`](#parameter-tags) | object | Endpoint tags. | -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` +### Parameter: `name` -### Parameter: `location` +Name of the endpoint under the profile which is unique globally. -Resource location. -- Required: No +- Required: Yes - Type: string -- Default: `[resourceGroup().location]` -### Parameter: `name` +### Parameter: `properties` + +Endpoint properties (see https://learn.microsoft.com/en-us/azure/templates/microsoft.cdn/profiles/endpoints?pivots=deployment-language-bicep#endpointproperties for details). -Name of the endpoint under the profile which is unique globally. - Required: Yes -- Type: string +- Type: object ### Parameter: `profileName` The name of the parent CDN profile. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string -### Parameter: `properties` +### Parameter: `enableDefaultTelemetry` -Endpoint properties (see https://learn.microsoft.com/en-us/azure/templates/microsoft.cdn/profiles/endpoints?pivots=deployment-language-bicep#endpointproperties for details). -- Required: Yes -- Type: object +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Resource location. + +- Required: No +- Type: string +- Default: `[resourceGroup().location]` ### Parameter: `tags` Endpoint tags. + - Required: No - Type: object diff --git a/modules/cdn/profile/endpoint/origin/README.md b/modules/cdn/profile/endpoint/origin/README.md index 706d8a9c4a..f68d78a71a 100644 --- a/modules/cdn/profile/endpoint/origin/README.md +++ b/modules/cdn/profile/endpoint/origin/README.md @@ -46,61 +46,31 @@ This module deploys a CDN Profile Endpoint Origin. | [`privateLinkResourceId`](#parameter-privatelinkresourceid) | string | The private link resource ID of the origin. | | [`profileName`](#parameter-profilename) | string | The name of the CDN profile. Default to "default". | -### Parameter: `enabled` - -Whether the origin is enabled for load balancing. -- Required: No -- Type: bool -- Default: `True` - -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` - ### Parameter: `endpointName` The name of the CDN Endpoint. + - Required: Yes - Type: string ### Parameter: `hostName` The hostname of the origin. + - Required: Yes - Type: string -### Parameter: `httpPort` - -The HTTP port of the origin. -- Required: No -- Type: int -- Default: `80` - -### Parameter: `httpsPort` - -The HTTPS port of the origin. -- Required: No -- Type: int -- Default: `443` - ### Parameter: `name` The name of the origin. -- Required: Yes -- Type: string - -### Parameter: `originHostHeader` -The host header value sent to the origin. - Required: Yes - Type: string ### Parameter: `priority` The priority of origin in given origin group for load balancing. Required if `weight` is provided. + - Required: No - Type: int - Default: `-1` @@ -108,35 +78,79 @@ The priority of origin in given origin group for load balancing. Required if `we ### Parameter: `privateLinkAlias` The private link alias of the origin. Required if privateLinkLocation is provided. + - Required: Yes - Type: string ### Parameter: `privateLinkLocation` The private link location of the origin. Required if privateLinkAlias is provided. + +- Required: Yes +- Type: string + +### Parameter: `weight` + +The weight of the origin used for load balancing. Required if `priority` is provided. + +- Required: No +- Type: int +- Default: `-1` + +### Parameter: `enabled` + +Whether the origin is enabled for load balancing. + +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `httpPort` + +The HTTP port of the origin. + +- Required: No +- Type: int +- Default: `80` + +### Parameter: `httpsPort` + +The HTTPS port of the origin. + +- Required: No +- Type: int +- Default: `443` + +### Parameter: `originHostHeader` + +The host header value sent to the origin. + - Required: Yes - Type: string ### Parameter: `privateLinkResourceId` The private link resource ID of the origin. + - Required: Yes - Type: string ### Parameter: `profileName` The name of the CDN profile. Default to "default". + - Required: No - Type: string - Default: `'default'` -### Parameter: `weight` - -The weight of the origin used for load balancing. Required if `priority` is provided. -- Required: No -- Type: int -- Default: `-1` - ## Outputs diff --git a/modules/cdn/profile/origingroup/README.md b/modules/cdn/profile/origingroup/README.md index 9bdf5278c6..7b01a13bb7 100644 --- a/modules/cdn/profile/origingroup/README.md +++ b/modules/cdn/profile/origingroup/README.md @@ -36,35 +36,24 @@ This module deploys a CDN Profile Origin Group. | [`sessionAffinityState`](#parameter-sessionaffinitystate) | string | Whether to allow session affinity on this host. | | [`trafficRestorationTimeToHealedOrNewEndpointsInMinutes`](#parameter-trafficrestorationtimetohealedornewendpointsinminutes) | int | Time in minutes to shift the traffic to the endpoint gradually when an unhealthy endpoint comes healthy or a new endpoint is added. Default is 10 mins. | -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` - -### Parameter: `healthProbeSettings` - -Health probe settings to the origin that is used to determine the health of the origin. -- Required: No -- Type: object -- Default: `{}` - ### Parameter: `loadBalancingSettings` Load balancing settings for a backend pool. + - Required: Yes - Type: object ### Parameter: `name` The name of the origin group. + - Required: Yes - Type: string ### Parameter: `origins` The list of origins within the origin group. + - Required: No - Type: array - Default: `[]` @@ -72,12 +61,30 @@ The list of origins within the origin group. ### Parameter: `profileName` The name of the CDN profile. + - Required: Yes - Type: string +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `healthProbeSettings` + +Health probe settings to the origin that is used to determine the health of the origin. + +- Required: No +- Type: object +- Default: `{}` + ### Parameter: `sessionAffinityState` Whether to allow session affinity on this host. + - Required: No - Type: string - Default: `'Disabled'` @@ -92,6 +99,7 @@ Whether to allow session affinity on this host. ### Parameter: `trafficRestorationTimeToHealedOrNewEndpointsInMinutes` Time in minutes to shift the traffic to the endpoint gradually when an unhealthy endpoint comes healthy or a new endpoint is added. Default is 10 mins. + - Required: No - Type: int - Default: `10` diff --git a/modules/cdn/profile/origingroup/origin/README.md b/modules/cdn/profile/origingroup/origin/README.md index b85b8c8edc..50ca9fa71e 100644 --- a/modules/cdn/profile/origingroup/origin/README.md +++ b/modules/cdn/profile/origingroup/origin/README.md @@ -40,9 +40,38 @@ This module deploys a CDN Profile Origin. | [`sharedPrivateLinkResource`](#parameter-sharedprivatelinkresource) | object | The properties of the private link resource for private origin. | | [`weight`](#parameter-weight) | int | Weight of the origin in given origin group for load balancing. Must be between 1 and 1000. | +### Parameter: `hostName` + +The address of the origin. Domain names, IPv4 addresses, and IPv6 addresses are supported.This should be unique across all origins in an endpoint. + +- Required: Yes +- Type: string + +### Parameter: `name` + +The name of the origion. + +- Required: Yes +- Type: string + +### Parameter: `originGroupName` + +The name of the group. + +- Required: Yes +- Type: string + +### Parameter: `profileName` + +The name of the CDN profile. + +- Required: Yes +- Type: string + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -50,6 +79,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `enabledState` Whether to enable health probes to be made against backends defined under backendPools. Health probes can only be disabled if there is a single enabled backend in single enabled backend pool. + - Required: No - Type: string - Default: `'Enabled'` @@ -64,19 +94,15 @@ Whether to enable health probes to be made against backends defined under backen ### Parameter: `enforceCertificateNameCheck` Whether to enable certificate name check at origin level. + - Required: No - Type: bool - Default: `True` -### Parameter: `hostName` - -The address of the origin. Domain names, IPv4 addresses, and IPv6 addresses are supported.This should be unique across all origins in an endpoint. -- Required: Yes -- Type: string - ### Parameter: `httpPort` The value of the HTTP port. Must be between 1 and 65535. + - Required: No - Type: int - Default: `80` @@ -84,25 +110,15 @@ The value of the HTTP port. Must be between 1 and 65535. ### Parameter: `httpsPort` The value of the HTTPS port. Must be between 1 and 65535. + - Required: No - Type: int - Default: `443` -### Parameter: `name` - -The name of the origion. -- Required: Yes -- Type: string - -### Parameter: `originGroupName` - -The name of the group. -- Required: Yes -- Type: string - ### Parameter: `originHostHeader` The host header value sent to the origin with each request. If you leave this blank, the request hostname determines this value. Azure Front Door origins, such as Web Apps, Blob Storage, and Cloud Services require this host header value to match the origin hostname by default. This overrides the host header defined at Endpoint. + - Required: No - Type: string - Default: `''` @@ -110,19 +126,15 @@ The host header value sent to the origin with each request. If you leave this bl ### Parameter: `priority` Priority of origin in given origin group for load balancing. Higher priorities will not be used for load balancing if any lower priority origin is healthy.Must be between 1 and 5. + - Required: No - Type: int - Default: `1` -### Parameter: `profileName` - -The name of the CDN profile. -- Required: Yes -- Type: string - ### Parameter: `sharedPrivateLinkResource` The properties of the private link resource for private origin. + - Required: No - Type: object - Default: `{}` @@ -130,6 +142,7 @@ The properties of the private link resource for private origin. ### Parameter: `weight` Weight of the origin in given origin group for load balancing. Must be between 1 and 1000. + - Required: No - Type: int - Default: `1000` diff --git a/modules/cdn/profile/ruleset/README.md b/modules/cdn/profile/ruleset/README.md index e7dc4c15de..d42984d60e 100644 --- a/modules/cdn/profile/ruleset/README.md +++ b/modules/cdn/profile/ruleset/README.md @@ -37,28 +37,32 @@ This module deploys a CDN Profile rule set. | :-- | :-- | :-- | | [`rules`](#parameter-rules) | array | The rules to apply to the rule set. | -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` - ### Parameter: `name` The name of the rule set. + - Required: Yes - Type: string ### Parameter: `profileName` The name of the CDN profile. + - Required: Yes - Type: string +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` + ### Parameter: `rules` The rules to apply to the rule set. + - Required: No - Type: array - Default: `[]` diff --git a/modules/cdn/profile/ruleset/rule/README.md b/modules/cdn/profile/ruleset/rule/README.md index 266206f611..75419429db 100644 --- a/modules/cdn/profile/ruleset/rule/README.md +++ b/modules/cdn/profile/ruleset/rule/README.md @@ -35,30 +35,10 @@ This module deploys a CDN Profile rule. | [`conditions`](#parameter-conditions) | array | A list of conditions that must be matched for the actions to be executed. | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | -### Parameter: `actions` - -A list of actions that are executed when all the conditions of a rule are satisfied. -- Required: No -- Type: array -- Default: `[]` - -### Parameter: `conditions` - -A list of conditions that must be matched for the actions to be executed. -- Required: No -- Type: array -- Default: `[]` - -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` - ### Parameter: `matchProcessingBehavior` If this rule is a match should the rules engine continue running the remaining rules or stop. If not present, defaults to Continue. + - Required: Yes - Type: string - Allowed: @@ -72,27 +52,55 @@ If this rule is a match should the rules engine continue running the remaining r ### Parameter: `name` The name of the rule. + - Required: Yes - Type: string ### Parameter: `order` The order in which this rule will be applied. Rules with a lower order are applied before rules with a higher order. + - Required: Yes - Type: int ### Parameter: `profileName` The name of the profile. + - Required: Yes - Type: string ### Parameter: `ruleSetName` The name of the rule set. + - Required: Yes - Type: string +### Parameter: `actions` + +A list of actions that are executed when all the conditions of a rule are satisfied. + +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `conditions` + +A list of conditions that must be matched for the actions to be executed. + +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` + ## Outputs diff --git a/modules/cdn/profile/secret/README.md b/modules/cdn/profile/secret/README.md index 2a539a98af..b1b08a4d45 100644 --- a/modules/cdn/profile/secret/README.md +++ b/modules/cdn/profile/secret/README.md @@ -40,35 +40,57 @@ This module deploys a CDN Profile Secret. | [`subjectAlternativeNames`](#parameter-subjectalternativenames) | array | The subject alternative names of the secrect. | | [`useLatestVersion`](#parameter-uselatestversion) | bool | Indicates whether to use the latest version of the secrect. | -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` - ### Parameter: `name` The name of the secrect. + - Required: Yes - Type: string +### Parameter: `type` + +The type of the secrect. + +- Required: No +- Type: string +- Default: `'AzureFirstPartyManagedCertificate'` +- Allowed: + ```Bicep + [ + 'AzureFirstPartyManagedCertificate' + 'CustomerCertificate' + 'ManagedCertificate' + 'UrlSigningKey' + ] + ``` + ### Parameter: `profileName` The name of the parent CDN profile. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string ### Parameter: `secretSourceResourceId` The resource ID of the secrect source. Required if the type is CustomerCertificate. + - Required: No - Type: string - Default: `''` +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` + ### Parameter: `secretVersion` The version of the secret. + - Required: No - Type: string - Default: `''` @@ -76,29 +98,15 @@ The version of the secret. ### Parameter: `subjectAlternativeNames` The subject alternative names of the secrect. + - Required: No - Type: array - Default: `[]` -### Parameter: `type` - -The type of the secrect. -- Required: No -- Type: string -- Default: `'AzureFirstPartyManagedCertificate'` -- Allowed: - ```Bicep - [ - 'AzureFirstPartyManagedCertificate' - 'CustomerCertificate' - 'ManagedCertificate' - 'UrlSigningKey' - ] - ``` - ### Parameter: `useLatestVersion` Indicates whether to use the latest version of the secrect. + - Required: No - Type: bool - Default: `False` diff --git a/modules/cognitive-services/account/README.md b/modules/cognitive-services/account/README.md index 5a6f311874..fdc4c529e8 100644 --- a/modules/cognitive-services/account/README.md +++ b/modules/cognitive-services/account/README.md @@ -732,37 +732,51 @@ module account 'br:bicep/modules/cognitive-services.account:1.0.0' = { | [`tags`](#parameter-tags) | object | Tags of the resource. | | [`userOwnedStorage`](#parameter-userownedstorage) | array | The storage accounts for this resource. | -### Parameter: `allowedFqdnList` +### Parameter: `kind` -List of allowed FQDN. -- Required: No -- Type: array -- Default: `[]` +Kind of the Cognitive Services. Use 'Get-AzCognitiveServicesAccountSku' to determine a valid combinations of 'kind' and 'SKU' for your Azure region. -### Parameter: `apiProperties` +- Required: Yes +- Type: string +- Allowed: + ```Bicep + [ + 'AnomalyDetector' + 'Bing.Autosuggest.v7' + 'Bing.CustomSearch' + 'Bing.EntitySearch' + 'Bing.Search.v7' + 'Bing.SpellCheck.v7' + 'CognitiveServices' + 'ComputerVision' + 'ContentModerator' + 'CustomVision.Prediction' + 'CustomVision.Training' + 'Face' + 'FormRecognizer' + 'ImmersiveReader' + 'Internal.AllInOne' + 'LUIS' + 'LUIS.Authoring' + 'Personalizer' + 'QnAMaker' + 'SpeechServices' + 'TextAnalytics' + 'TextTranslation' + ] + ``` -The API properties for special APIs. -- Required: No -- Type: object -- Default: `{}` +### Parameter: `name` -### Parameter: `cMKKeyName` +The name of Cognitive Services account. -The name of the customer managed key to use for encryption. Cannot be deployed together with the parameter 'systemAssignedIdentity' enabled. -- Required: No +- Required: Yes - Type: string -- Default: `''` ### Parameter: `cMKKeyVaultResourceId` The resource ID of a key vault to reference a customer managed key for encryption from. Required if 'cMKKeyName' is not empty. -- Required: No -- Type: string -- Default: `''` - -### Parameter: `cMKKeyVersion` -The version of the customer managed key to reference for encryption. If not provided, latest is used. - Required: No - Type: string - Default: `''` @@ -770,6 +784,7 @@ The version of the customer managed key to reference for encryption. If not prov ### Parameter: `cMKUserAssignedIdentityResourceId` User assigned identity to use when fetching the customer managed key. Required if 'cMKKeyName' is not empty. + - Required: No - Type: string - Default: `''` @@ -777,121 +792,130 @@ User assigned identity to use when fetching the customer managed key. Required i ### Parameter: `customSubDomainName` Subdomain name used for token-based authentication. Required if 'networkAcls' or 'privateEndpoints' are set. + - Required: No - Type: string - Default: `''` -### Parameter: `diagnosticSettings` +### Parameter: `allowedFqdnList` + +List of allowed FQDN. -The diagnostic settings of the service. - Required: No - Type: array +- Default: `[]` +### Parameter: `apiProperties` -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | - -### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` - -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +The API properties for special APIs. - Required: No -- Type: string +- Type: object +- Default: `{}` -### Parameter: `diagnosticSettings.eventHubName` +### Parameter: `cMKKeyName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +The name of the customer managed key to use for encryption. Cannot be deployed together with the parameter 'systemAssignedIdentity' enabled. - Required: No - Type: string +- Default: `''` -### Parameter: `diagnosticSettings.logAnalyticsDestinationType` +### Parameter: `cMKKeyVersion` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +The version of the customer managed key to reference for encryption. If not provided, latest is used. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Default: `''` -### Parameter: `diagnosticSettings.logCategoriesAndGroups` +### Parameter: `diagnosticSettings` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The diagnostic settings of the service. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` +### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` +### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string +### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -### Parameter: `diagnosticSettings.marketplacePartnerResourceId` - -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` -### Parameter: `diagnosticSettings.metricCategories` +### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | - -### Parameter: `diagnosticSettings.metricCategories.category` +### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. -- Required: Yes +- Required: No - Type: string +### Parameter: `diagnosticSettings.metricCategories` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. + +- Required: No +- Type: array ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -899,6 +923,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `disableLocalAuth` Allow only Azure AD authentication. Should be enabled for security reasons. + - Required: No - Type: bool - Default: `True` @@ -906,6 +931,7 @@ Allow only Azure AD authentication. Should be enabled for security reasons. ### Parameter: `dynamicThrottlingEnabled` The flag to enable dynamic throttling. + - Required: No - Type: bool - Default: `False` @@ -913,46 +939,15 @@ The flag to enable dynamic throttling. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` -### Parameter: `kind` - -Kind of the Cognitive Services. Use 'Get-AzCognitiveServicesAccountSku' to determine a valid combinations of 'kind' and 'SKU' for your Azure region. -- Required: Yes -- Type: string -- Allowed: - ```Bicep - [ - 'AnomalyDetector' - 'Bing.Autosuggest.v7' - 'Bing.CustomSearch' - 'Bing.EntitySearch' - 'Bing.Search.v7' - 'Bing.SpellCheck.v7' - 'CognitiveServices' - 'ComputerVision' - 'ContentModerator' - 'CustomVision.Prediction' - 'CustomVision.Training' - 'Face' - 'FormRecognizer' - 'ImmersiveReader' - 'Internal.AllInOne' - 'LUIS' - 'LUIS.Authoring' - 'Personalizer' - 'QnAMaker' - 'SpeechServices' - 'TextAnalytics' - 'TextTranslation' - ] - ``` - ### Parameter: `location` Location for all Resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -960,26 +955,35 @@ Location for all Resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -987,25 +991,27 @@ Optional. Specify the name of lock. ### Parameter: `managedIdentities` The managed identity definition for this resource. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | No | bool | Optional. Enables system assigned managed identity on the resource. | -| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | No | array | Optional. The resource ID(s) to assign to the resource. Required if a user assigned identity is used for encryption. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | bool | Enables system assigned managed identity on the resource. | +| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. Required if a user assigned identity is used for encryption. | ### Parameter: `managedIdentities.systemAssigned` -Optional. Enables system assigned managed identity on the resource. +Enables system assigned managed identity on the resource. - Required: No - Type: bool ### Parameter: `managedIdentities.userAssignedResourceIds` -Optional. The resource ID(s) to assign to the resource. Required if a user assigned identity is used for encryption. +The resource ID(s) to assign to the resource. Required if a user assigned identity is used for encryption. - Required: No - Type: array @@ -1013,19 +1019,15 @@ Optional. The resource ID(s) to assign to the resource. Required if a user assig ### Parameter: `migrationToken` Resource migration token. + - Required: No - Type: string - Default: `''` -### Parameter: `name` - -The name of Cognitive Services account. -- Required: Yes -- Type: string - ### Parameter: `networkAcls` A collection of rules governing the accessibility from specific network locations. + - Required: No - Type: object - Default: `{}` @@ -1033,197 +1035,247 @@ A collection of rules governing the accessibility from specific network location ### Parameter: `privateEndpoints` Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | No | array | Optional. Application security groups in which the private endpoint IP configuration is included. | -| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | No | array | Optional. Custom DNS configurations. | -| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | No | string | Optional. The custom name of the network interface attached to the private endpoint. | -| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | No | bool | Optional. Enable/Disable usage telemetry for module. | -| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | No | array | Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | -| [`location`](#parameter-privateendpointslocation) | No | string | Optional. The location to deploy the private endpoint to. | -| [`lock`](#parameter-privateendpointslock) | No | object | Optional. Specify the type of lock. | -| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | No | array | Optional. Manual PrivateLink Service Connections. | -| [`name`](#parameter-privateendpointsname) | No | string | Optional. The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | No | string | Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | -| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | No | array | Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | -| [`roleAssignments`](#parameter-privateendpointsroleassignments) | No | array | Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| [`service`](#parameter-privateendpointsservice) | No | string | Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | -| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | Yes | string | Required. Resource ID of the subnet where the endpoint needs to be created. | -| [`tags`](#parameter-privateendpointstags) | No | object | Optional. Tags to be applied on all resources/resource groups in this deployment. | - -### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` - -Optional. Application security groups in which the private endpoint IP configuration is included. +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | string | Resource ID of the subnet where the endpoint needs to be created. | -- Required: No -- Type: array +**Optional parameters** -### Parameter: `privateEndpoints.customDnsConfigs` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | array | Application security groups in which the private endpoint IP configuration is included. | +| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | array | Custom DNS configurations. | +| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | +| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | +| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | +| [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | +| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | +| [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | +| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | +| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | +| [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | +| [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | -Optional. Custom DNS configurations. +### Parameter: `privateEndpoints.subnetResourceId` -- Required: No -- Type: array +Resource ID of the subnet where the endpoint needs to be created. -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | No | string | Required. Fqdn that resolves to private endpoint ip address. | -| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | Yes | array | Required. A list of private ip addresses of the private endpoint. | +- Required: Yes +- Type: string -### Parameter: `privateEndpoints.customDnsConfigs.fqdn` +### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` -Required. Fqdn that resolves to private endpoint ip address. +Application security groups in which the private endpoint IP configuration is included. - Required: No -- Type: string +- Type: array -### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` +### Parameter: `privateEndpoints.customDnsConfigs` -Required. A list of private ip addresses of the private endpoint. +Custom DNS configurations. -- Required: Yes +- Required: No - Type: array - ### Parameter: `privateEndpoints.customNetworkInterfaceName` -Optional. The custom name of the network interface attached to the private endpoint. +The custom name of the network interface attached to the private endpoint. - Required: No - Type: string ### Parameter: `privateEndpoints.enableTelemetry` -Optional. Enable/Disable usage telemetry for module. +Enable/Disable usage telemetry for module. - Required: No - Type: bool ### Parameter: `privateEndpoints.ipConfigurations` -Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. +A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`name`](#parameter-privateendpointsipconfigurationsname) | Yes | string | Required. The name of the resource that is unique within a resource group. | -| [`properties`](#parameter-privateendpointsipconfigurationsproperties) | Yes | object | Required. Properties of private endpoint IP configurations. | - -### Parameter: `privateEndpoints.ipConfigurations.name` +### Parameter: `privateEndpoints.location` -Required. The name of the resource that is unique within a resource group. +The location to deploy the private endpoint to. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties` +### Parameter: `privateEndpoints.lock` -Required. Properties of private endpoint IP configurations. +Specify the type of lock. -- Required: Yes +- Required: No - Type: object -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | Yes | string | Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. | -| [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | Yes | string | Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. | -| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | Yes | string | Required. A private ip address obtained from the private endpoint's subnet. | +**Optional parameters** -### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-privateendpointslockkind) | string | Specify the type of lock. | +| [`name`](#parameter-privateendpointslockname) | string | Specify the name of lock. | -Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. +### Parameter: `privateEndpoints.lock.kind` -- Required: Yes +Specify the type of lock. + +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` -### Parameter: `privateEndpoints.ipConfigurations.properties.memberName` +### Parameter: `privateEndpoints.lock.name` -Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. +Specify the name of lock. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` +### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` -Required. A private ip address obtained from the private endpoint's subnet. +Manual PrivateLink Service Connections. -- Required: Yes -- Type: string +- Required: No +- Type: array +### Parameter: `privateEndpoints.name` +The name of the private endpoint. -### Parameter: `privateEndpoints.location` +- Required: No +- Type: string -Optional. The location to deploy the private endpoint to. +### Parameter: `privateEndpoints.privateDnsZoneGroupName` + +The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. - Required: No - Type: string -### Parameter: `privateEndpoints.lock` +### Parameter: `privateEndpoints.privateDnsZoneResourceIds` -Optional. Specify the type of lock. +The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. - Required: No -- Type: object +- Type: array -### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` +### Parameter: `privateEndpoints.roleAssignments` -Optional. Manual PrivateLink Service Connections. +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. - Required: No - Type: array -### Parameter: `privateEndpoints.name` +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-privateendpointsroleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-privateendpointsroleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-privateendpointsroleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-privateendpointsroleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-privateendpointsroleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-privateendpointsroleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-privateendpointsroleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | + +### Parameter: `privateEndpoints.roleAssignments.principalId` -Optional. The name of the private endpoint. +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.roleAssignments.roleDefinitionIdOrName` + +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.roleAssignments.condition` + +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `privateEndpoints.privateDnsZoneGroupName` +### Parameter: `privateEndpoints.roleAssignments.conditionVersion` -Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `privateEndpoints.privateDnsZoneResourceIds` +### Parameter: `privateEndpoints.roleAssignments.delegatedManagedIdentityResourceId` -Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. +The Resource Id of the delegated managed identity resource. - Required: No -- Type: array +- Type: string -### Parameter: `privateEndpoints.roleAssignments` +### Parameter: `privateEndpoints.roleAssignments.description` -Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The description of the role assignment. - Required: No -- Type: array +- Type: string -### Parameter: `privateEndpoints.service` +### Parameter: `privateEndpoints.roleAssignments.principalType` -Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". +The principal type of the assigned principal ID. - Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` -### Parameter: `privateEndpoints.subnetResourceId` +### Parameter: `privateEndpoints.service` -Required. Resource ID of the subnet where the endpoint needs to be created. +The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". -- Required: Yes +- Required: No - Type: string ### Parameter: `privateEndpoints.tags` -Optional. Tags to be applied on all resources/resource groups in this deployment. +Tags to be applied on all resources/resource groups in this deployment. - Required: No - Type: object @@ -1231,6 +1283,7 @@ Optional. Tags to be applied on all resources/resource groups in this deployment ### Parameter: `publicNetworkAccess` Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and networkAcls are not set. + - Required: No - Type: string - Default: `''` @@ -1246,6 +1299,7 @@ Whether or not public network access is allowed for this resource. For security ### Parameter: `restore` Restore a soft-deleted cognitive service at deployment time. Will fail if no such soft-deleted resource exists. + - Required: No - Type: bool - Default: `False` @@ -1253,6 +1307,7 @@ Restore a soft-deleted cognitive service at deployment time. Will fail if no suc ### Parameter: `restrictOutboundNetworkAccess` Restrict outbound network access. + - Required: No - Type: bool - Default: `True` @@ -1260,74 +1315,96 @@ Restrict outbound network access. ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `sku` SKU of the Cognitive Services resource. Use 'Get-AzCognitiveServicesAccountSku' to determine a valid combinations of 'kind' and 'SKU' for your Azure region. + - Required: No - Type: string - Default: `'S0'` @@ -1357,12 +1434,14 @@ SKU of the Cognitive Services resource. Use 'Get-AzCognitiveServicesAccountSku' ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object ### Parameter: `userOwnedStorage` The storage accounts for this resource. + - Required: No - Type: array - Default: `[]` diff --git a/modules/compute/availability-set/README.md b/modules/compute/availability-set/README.md index 7eb1754df5..8f1eeb1480 100644 --- a/modules/compute/availability-set/README.md +++ b/modules/compute/availability-set/README.md @@ -285,9 +285,17 @@ module availabilitySet 'br:bicep/modules/compute.availability-set:1.0.0' = { | [`skuName`](#parameter-skuname) | string | SKU of the availability set.

- Use 'Aligned' for virtual machines with managed disks.

- Use 'Classic' for virtual machines with unmanaged disks. | | [`tags`](#parameter-tags) | object | Tags of the availability set resource. | +### Parameter: `name` + +The name of the availability set that is being created. + +- Required: Yes +- Type: string + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -295,6 +303,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` Resource location. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -302,39 +311,43 @@ Resource location. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string -### Parameter: `name` - -The name of the availability set that is being created. -- Required: Yes -- Type: string - ### Parameter: `platformFaultDomainCount` The number of fault domains to use. + - Required: No - Type: int - Default: `2` @@ -342,6 +355,7 @@ The number of fault domains to use. ### Parameter: `platformUpdateDomainCount` The number of update domains to use. + - Required: No - Type: int - Default: `5` @@ -349,6 +363,7 @@ The number of update domains to use. ### Parameter: `proximityPlacementGroupResourceId` Resource ID of a proximity placement group. + - Required: No - Type: string - Default: `''` @@ -356,74 +371,96 @@ Resource ID of a proximity placement group. ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `skuName` SKU of the availability set.

- Use 'Aligned' for virtual machines with managed disks.

- Use 'Classic' for virtual machines with unmanaged disks. + - Required: No - Type: string - Default: `'Aligned'` @@ -431,6 +468,7 @@ SKU of the availability set.

- Use 'Aligned' for virtual machines with manage ### Parameter: `tags` Tags of the availability set resource. + - Required: No - Type: object diff --git a/modules/compute/disk-encryption-set/README.md b/modules/compute/disk-encryption-set/README.md index 48783288cd..5c0be2dd82 100644 --- a/modules/compute/disk-encryption-set/README.md +++ b/modules/compute/disk-encryption-set/README.md @@ -389,9 +389,31 @@ module diskEncryptionSet 'br:bicep/modules/compute.disk-encryption-set:1.0.0' = | [`rotationToLatestKeyVersionEnabled`](#parameter-rotationtolatestkeyversionenabled) | bool | Set this flag to true to enable auto-updating of this disk encryption set to the latest key version. | | [`tags`](#parameter-tags) | object | Tags of the disk encryption resource. | +### Parameter: `keyName` + +Key URL (with version) pointing to a key or secret in KeyVault. + +- Required: Yes +- Type: string + +### Parameter: `keyVaultResourceId` + +Resource ID of the KeyVault containing the key or secret. + +- Required: Yes +- Type: string + +### Parameter: `name` + +The name of the disk encryption set that is being created. + +- Required: Yes +- Type: string + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -399,6 +421,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `encryptionType` The type of key used to encrypt the data of the disk. For security reasons, it is recommended to set encryptionType to EncryptionAtRestWithPlatformAndCustomerKeys. + - Required: No - Type: string - Default: `'EncryptionAtRestWithPlatformAndCustomerKeys'` @@ -413,25 +436,15 @@ The type of key used to encrypt the data of the disk. For security reasons, it i ### Parameter: `federatedClientId` Multi-tenant application client ID to access key vault in a different tenant. Setting the value to "None" will clear the property. + - Required: No - Type: string - Default: `'None'` -### Parameter: `keyName` - -Key URL (with version) pointing to a key or secret in KeyVault. -- Required: Yes -- Type: string - -### Parameter: `keyVaultResourceId` - -Resource ID of the KeyVault containing the key or secret. -- Required: Yes -- Type: string - ### Parameter: `keyVersion` The version of the customer managed key to reference for encryption. If not provided, the latest key version is used. + - Required: No - Type: string - Default: `''` @@ -439,6 +452,7 @@ The version of the customer managed key to reference for encryption. If not prov ### Parameter: `location` Resource location. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -446,26 +460,35 @@ Resource location. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -473,6 +496,7 @@ Optional. Specify the name of lock. ### Parameter: `managedIdentities` The managed identity definition for this resource. At least one identity type is required. + - Required: No - Type: object - Default: @@ -482,103 +506,120 @@ The managed identity definition for this resource. At least one identity type is } ``` +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | No | bool | Optional. Enables system assigned managed identity on the resource. | -| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | No | array | Optional. The resource ID(s) to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | bool | Enables system assigned managed identity on the resource. | +| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. | ### Parameter: `managedIdentities.systemAssigned` -Optional. Enables system assigned managed identity on the resource. +Enables system assigned managed identity on the resource. - Required: No - Type: bool ### Parameter: `managedIdentities.userAssignedResourceIds` -Optional. The resource ID(s) to assign to the resource. +The resource ID(s) to assign to the resource. - Required: No - Type: array -### Parameter: `name` - -The name of the disk encryption set that is being created. -- Required: Yes -- Type: string - ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `rotationToLatestKeyVersionEnabled` Set this flag to true to enable auto-updating of this disk encryption set to the latest key version. + - Required: No - Type: bool - Default: `False` @@ -586,6 +627,7 @@ Set this flag to true to enable auto-updating of this disk encryption set to the ### Parameter: `tags` Tags of the disk encryption resource. + - Required: No - Type: object diff --git a/modules/compute/disk/README.md b/modules/compute/disk/README.md index feef599a20..3bc00fac1b 100644 --- a/modules/compute/disk/README.md +++ b/modules/compute/disk/README.md @@ -580,9 +580,52 @@ module disk 'br:bicep/modules/compute.disk:1.0.0' = { | [`tags`](#parameter-tags) | object | Tags of the availability set resource. | | [`uploadSizeBytes`](#parameter-uploadsizebytes) | int | If create option is Upload, this is the size of the contents of the upload including the VHD footer. | +### Parameter: `name` + +The name of the disk that is being created. + +- Required: Yes +- Type: string + +### Parameter: `sku` + +The disks sku name. Can be . + +- Required: Yes +- Type: string +- Allowed: + ```Bicep + [ + 'Premium_LRS' + 'Premium_ZRS' + 'Premium_ZRS' + 'PremiumV2_LRS' + 'Standard_LRS' + 'StandardSSD_LRS' + 'UltraSSD_LRS' + ] + ``` + +### Parameter: `diskSizeGB` + +The size of the disk to create. Required if create option is Empty. + +- Required: No +- Type: int +- Default: `0` + +### Parameter: `storageAccountId` + +The resource ID of the storage account containing the blob to import as a disk. Required if create option is Import. + +- Required: No +- Type: string +- Default: `''` + ### Parameter: `acceleratedNetwork` True if the image from which the OS disk is created supports accelerated networking. + - Required: No - Type: bool - Default: `False` @@ -590,6 +633,7 @@ True if the image from which the OS disk is created supports accelerated network ### Parameter: `architecture` CPU architecture supported by an OS disk. + - Required: No - Type: string - Default: `''` @@ -605,6 +649,7 @@ CPU architecture supported by an OS disk. ### Parameter: `burstingEnabled` Set to true to enable bursting beyond the provisioned performance target of the disk. + - Required: No - Type: bool - Default: `False` @@ -612,6 +657,7 @@ Set to true to enable bursting beyond the provisioned performance target of the ### Parameter: `completionPercent` Percentage complete for the background copy when a resource is created via the CopyStart operation. + - Required: No - Type: int - Default: `100` @@ -619,6 +665,7 @@ Percentage complete for the background copy when a resource is created via the C ### Parameter: `createOption` Sources of a disk creation. + - Required: No - Type: string - Default: `'Empty'` @@ -641,6 +688,7 @@ Sources of a disk creation. ### Parameter: `diskIOPSReadWrite` The number of IOPS allowed for this disk; only settable for UltraSSD disks. + - Required: No - Type: int - Default: `0` @@ -648,13 +696,7 @@ The number of IOPS allowed for this disk; only settable for UltraSSD disks. ### Parameter: `diskMBpsReadWrite` The bandwidth allowed for this disk; only settable for UltraSSD disks. -- Required: No -- Type: int -- Default: `0` -### Parameter: `diskSizeGB` - -The size of the disk to create. Required if create option is Empty. - Required: No - Type: int - Default: `0` @@ -662,6 +704,7 @@ The size of the disk to create. Required if create option is Empty. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -669,6 +712,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `hyperVGeneration` The hypervisor generation of the Virtual Machine. Applicable to OS disks only. + - Required: No - Type: string - Default: `'V2'` @@ -683,6 +727,7 @@ The hypervisor generation of the Virtual Machine. Applicable to OS disks only. ### Parameter: `imageReferenceId` A relative uri containing either a Platform Image Repository or user image reference. + - Required: No - Type: string - Default: `''` @@ -690,6 +735,7 @@ A relative uri containing either a Platform Image Repository or user image refer ### Parameter: `location` Resource location. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -697,26 +743,35 @@ Resource location. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -724,6 +779,7 @@ Optional. Specify the name of lock. ### Parameter: `logicalSectorSize` Logical sector size in bytes for Ultra disks. Supported values are 512 ad 4096. + - Required: No - Type: int - Default: `4096` @@ -731,19 +787,15 @@ Logical sector size in bytes for Ultra disks. Supported values are 512 ad 4096. ### Parameter: `maxShares` The maximum number of VMs that can attach to the disk at the same time. Default value is 0. + - Required: No - Type: int - Default: `1` -### Parameter: `name` - -The name of the disk that is being created. -- Required: Yes -- Type: string - ### Parameter: `networkAccessPolicy` Policy for accessing the disk via network. + - Required: No - Type: string - Default: `'DenyAll'` @@ -759,6 +811,7 @@ Policy for accessing the disk via network. ### Parameter: `optimizedForFrequentAttach` Setting this property to true improves reliability and performance of data disks that are frequently (more than 5 times a day) by detached from one virtual machine and attached to another. This property should not be set for disks that are not detached and attached frequently as it causes the disks to not align with the fault domain of the virtual machine. + - Required: No - Type: bool - Default: `False` @@ -766,6 +819,7 @@ Setting this property to true improves reliability and performance of data disks ### Parameter: `osType` Sources of a disk creation. + - Required: No - Type: string - Default: `''` @@ -781,6 +835,7 @@ Sources of a disk creation. ### Parameter: `publicNetworkAccess` Policy for controlling export on the disk. + - Required: No - Type: string - Default: `'Disabled'` @@ -795,99 +850,104 @@ Policy for controlling export on the disk. ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `securityDataUri` If create option is ImportSecure, this is the URI of a blob to be imported into VM guest state. + - Required: No - Type: string - Default: `''` -### Parameter: `sku` - -The disks sku name. Can be . -- Required: Yes -- Type: string -- Allowed: - ```Bicep - [ - 'Premium_LRS' - 'Premium_ZRS' - 'Premium_ZRS' - 'PremiumV2_LRS' - 'Standard_LRS' - 'StandardSSD_LRS' - 'UltraSSD_LRS' - ] - ``` - ### Parameter: `sourceResourceId` If create option is Copy, this is the ARM ID of the source snapshot or disk. + - Required: No - Type: string - Default: `''` @@ -895,13 +955,7 @@ If create option is Copy, this is the ARM ID of the source snapshot or disk. ### Parameter: `sourceUri` If create option is Import, this is the URI of a blob to be imported into a managed disk. -- Required: No -- Type: string -- Default: `''` -### Parameter: `storageAccountId` - -The resource ID of the storage account containing the blob to import as a disk. Required if create option is Import. - Required: No - Type: string - Default: `''` @@ -909,12 +963,14 @@ The resource ID of the storage account containing the blob to import as a disk. ### Parameter: `tags` Tags of the availability set resource. + - Required: No - Type: object ### Parameter: `uploadSizeBytes` If create option is Upload, this is the size of the contents of the upload including the VHD footer. + - Required: No - Type: int - Default: `20972032` diff --git a/modules/compute/gallery/README.md b/modules/compute/gallery/README.md index 478eaa6765..b23170f00f 100644 --- a/modules/compute/gallery/README.md +++ b/modules/compute/gallery/README.md @@ -754,9 +754,17 @@ module gallery 'br:bicep/modules/compute.gallery:1.0.0' = { | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`tags`](#parameter-tags) | object | Tags for all resources. | +### Parameter: `name` + +Name of the Azure Compute Gallery. + +- Required: Yes +- Type: string + ### Parameter: `applications` Applications to create. + - Required: No - Type: array - Default: `[]` @@ -764,6 +772,7 @@ Applications to create. ### Parameter: `description` Description of the Azure Shared Image Gallery. + - Required: No - Type: string - Default: `''` @@ -771,6 +780,7 @@ Description of the Azure Shared Image Gallery. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -778,6 +788,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `images` Images to create. + - Required: No - Type: array - Default: `[]` @@ -785,6 +796,7 @@ Images to create. ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -792,107 +804,132 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string -### Parameter: `name` - -Name of the Azure Compute Gallery. -- Required: Yes -- Type: string - ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `tags` Tags for all resources. + - Required: No - Type: object diff --git a/modules/compute/gallery/application/README.md b/modules/compute/gallery/application/README.md index 00ecdbd247..e07919f955 100644 --- a/modules/compute/gallery/application/README.md +++ b/modules/compute/gallery/application/README.md @@ -47,9 +47,24 @@ This module deploys an Azure Compute Gallery Application. | [`supportedOSType`](#parameter-supportedostype) | string | This property allows you to specify the supported type of the OS that application is built for. | | [`tags`](#parameter-tags) | object | Tags for all resources. | +### Parameter: `name` + +Name of the application definition. + +- Required: Yes +- Type: string + +### Parameter: `galleryName` + +The name of the parent Azure Compute Gallery. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `customActions` A list of custom actions that can be performed with all of the Gallery Application Versions within this Gallery Application. + - Required: No - Type: array - Default: `[]` @@ -57,6 +72,7 @@ A list of custom actions that can be performed with all of the Gallery Applicati ### Parameter: `description` The description of this gallery Application Definition resource. This property is updatable. + - Required: No - Type: string - Default: `''` @@ -64,6 +80,7 @@ The description of this gallery Application Definition resource. This property i ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -71,6 +88,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `endOfLifeDate` The end of life date of the gallery Image Definition. This property can be used for decommissioning purposes. This property is updatable. Allowed format: 2020-01-10T23:00:00.000Z. + - Required: No - Type: string - Default: `''` @@ -78,32 +96,23 @@ The end of life date of the gallery Image Definition. This property can be used ### Parameter: `eula` The Eula agreement for the gallery Application Definition. Has to be a valid URL. + - Required: No - Type: string - Default: `''` -### Parameter: `galleryName` - -The name of the parent Azure Compute Gallery. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` -### Parameter: `name` - -Name of the application definition. -- Required: Yes -- Type: string - ### Parameter: `privacyStatementUri` The privacy statement uri. Has to be a valid URL. + - Required: No - Type: string - Default: `''` @@ -111,6 +120,7 @@ The privacy statement uri. Has to be a valid URL. ### Parameter: `releaseNoteUri` The release note uri. Has to be a valid URL. + - Required: No - Type: string - Default: `''` @@ -118,74 +128,96 @@ The release note uri. Has to be a valid URL. ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `supportedOSType` This property allows you to specify the supported type of the OS that application is built for. + - Required: No - Type: string - Default: `'Windows'` @@ -200,6 +232,7 @@ This property allows you to specify the supported type of the OS that applicatio ### Parameter: `tags` Tags for all resources. + - Required: No - Type: object diff --git a/modules/compute/gallery/image/README.md b/modules/compute/gallery/image/README.md index d4ea8b2d72..a1299ecc52 100644 --- a/modules/compute/gallery/image/README.md +++ b/modules/compute/gallery/image/README.md @@ -61,9 +61,24 @@ This module deploys an Azure Compute Gallery Image Definition. | [`sku`](#parameter-sku) | string | The name of the gallery Image Definition SKU. | | [`tags`](#parameter-tags) | object | Tags for all resources. | +### Parameter: `name` + +Name of the image definition. + +- Required: Yes +- Type: string + +### Parameter: `galleryName` + +The name of the parent Azure Shared Image Gallery. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `description` The description of this gallery Image Definition resource. This property is updatable. + - Required: No - Type: string - Default: `''` @@ -71,6 +86,7 @@ The description of this gallery Image Definition resource. This property is upda ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -78,6 +94,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `endOfLife` The end of life date of the gallery Image Definition. This property can be used for decommissioning purposes. This property is updatable. Allowed format: 2020-01-10T23:00:00.000Z. + - Required: No - Type: string - Default: `''` @@ -85,6 +102,7 @@ The end of life date of the gallery Image Definition. This property can be used ### Parameter: `eula` The Eula agreement for the gallery Image Definition. Has to be a valid URL. + - Required: No - Type: string - Default: `''` @@ -92,19 +110,15 @@ The Eula agreement for the gallery Image Definition. Has to be a valid URL. ### Parameter: `excludedDiskTypes` List of the excluded disk types. E.g. Standard_LRS. + - Required: No - Type: array - Default: `[]` -### Parameter: `galleryName` - -The name of the parent Azure Shared Image Gallery. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `hyperVGeneration` The hypervisor generation of the Virtual Machine.

- If this value is not specified, then it is determined by the securityType parameter.

- If the securityType parameter is specified, then the value of hyperVGeneration will be V2, else V1. + - Required: No - Type: string - Default: `''` @@ -120,6 +134,7 @@ The hypervisor generation of the Virtual Machine.

- If this value is not spec ### Parameter: `isAcceleratedNetworkSupported` The image supports accelerated networking.

Accelerated networking enables single root I/O virtualization (SR-IOV) to a VM, greatly improving its networking performance.

This high-performance path bypasses the host from the data path, which reduces latency, jitter, and CPU utilization for the most demanding network workloads on supported VM types. + - Required: No - Type: string - Default: `'false'` @@ -134,6 +149,7 @@ The image supports accelerated networking.

Accelerated networking enables sin ### Parameter: `isHibernateSupported` The image will support hibernation. + - Required: No - Type: string - Default: `'false'` @@ -148,6 +164,7 @@ The image will support hibernation. ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -155,6 +172,7 @@ Location for all resources. ### Parameter: `maxRecommendedMemory` The maximum amount of RAM in GB recommended for this image. + - Required: No - Type: int - Default: `16` @@ -162,6 +180,7 @@ The maximum amount of RAM in GB recommended for this image. ### Parameter: `maxRecommendedvCPUs` The maximum number of the CPU cores recommended for this image. + - Required: No - Type: int - Default: `4` @@ -169,6 +188,7 @@ The maximum number of the CPU cores recommended for this image. ### Parameter: `minRecommendedMemory` The minimum amount of RAM in GB recommended for this image. + - Required: No - Type: int - Default: `4` @@ -176,19 +196,15 @@ The minimum amount of RAM in GB recommended for this image. ### Parameter: `minRecommendedvCPUs` The minimum number of the CPU cores recommended for this image. + - Required: No - Type: int - Default: `1` -### Parameter: `name` - -Name of the image definition. -- Required: Yes -- Type: string - ### Parameter: `offer` The name of the gallery Image Definition offer. + - Required: No - Type: string - Default: `'WindowsServer'` @@ -196,6 +212,7 @@ The name of the gallery Image Definition offer. ### Parameter: `osState` This property allows the user to specify whether the virtual machines created under this image are 'Generalized' or 'Specialized'. + - Required: No - Type: string - Default: `'Generalized'` @@ -210,6 +227,7 @@ This property allows the user to specify whether the virtual machines created un ### Parameter: `osType` OS type of the image to be created. + - Required: No - Type: string - Default: `'Windows'` @@ -224,6 +242,7 @@ OS type of the image to be created. ### Parameter: `planName` The plan ID. + - Required: No - Type: string - Default: `''` @@ -231,6 +250,7 @@ The plan ID. ### Parameter: `planPublisherName` The publisher ID. + - Required: No - Type: string - Default: `''` @@ -238,6 +258,7 @@ The publisher ID. ### Parameter: `privacyStatementUri` The privacy statement uri. Has to be a valid URL. + - Required: No - Type: string - Default: `''` @@ -245,6 +266,7 @@ The privacy statement uri. Has to be a valid URL. ### Parameter: `productName` The product ID. + - Required: No - Type: string - Default: `''` @@ -252,6 +274,7 @@ The product ID. ### Parameter: `publisher` The name of the gallery Image Definition publisher. + - Required: No - Type: string - Default: `'MicrosoftWindowsServer'` @@ -259,6 +282,7 @@ The name of the gallery Image Definition publisher. ### Parameter: `releaseNoteUri` The release note uri. Has to be a valid URL. + - Required: No - Type: string - Default: `''` @@ -266,74 +290,96 @@ The release note uri. Has to be a valid URL. ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `securityType` The security type of the image. Requires a hyperVGeneration V2. + - Required: No - Type: string - Default: `'Standard'` @@ -350,6 +396,7 @@ The security type of the image. Requires a hyperVGeneration V2. ### Parameter: `sku` The name of the gallery Image Definition SKU. + - Required: No - Type: string - Default: `'2019-Datacenter'` @@ -357,6 +404,7 @@ The name of the gallery Image Definition SKU. ### Parameter: `tags` Tags for all resources. + - Required: No - Type: object diff --git a/modules/compute/image/README.md b/modules/compute/image/README.md index 8b7d4eb4db..dbfd145add 100644 --- a/modules/compute/image/README.md +++ b/modules/compute/image/README.md @@ -288,9 +288,31 @@ module image 'br:bicep/modules/compute.image:1.0.0' = { | [`tags`](#parameter-tags) | object | Tags of the resource. | | [`zoneResilient`](#parameter-zoneresilient) | bool | Default is false. Specifies whether an image is zone resilient or not. Zone resilient images can be created only in regions that provide Zone Redundant Storage (ZRS). | +### Parameter: `name` + +The name of the image. + +- Required: Yes +- Type: string + +### Parameter: `osDiskBlobUri` + +The Virtual Hard Disk. + +- Required: Yes +- Type: string + +### Parameter: `osType` + +This property allows you to specify the type of the OS that is included in the disk if creating a VM from a custom image. - Windows or Linux. + +- Required: Yes +- Type: string + ### Parameter: `dataDisks` Specifies the parameters that are used to add a data disk to a virtual machine. + - Required: No - Type: array - Default: `[]` @@ -298,6 +320,7 @@ Specifies the parameters that are used to add a data disk to a virtual machine. ### Parameter: `diskEncryptionSetResourceId` Specifies the customer managed disk encryption set resource ID for the managed image disk. + - Required: No - Type: string - Default: `''` @@ -305,6 +328,7 @@ Specifies the customer managed disk encryption set resource ID for the managed i ### Parameter: `diskSizeGB` Specifies the size of empty data disks in gigabytes. This element can be used to overwrite the name of the disk in a virtual machine image. This value cannot be larger than 1023 GB. + - Required: No - Type: int - Default: `128` @@ -312,6 +336,7 @@ Specifies the size of empty data disks in gigabytes. This element can be used to ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -319,6 +344,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `extendedLocation` The extended location of the Image. + - Required: No - Type: object - Default: `{}` @@ -326,6 +352,7 @@ The extended location of the Image. ### Parameter: `hyperVGeneration` Gets the HyperVGenerationType of the VirtualMachine created from the image. - V1 or V2. + - Required: No - Type: string - Default: `'V1'` @@ -333,6 +360,7 @@ Gets the HyperVGenerationType of the VirtualMachine created from the image. - V1 ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -340,37 +368,29 @@ Location for all resources. ### Parameter: `managedDiskResourceId` The managedDisk. + - Required: No - Type: string - Default: `''` -### Parameter: `name` - -The name of the image. -- Required: Yes -- Type: string - ### Parameter: `osAccountType` Specifies the storage account type for the managed disk. NOTE: UltraSSD_LRS can only be used with data disks, it cannot be used with OS Disk. - Standard_LRS, Premium_LRS, StandardSSD_LRS, UltraSSD_LRS. -- Required: Yes -- Type: string - -### Parameter: `osDiskBlobUri` -The Virtual Hard Disk. - Required: Yes - Type: string ### Parameter: `osDiskCaching` Specifies the caching requirements. Default: None for Standard storage. ReadOnly for Premium storage. - None, ReadOnly, ReadWrite. + - Required: Yes - Type: string ### Parameter: `osState` The OS State. For managed images, use Generalized. + - Required: No - Type: string - Default: `'Generalized'` @@ -382,83 +402,99 @@ The OS State. For managed images, use Generalized. ] ``` -### Parameter: `osType` - -This property allows you to specify the type of the OS that is included in the disk if creating a VM from a custom image. - Windows or Linux. -- Required: Yes -- Type: string - ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +### Parameter: `roleAssignments.principalId` -- Required: No +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `snapshotResourceId` The snapshot resource ID. + - Required: No - Type: string - Default: `''` @@ -466,6 +502,7 @@ The snapshot resource ID. ### Parameter: `sourceVirtualMachineResourceId` The source virtual machine from which Image is created. + - Required: No - Type: string - Default: `''` @@ -473,12 +510,14 @@ The source virtual machine from which Image is created. ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object ### Parameter: `zoneResilient` Default is false. Specifies whether an image is zone resilient or not. Zone resilient images can be created only in regions that provide Zone Redundant Storage (ZRS). + - Required: No - Type: bool - Default: `False` diff --git a/modules/compute/proximity-placement-group/README.md b/modules/compute/proximity-placement-group/README.md index b78e4a52f2..613055ce67 100644 --- a/modules/compute/proximity-placement-group/README.md +++ b/modules/compute/proximity-placement-group/README.md @@ -357,9 +357,17 @@ module proximityPlacementGroup 'br:bicep/modules/compute.proximity-placement-gro | [`type`](#parameter-type) | string | Specifies the type of the proximity placement group. | | [`zones`](#parameter-zones) | array | Specifies the Availability Zone where virtual machine, virtual machine scale set or availability set associated with the proximity placement group can be created. | +### Parameter: `name` + +The name of the proximity placement group that is being created. + +- Required: Yes +- Type: string + ### Parameter: `colocationStatus` Describes colocation status of the Proximity Placement Group. + - Required: No - Type: object - Default: `{}` @@ -367,6 +375,7 @@ Describes colocation status of the Proximity Placement Group. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -374,6 +383,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `intent` Specifies the user intent of the proximity placement group. + - Required: No - Type: object - Default: `{}` @@ -381,6 +391,7 @@ Specifies the user intent of the proximity placement group. ### Parameter: `location` Resource location. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -388,113 +399,139 @@ Resource location. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string -### Parameter: `name` - -The name of the proximity placement group that is being created. -- Required: Yes -- Type: string - ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `tags` Tags of the proximity placement group resource. + - Required: No - Type: object ### Parameter: `type` Specifies the type of the proximity placement group. + - Required: No - Type: string - Default: `'Standard'` @@ -509,6 +546,7 @@ Specifies the type of the proximity placement group. ### Parameter: `zones` Specifies the Availability Zone where virtual machine, virtual machine scale set or availability set associated with the proximity placement group can be created. + - Required: No - Type: array - Default: `[]` diff --git a/modules/compute/ssh-public-key/README.md b/modules/compute/ssh-public-key/README.md index 096bdf0a7f..509a83961d 100644 --- a/modules/compute/ssh-public-key/README.md +++ b/modules/compute/ssh-public-key/README.md @@ -206,9 +206,17 @@ module sshPublicKey 'br:bicep/modules/compute.ssh-public-key:1.0.0' = { | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`tags`](#parameter-tags) | object | Tags of the availability set resource. | +### Parameter: `name` + +The name of the SSH public Key that is being created. + +- Required: Yes +- Type: string + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -216,6 +224,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` Resource location. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -223,39 +232,43 @@ Resource location. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string -### Parameter: `name` - -The name of the SSH public Key that is being created. -- Required: Yes -- Type: string - ### Parameter: `publicKey` SSH public key used to authenticate to a virtual machine through SSH. If this property is not initially provided when the resource is created, the publicKey property will be populated when generateKeyPair is called. If the public key is provided upon resource creation, the provided public key needs to be at least 2048-bit and in ssh-rsa format. + - Required: No - Type: string - Default: `''` @@ -263,74 +276,96 @@ SSH public key used to authenticate to a virtual machine through SSH. If this pr ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `tags` Tags of the availability set resource. + - Required: No - Type: object diff --git a/modules/compute/virtual-machine-scale-set/README.md b/modules/compute/virtual-machine-scale-set/README.md index 5e27d6d457..5479ba0268 100644 --- a/modules/compute/virtual-machine-scale-set/README.md +++ b/modules/compute/virtual-machine-scale-set/README.md @@ -29,13 +29,337 @@ The following section provides usage examples for the module, which were used to >**Note**: To reference the module, please use the following syntax `br:bicep/modules/compute.virtual-machine-scale-set:1.0.0`. -- [Linux](#example-1-linux) -- [Linux.Min](#example-2-linuxmin) -- [Linux.Ssecmk](#example-3-linuxssecmk) -- [Windows](#example-4-windows) -- [Windows.Min](#example-5-windowsmin) +- [Linux.Min](#example-1-linuxmin) +- [Linux.Ssecmk](#example-2-linuxssecmk) +- [Linux](#example-3-linux) +- [Windows.Min](#example-4-windowsmin) +- [Windows](#example-5-windows) -### Example 1: _Linux_ +### Example 1: _Linux.Min_ + +
+ +via Bicep module + +```bicep +module virtualMachineScaleSet 'br:bicep/modules/compute.virtual-machine-scale-set:1.0.0' = { + name: '${uniqueString(deployment().name, location)}-test-cvmsslinmin' + params: { + // Required parameters + adminUsername: 'scaleSetAdmin' + imageReference: { + offer: '0001-com-ubuntu-server-jammy' + publisher: 'Canonical' + sku: '22_04-lts-gen2' + version: 'latest' + } + name: 'cvmsslinmin001' + osDisk: { + createOption: 'fromImage' + diskSizeGB: '128' + managedDisk: { + storageAccountType: 'Premium_LRS' + } + } + osType: 'Linux' + skuName: 'Standard_B12ms' + // Non-required parameters + disablePasswordAuthentication: true + enableDefaultTelemetry: '' + nicConfigurations: [ + { + ipConfigurations: [ + { + name: 'ipconfig1' + properties: { + subnet: { + id: '' + } + } + } + ] + nicSuffix: '-nic01' + } + ] + publicKeys: [ + { + keyData: '' + path: '/home/scaleSetAdmin/.ssh/authorized_keys' + } + ] + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "adminUsername": { + "value": "scaleSetAdmin" + }, + "imageReference": { + "value": { + "offer": "0001-com-ubuntu-server-jammy", + "publisher": "Canonical", + "sku": "22_04-lts-gen2", + "version": "latest" + } + }, + "name": { + "value": "cvmsslinmin001" + }, + "osDisk": { + "value": { + "createOption": "fromImage", + "diskSizeGB": "128", + "managedDisk": { + "storageAccountType": "Premium_LRS" + } + } + }, + "osType": { + "value": "Linux" + }, + "skuName": { + "value": "Standard_B12ms" + }, + // Non-required parameters + "disablePasswordAuthentication": { + "value": true + }, + "enableDefaultTelemetry": { + "value": "" + }, + "nicConfigurations": { + "value": [ + { + "ipConfigurations": [ + { + "name": "ipconfig1", + "properties": { + "subnet": { + "id": "" + } + } + } + ], + "nicSuffix": "-nic01" + } + ] + }, + "publicKeys": { + "value": [ + { + "keyData": "", + "path": "/home/scaleSetAdmin/.ssh/authorized_keys" + } + ] + } + } +} +``` + +
+

+ +### Example 2: _Linux.Ssecmk_ + +

+ +via Bicep module + +```bicep +module virtualMachineScaleSet 'br:bicep/modules/compute.virtual-machine-scale-set:1.0.0' = { + name: '${uniqueString(deployment().name, location)}-test-cvmsslcmk' + params: { + // Required parameters + adminUsername: 'scaleSetAdmin' + imageReference: { + offer: '0001-com-ubuntu-server-jammy' + publisher: 'Canonical' + sku: '22_04-lts-gen2' + version: 'latest' + } + name: 'cvmsslcmk001' + osDisk: { + createOption: 'fromImage' + diskSizeGB: '128' + managedDisk: { + diskEncryptionSet: { + id: '' + } + storageAccountType: 'Premium_LRS' + } + } + osType: 'Linux' + skuName: 'Standard_B12ms' + // Non-required parameters + dataDisks: [ + { + caching: 'ReadOnly' + createOption: 'Empty' + diskSizeGB: '128' + managedDisk: { + diskEncryptionSet: { + id: '' + } + storageAccountType: 'Premium_LRS' + } + } + ] + disablePasswordAuthentication: true + enableDefaultTelemetry: '' + location: '' + nicConfigurations: [ + { + ipConfigurations: [ + { + name: 'ipconfig1' + properties: { + subnet: { + id: '' + } + } + } + ] + nicSuffix: '-nic01' + } + ] + publicKeys: [ + { + keyData: '' + path: '/home/scaleSetAdmin/.ssh/authorized_keys' + } + ] + tags: { + Environment: 'Non-Prod' + 'hidden-title': 'This is visible in the resource name' + Role: 'DeploymentValidation' + } + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "adminUsername": { + "value": "scaleSetAdmin" + }, + "imageReference": { + "value": { + "offer": "0001-com-ubuntu-server-jammy", + "publisher": "Canonical", + "sku": "22_04-lts-gen2", + "version": "latest" + } + }, + "name": { + "value": "cvmsslcmk001" + }, + "osDisk": { + "value": { + "createOption": "fromImage", + "diskSizeGB": "128", + "managedDisk": { + "diskEncryptionSet": { + "id": "" + }, + "storageAccountType": "Premium_LRS" + } + } + }, + "osType": { + "value": "Linux" + }, + "skuName": { + "value": "Standard_B12ms" + }, + // Non-required parameters + "dataDisks": { + "value": [ + { + "caching": "ReadOnly", + "createOption": "Empty", + "diskSizeGB": "128", + "managedDisk": { + "diskEncryptionSet": { + "id": "" + }, + "storageAccountType": "Premium_LRS" + } + } + ] + }, + "disablePasswordAuthentication": { + "value": true + }, + "enableDefaultTelemetry": { + "value": "" + }, + "location": { + "value": "" + }, + "nicConfigurations": { + "value": [ + { + "ipConfigurations": [ + { + "name": "ipconfig1", + "properties": { + "subnet": { + "id": "" + } + } + } + ], + "nicSuffix": "-nic01" + } + ] + }, + "publicKeys": { + "value": [ + { + "keyData": "", + "path": "/home/scaleSetAdmin/.ssh/authorized_keys" + } + ] + }, + "tags": { + "value": { + "Environment": "Non-Prod", + "hidden-title": "This is visible in the resource name", + "Role": "DeploymentValidation" + } + } + } +} +``` + +
+

+ +### Example 3: _Linux_

@@ -367,174 +691,37 @@ module virtualMachineScaleSet 'br:bicep/modules/compute.virtual-machine-scale-se "path": "/home/scaleSetAdmin/.ssh/authorized_keys" } ] - }, - "roleAssignments": { - "value": [ - { - "principalId": "", - "principalType": "ServicePrincipal", - "roleDefinitionIdOrName": "Reader" - } - ] - }, - "scaleSetFaultDomain": { - "value": 1 - }, - "skuCapacity": { - "value": 1 - }, - "tags": { - "value": { - "Environment": "Non-Prod", - "hidden-title": "This is visible in the resource name", - "Role": "DeploymentValidation" - } - }, - "upgradePolicyMode": { - "value": "Manual" - }, - "vmNamePrefix": { - "value": "vmsslinvm" - }, - "vmPriority": { - "value": "Regular" - } - } -} -``` - -
-

- -### Example 2: _Linux.Min_ - -

- -via Bicep module - -```bicep -module virtualMachineScaleSet 'br:bicep/modules/compute.virtual-machine-scale-set:1.0.0' = { - name: '${uniqueString(deployment().name, location)}-test-cvmsslinmin' - params: { - // Required parameters - adminUsername: 'scaleSetAdmin' - imageReference: { - offer: '0001-com-ubuntu-server-jammy' - publisher: 'Canonical' - sku: '22_04-lts-gen2' - version: 'latest' - } - name: 'cvmsslinmin001' - osDisk: { - createOption: 'fromImage' - diskSizeGB: '128' - managedDisk: { - storageAccountType: 'Premium_LRS' - } - } - osType: 'Linux' - skuName: 'Standard_B12ms' - // Non-required parameters - disablePasswordAuthentication: true - enableDefaultTelemetry: '' - nicConfigurations: [ - { - ipConfigurations: [ - { - name: 'ipconfig1' - properties: { - subnet: { - id: '' - } - } - } - ] - nicSuffix: '-nic01' - } - ] - publicKeys: [ - { - keyData: '' - path: '/home/scaleSetAdmin/.ssh/authorized_keys' - } - ] - } -} -``` - -
-

- -

- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - // Required parameters - "adminUsername": { - "value": "scaleSetAdmin" - }, - "imageReference": { - "value": { - "offer": "0001-com-ubuntu-server-jammy", - "publisher": "Canonical", - "sku": "22_04-lts-gen2", - "version": "latest" - } - }, - "name": { - "value": "cvmsslinmin001" - }, - "osDisk": { - "value": { - "createOption": "fromImage", - "diskSizeGB": "128", - "managedDisk": { - "storageAccountType": "Premium_LRS" - } - } - }, - "osType": { - "value": "Linux" - }, - "skuName": { - "value": "Standard_B12ms" - }, - // Non-required parameters - "disablePasswordAuthentication": { - "value": true - }, - "enableDefaultTelemetry": { - "value": "" - }, - "nicConfigurations": { - "value": [ - { - "ipConfigurations": [ - { - "name": "ipconfig1", - "properties": { - "subnet": { - "id": "" - } - } - } - ], - "nicSuffix": "-nic01" - } - ] - }, - "publicKeys": { - "value": [ - { - "keyData": "", - "path": "/home/scaleSetAdmin/.ssh/authorized_keys" - } - ] + }, + "roleAssignments": { + "value": [ + { + "principalId": "", + "principalType": "ServicePrincipal", + "roleDefinitionIdOrName": "Reader" + } + ] + }, + "scaleSetFaultDomain": { + "value": 1 + }, + "skuCapacity": { + "value": 1 + }, + "tags": { + "value": { + "Environment": "Non-Prod", + "hidden-title": "This is visible in the resource name", + "Role": "DeploymentValidation" + } + }, + "upgradePolicyMode": { + "value": "Manual" + }, + "vmNamePrefix": { + "value": "vmsslinvm" + }, + "vmPriority": { + "value": "Regular" } } } @@ -543,7 +730,7 @@ module virtualMachineScaleSet 'br:bicep/modules/compute.virtual-machine-scale-se

-### Example 3: _Linux.Ssecmk_ +### Example 4: _Windows.Min_

@@ -551,46 +738,29 @@ module virtualMachineScaleSet 'br:bicep/modules/compute.virtual-machine-scale-se ```bicep module virtualMachineScaleSet 'br:bicep/modules/compute.virtual-machine-scale-set:1.0.0' = { - name: '${uniqueString(deployment().name, location)}-test-cvmsslcmk' + name: '${uniqueString(deployment().name, location)}-test-cvmsswinmin' params: { // Required parameters - adminUsername: 'scaleSetAdmin' + adminUsername: 'localAdminUser' imageReference: { - offer: '0001-com-ubuntu-server-jammy' - publisher: 'Canonical' - sku: '22_04-lts-gen2' + offer: 'WindowsServer' + publisher: 'MicrosoftWindowsServer' + sku: '2022-datacenter-azure-edition' version: 'latest' } - name: 'cvmsslcmk001' + name: 'cvmsswinmin001' osDisk: { createOption: 'fromImage' diskSizeGB: '128' managedDisk: { - diskEncryptionSet: { - id: '' - } storageAccountType: 'Premium_LRS' } } - osType: 'Linux' + osType: 'Windows' skuName: 'Standard_B12ms' // Non-required parameters - dataDisks: [ - { - caching: 'ReadOnly' - createOption: 'Empty' - diskSizeGB: '128' - managedDisk: { - diskEncryptionSet: { - id: '' - } - storageAccountType: 'Premium_LRS' - } - } - ] - disablePasswordAuthentication: true + adminPassword: '' enableDefaultTelemetry: '' - location: '' nicConfigurations: [ { ipConfigurations: [ @@ -606,17 +776,6 @@ module virtualMachineScaleSet 'br:bicep/modules/compute.virtual-machine-scale-se nicSuffix: '-nic01' } ] - publicKeys: [ - { - keyData: '' - path: '/home/scaleSetAdmin/.ssh/authorized_keys' - } - ] - tags: { - Environment: 'Non-Prod' - 'hidden-title': 'This is visible in the resource name' - Role: 'DeploymentValidation' - } } } ``` @@ -635,62 +794,41 @@ module virtualMachineScaleSet 'br:bicep/modules/compute.virtual-machine-scale-se "parameters": { // Required parameters "adminUsername": { - "value": "scaleSetAdmin" + "value": "localAdminUser" }, "imageReference": { "value": { - "offer": "0001-com-ubuntu-server-jammy", - "publisher": "Canonical", - "sku": "22_04-lts-gen2", + "offer": "WindowsServer", + "publisher": "MicrosoftWindowsServer", + "sku": "2022-datacenter-azure-edition", "version": "latest" } }, "name": { - "value": "cvmsslcmk001" + "value": "cvmsswinmin001" }, "osDisk": { "value": { "createOption": "fromImage", "diskSizeGB": "128", "managedDisk": { - "diskEncryptionSet": { - "id": "" - }, "storageAccountType": "Premium_LRS" } } }, "osType": { - "value": "Linux" + "value": "Windows" }, "skuName": { "value": "Standard_B12ms" }, // Non-required parameters - "dataDisks": { - "value": [ - { - "caching": "ReadOnly", - "createOption": "Empty", - "diskSizeGB": "128", - "managedDisk": { - "diskEncryptionSet": { - "id": "" - }, - "storageAccountType": "Premium_LRS" - } - } - ] - }, - "disablePasswordAuthentication": { - "value": true + "adminPassword": { + "value": "" }, "enableDefaultTelemetry": { "value": "" }, - "location": { - "value": "" - }, "nicConfigurations": { "value": [ { @@ -707,21 +845,6 @@ module virtualMachineScaleSet 'br:bicep/modules/compute.virtual-machine-scale-se "nicSuffix": "-nic01" } ] - }, - "publicKeys": { - "value": [ - { - "keyData": "", - "path": "/home/scaleSetAdmin/.ssh/authorized_keys" - } - ] - }, - "tags": { - "value": { - "Environment": "Non-Prod", - "hidden-title": "This is visible in the resource name", - "Role": "DeploymentValidation" - } } } } @@ -730,7 +853,7 @@ module virtualMachineScaleSet 'br:bicep/modules/compute.virtual-machine-scale-se

-### Example 4: _Windows_ +### Example 5: _Windows_

@@ -1068,136 +1191,13 @@ module virtualMachineScaleSet 'br:bicep/modules/compute.virtual-machine-scale-se } }, "upgradePolicyMode": { - "value": "Manual" - }, - "vmNamePrefix": { - "value": "vmsswinvm" - }, - "vmPriority": { - "value": "Regular" - } - } -} -``` - -
-

- -### Example 5: _Windows.Min_ - -

- -via Bicep module - -```bicep -module virtualMachineScaleSet 'br:bicep/modules/compute.virtual-machine-scale-set:1.0.0' = { - name: '${uniqueString(deployment().name, location)}-test-cvmsswinmin' - params: { - // Required parameters - adminUsername: 'localAdminUser' - imageReference: { - offer: 'WindowsServer' - publisher: 'MicrosoftWindowsServer' - sku: '2022-datacenter-azure-edition' - version: 'latest' - } - name: 'cvmsswinmin001' - osDisk: { - createOption: 'fromImage' - diskSizeGB: '128' - managedDisk: { - storageAccountType: 'Premium_LRS' - } - } - osType: 'Windows' - skuName: 'Standard_B12ms' - // Non-required parameters - adminPassword: '' - enableDefaultTelemetry: '' - nicConfigurations: [ - { - ipConfigurations: [ - { - name: 'ipconfig1' - properties: { - subnet: { - id: '' - } - } - } - ] - nicSuffix: '-nic01' - } - ] - } -} -``` - -
-

- -

- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - // Required parameters - "adminUsername": { - "value": "localAdminUser" - }, - "imageReference": { - "value": { - "offer": "WindowsServer", - "publisher": "MicrosoftWindowsServer", - "sku": "2022-datacenter-azure-edition", - "version": "latest" - } - }, - "name": { - "value": "cvmsswinmin001" - }, - "osDisk": { - "value": { - "createOption": "fromImage", - "diskSizeGB": "128", - "managedDisk": { - "storageAccountType": "Premium_LRS" - } - } - }, - "osType": { - "value": "Windows" - }, - "skuName": { - "value": "Standard_B12ms" - }, - // Non-required parameters - "adminPassword": { - "value": "" - }, - "enableDefaultTelemetry": { - "value": "" - }, - "nicConfigurations": { - "value": [ - { - "ipConfigurations": [ - { - "name": "ipconfig1", - "properties": { - "subnet": { - "id": "" - } - } - } - ], - "nicSuffix": "-nic01" - } - ] + "value": "Manual" + }, + "vmNamePrefix": { + "value": "vmsswinvm" + }, + "vmPriority": { + "value": "Regular" } } } @@ -1293,9 +1293,67 @@ module virtualMachineScaleSet 'br:bicep/modules/compute.virtual-machine-scale-se | :-- | :-- | :-- | | [`baseTime`](#parameter-basetime) | string | Do not provide a value! This date value is used to generate a registration token. | +### Parameter: `adminUsername` + +Administrator username. + +- Required: Yes +- Type: securestring + +### Parameter: `imageReference` + +OS image reference. In case of marketplace images, it's the combination of the publisher, offer, sku, version attributes. In case of custom images it's the resource ID of the custom image. + +- Required: Yes +- Type: object + +### Parameter: `name` + +Name of the VMSS. + +- Required: Yes +- Type: string + +### Parameter: `nicConfigurations` + +Configures NICs and PIPs. + +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `osDisk` + +Specifies the OS disk. For security reasons, it is recommended to specify DiskEncryptionSet into the osDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VM Scale sets. + +- Required: Yes +- Type: object + +### Parameter: `osType` + +The chosen OS type. + +- Required: Yes +- Type: string +- Allowed: + ```Bicep + [ + 'Linux' + 'Windows' + ] + ``` + +### Parameter: `skuName` + +The SKU size of the VMs. + +- Required: Yes +- Type: string + ### Parameter: `additionalUnattendContent` Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. - AdditionalUnattendContent object. + - Required: No - Type: array - Default: `[]` @@ -1303,19 +1361,15 @@ Specifies additional base-64 encoded XML formatted information that can be inclu ### Parameter: `adminPassword` When specifying a Windows Virtual Machine, this value should be passed. + - Required: No - Type: securestring - Default: `''` -### Parameter: `adminUsername` - -Administrator username. -- Required: Yes -- Type: securestring - ### Parameter: `automaticRepairsPolicyEnabled` Specifies whether automatic repairs should be enabled on the virtual machine scale set. + - Required: No - Type: bool - Default: `False` @@ -1323,20 +1377,15 @@ Specifies whether automatic repairs should be enabled on the virtual machine sca ### Parameter: `availabilityZones` The virtual machine scale set zones. NOTE: Availability zones can only be set when you create the scale set. + - Required: No - Type: array - Default: `[]` -### Parameter: `baseTime` - -Do not provide a value! This date value is used to generate a registration token. -- Required: No -- Type: string -- Default: `[utcNow('u')]` - ### Parameter: `bootDiagnosticStorageAccountName` Storage account used to store boot diagnostic information. Boot diagnostics will be disabled if no value is provided. + - Required: No - Type: string - Default: `''` @@ -1344,6 +1393,7 @@ Storage account used to store boot diagnostic information. Boot diagnostics will ### Parameter: `bootDiagnosticStorageAccountUri` Storage account boot diagnostic base URI. + - Required: No - Type: string - Default: `[format('.blob.{0}/', environment().suffixes.storage)]` @@ -1351,6 +1401,7 @@ Storage account boot diagnostic base URI. ### Parameter: `customData` Custom data associated to the VM, this value will be automatically converted into base64 to account for the expected VM format. + - Required: No - Type: string - Default: `''` @@ -1358,6 +1409,7 @@ Custom data associated to the VM, this value will be automatically converted int ### Parameter: `dataDisks` Specifies the data disks. For security reasons, it is recommended to specify DiskEncryptionSet into the dataDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VM Scale sets. + - Required: No - Type: array - Default: `[]` @@ -1365,86 +1417,82 @@ Specifies the data disks. For security reasons, it is recommended to specify Dis ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.metricCategories` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | - -### Parameter: `diagnosticSettings.metricCategories.category` - -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. - -- Required: Yes -- Type: string - - ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -1452,6 +1500,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `disableAutomaticRollback` Whether OS image rollback feature should be disabled. + - Required: No - Type: bool - Default: `False` @@ -1459,6 +1508,7 @@ Whether OS image rollback feature should be disabled. ### Parameter: `disablePasswordAuthentication` Specifies whether password authentication should be disabled. + - Required: No - Type: bool - Default: `False` @@ -1466,6 +1516,7 @@ Specifies whether password authentication should be disabled. ### Parameter: `doNotRunExtensionsOnOverprovisionedVMs` When Overprovision is enabled, extensions are launched only on the requested number of VMs which are finally kept. This property will hence ensure that the extensions do not run on the extra overprovisioned VMs. + - Required: No - Type: bool - Default: `False` @@ -1473,6 +1524,7 @@ When Overprovision is enabled, extensions are launched only on the requested num ### Parameter: `enableAutomaticOSUpgrade` Indicates whether OS upgrades should automatically be applied to scale set instances in a rolling fashion when a newer version of the OS image becomes available. Default value is false. If this is set to true for Windows based scale sets, enableAutomaticUpdates is automatically set to false and cannot be set to true. + - Required: No - Type: bool - Default: `False` @@ -1480,6 +1532,7 @@ Indicates whether OS upgrades should automatically be applied to scale set insta ### Parameter: `enableAutomaticUpdates` Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning. + - Required: No - Type: bool - Default: `True` @@ -1487,6 +1540,7 @@ Indicates whether Automatic Updates is enabled for the Windows virtual machine. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -1494,6 +1548,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `enableEvictionPolicy` Specifies the eviction policy for the low priority virtual machine. Will result in 'Deallocate' eviction policy. + - Required: No - Type: bool - Default: `False` @@ -1501,6 +1556,7 @@ Specifies the eviction policy for the low priority virtual machine. Will result ### Parameter: `encryptionAtHost` This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine. This will enable the encryption for all the disks including Resource/Temp disk at host itself. For security reasons, it is recommended to set encryptionAtHost to True. Restrictions: Cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your virtual machine scale sets. + - Required: No - Type: bool - Default: `True` @@ -1508,6 +1564,7 @@ This property can be used by user in the request to enable or disable the Host E ### Parameter: `extensionAntiMalwareConfig` The configuration for the [Anti Malware] extension. Must at least contain the ["enabled": true] property to be executed. + - Required: No - Type: object - Default: @@ -1520,6 +1577,7 @@ The configuration for the [Anti Malware] extension. Must at least contain the [" ### Parameter: `extensionAzureDiskEncryptionConfig` The configuration for the [Azure Disk Encryption] extension. Must at least contain the ["enabled": true] property to be executed. Restrictions: Cannot be enabled on disks that have encryption at host enabled. Managed disks encrypted using Azure Disk Encryption cannot be encrypted using customer-managed keys. + - Required: No - Type: object - Default: @@ -1532,6 +1590,7 @@ The configuration for the [Azure Disk Encryption] extension. Must at least conta ### Parameter: `extensionCustomScriptConfig` The configuration for the [Custom Script] extension. Must at least contain the ["enabled": true] property to be executed. + - Required: No - Type: object - Default: @@ -1545,6 +1604,7 @@ The configuration for the [Custom Script] extension. Must at least contain the [ ### Parameter: `extensionDependencyAgentConfig` The configuration for the [Dependency Agent] extension. Must at least contain the ["enabled": true] property to be executed. + - Required: No - Type: object - Default: @@ -1557,6 +1617,7 @@ The configuration for the [Dependency Agent] extension. Must at least contain th ### Parameter: `extensionDomainJoinConfig` The configuration for the [Domain Join] extension. Must at least contain the ["enabled": true] property to be executed. + - Required: No - Type: object - Default: @@ -1569,6 +1630,7 @@ The configuration for the [Domain Join] extension. Must at least contain the ["e ### Parameter: `extensionDomainJoinPassword` Required if name is specified. Password of the user specified in user parameter. + - Required: No - Type: securestring - Default: `''` @@ -1576,6 +1638,7 @@ Required if name is specified. Password of the user specified in user parameter. ### Parameter: `extensionDSCConfig` The configuration for the [Desired State Configuration] extension. Must at least contain the ["enabled": true] property to be executed. + - Required: No - Type: object - Default: @@ -1588,6 +1651,7 @@ The configuration for the [Desired State Configuration] extension. Must at least ### Parameter: `extensionMonitoringAgentConfig` The configuration for the [Monitoring Agent] extension. Must at least contain the ["enabled": true] property to be executed. + - Required: No - Type: object - Default: @@ -1600,6 +1664,7 @@ The configuration for the [Monitoring Agent] extension. Must at least contain th ### Parameter: `extensionNetworkWatcherAgentConfig` The configuration for the [Network Watcher Agent] extension. Must at least contain the ["enabled": true] property to be executed. + - Required: No - Type: object - Default: @@ -1612,19 +1677,15 @@ The configuration for the [Network Watcher Agent] extension. Must at least conta ### Parameter: `gracePeriod` The amount of time for which automatic repairs are suspended due to a state change on VM. The grace time starts after the state change has completed. This helps avoid premature or accidental repairs. The time duration should be specified in ISO 8601 format. The minimum allowed grace period is 30 minutes (PT30M). The maximum allowed grace period is 90 minutes (PT90M). + - Required: No - Type: string - Default: `'PT30M'` -### Parameter: `imageReference` - -OS image reference. In case of marketplace images, it's the combination of the publisher, offer, sku, version attributes. In case of custom images it's the resource ID of the custom image. -- Required: Yes -- Type: object - ### Parameter: `licenseType` Specifies that the image or disk that is being used was licensed on-premises. This element is only used for images that contain the Windows Server operating system. + - Required: No - Type: string - Default: `''` @@ -1640,6 +1701,7 @@ Specifies that the image or disk that is being used was licensed on-premises. Th ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -1647,26 +1709,35 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -1674,25 +1745,27 @@ Optional. Specify the name of lock. ### Parameter: `managedIdentities` The managed identity definition for this resource. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | No | bool | Optional. Enables system assigned managed identity on the resource. | -| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | No | array | Optional. The resource ID(s) to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | bool | Enables system assigned managed identity on the resource. | +| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. | ### Parameter: `managedIdentities.systemAssigned` -Optional. Enables system assigned managed identity on the resource. +Enables system assigned managed identity on the resource. - Required: No - Type: bool ### Parameter: `managedIdentities.userAssignedResourceIds` -Optional. The resource ID(s) to assign to the resource. +The resource ID(s) to assign to the resource. - Required: No - Type: array @@ -1700,6 +1773,7 @@ Optional. The resource ID(s) to assign to the resource. ### Parameter: `maxBatchInstancePercent` The maximum percent of total virtual machine instances that will be upgraded simultaneously by the rolling upgrade in one batch. As this is a maximum, unhealthy instances in previous or future batches can cause the percentage of instances in a batch to decrease to ensure higher reliability. + - Required: No - Type: int - Default: `20` @@ -1707,6 +1781,7 @@ The maximum percent of total virtual machine instances that will be upgraded sim ### Parameter: `maxPriceForLowPriorityVm` Specifies the maximum price you are willing to pay for a low priority VM/VMSS. This price is in US Dollars. + - Required: No - Type: string - Default: `''` @@ -1714,6 +1789,7 @@ Specifies the maximum price you are willing to pay for a low priority VM/VMSS. T ### Parameter: `maxUnhealthyInstancePercent` The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch. + - Required: No - Type: int - Default: `20` @@ -1721,6 +1797,7 @@ The maximum percentage of the total virtual machine instances in the scale set t ### Parameter: `maxUnhealthyUpgradedInstancePercent` The maximum percentage of the total virtual machine instances in the scale set that can be simultaneously unhealthy, either as a result of being upgraded, or by being found in an unhealthy state by the virtual machine health checks before the rolling upgrade aborts. This constraint will be checked prior to starting any batch. + - Required: No - Type: int - Default: `20` @@ -1728,45 +1805,15 @@ The maximum percentage of the total virtual machine instances in the scale set t ### Parameter: `monitoringWorkspaceId` Resource ID of the monitoring log analytics workspace. -- Required: No -- Type: string -- Default: `''` - -### Parameter: `name` - -Name of the VMSS. -- Required: Yes -- Type: string - -### Parameter: `nicConfigurations` -Configures NICs and PIPs. - Required: No -- Type: array -- Default: `[]` - -### Parameter: `osDisk` - -Specifies the OS disk. For security reasons, it is recommended to specify DiskEncryptionSet into the osDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VM Scale sets. -- Required: Yes -- Type: object - -### Parameter: `osType` - -The chosen OS type. -- Required: Yes - Type: string -- Allowed: - ```Bicep - [ - 'Linux' - 'Windows' - ] - ``` +- Default: `''` ### Parameter: `overprovision` Specifies whether the Virtual Machine Scale Set should be overprovisioned. + - Required: No - Type: bool - Default: `False` @@ -1774,6 +1821,7 @@ Specifies whether the Virtual Machine Scale Set should be overprovisioned. ### Parameter: `pauseTimeBetweenBatches` The wait time between completing the update for all virtual machines in one batch and starting the next batch. The time duration should be specified in ISO 8601 format. + - Required: No - Type: string - Default: `'PT0S'` @@ -1781,6 +1829,7 @@ The wait time between completing the update for all virtual machines in one batc ### Parameter: `plan` Specifies information about the marketplace image used to create the virtual machine. This element is only used for marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic use. + - Required: No - Type: object - Default: `{}` @@ -1788,6 +1837,7 @@ Specifies information about the marketplace image used to create the virtual mac ### Parameter: `provisionVMAgent` Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later. + - Required: No - Type: bool - Default: `True` @@ -1795,6 +1845,7 @@ Indicates whether virtual machine agent should be provisioned on the virtual mac ### Parameter: `proximityPlacementGroupResourceId` Resource ID of a proximity placement group. + - Required: No - Type: string - Default: `''` @@ -1802,6 +1853,7 @@ Resource ID of a proximity placement group. ### Parameter: `publicKeys` The list of SSH public keys used to authenticate with linux based VMs. + - Required: No - Type: array - Default: `[]` @@ -1809,74 +1861,96 @@ The list of SSH public keys used to authenticate with linux based VMs. ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `sasTokenValidityLength` SAS token validity length to use to download files from storage accounts. Usage: 'PT8H' - valid for 8 hours; 'P5D' - valid for 5 days; 'P1Y' - valid for 1 year. When not provided, the SAS token will be valid for 8 hours. + - Required: No - Type: string - Default: `'PT8H'` @@ -1884,6 +1958,7 @@ SAS token validity length to use to download files from storage accounts. Usage: ### Parameter: `scaleInPolicy` Specifies the scale-in policy that decides which virtual machines are chosen for removal when a Virtual Machine Scale Set is scaled-in. + - Required: No - Type: object - Default: @@ -1898,6 +1973,7 @@ Specifies the scale-in policy that decides which virtual machines are chosen for ### Parameter: `scaleSetFaultDomain` Fault Domain count for each placement group. + - Required: No - Type: int - Default: `2` @@ -1905,6 +1981,7 @@ Fault Domain count for each placement group. ### Parameter: `scheduledEventsProfile` Specifies Scheduled Event related configurations. + - Required: No - Type: object - Default: `{}` @@ -1912,6 +1989,7 @@ Specifies Scheduled Event related configurations. ### Parameter: `secrets` Specifies set of certificates that should be installed onto the virtual machines in the scale set. + - Required: No - Type: array - Default: `[]` @@ -1919,6 +1997,7 @@ Specifies set of certificates that should be installed onto the virtual machines ### Parameter: `secureBootEnabled` Specifies whether secure boot should be enabled on the virtual machine scale set. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings. + - Required: No - Type: bool - Default: `False` @@ -1926,6 +2005,7 @@ Specifies whether secure boot should be enabled on the virtual machine scale set ### Parameter: `securityType` Specifies the SecurityType of the virtual machine scale set. It is set as TrustedLaunch to enable UefiSettings. + - Required: No - Type: string - Default: `''` @@ -1933,6 +2013,7 @@ Specifies the SecurityType of the virtual machine scale set. It is set as Truste ### Parameter: `singlePlacementGroup` When true this limits the scale set to a single placement group, of max size 100 virtual machines. NOTE: If singlePlacementGroup is true, it may be modified to false. However, if singlePlacementGroup is false, it may not be modified to true. + - Required: No - Type: bool - Default: `True` @@ -1940,25 +2021,22 @@ When true this limits the scale set to a single placement group, of max size 100 ### Parameter: `skuCapacity` The initial instance count of scale set VMs. + - Required: No - Type: int - Default: `1` -### Parameter: `skuName` - -The SKU size of the VMs. -- Required: Yes -- Type: string - ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object ### Parameter: `timeZone` Specifies the time zone of the virtual machine. e.g. 'Pacific Standard Time'. Possible values can be `TimeZoneInfo.id` value from time zones returned by `TimeZoneInfo.GetSystemTimeZones`. + - Required: No - Type: string - Default: `''` @@ -1966,6 +2044,7 @@ Specifies the time zone of the virtual machine. e.g. 'Pacific Standard Time'. Po ### Parameter: `ultraSSDEnabled` The flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine or virtual machine scale set only if this property is enabled. + - Required: No - Type: bool - Default: `False` @@ -1973,6 +2052,7 @@ The flag that enables or disables a capability to have one or more managed data ### Parameter: `upgradePolicyMode` Specifies the mode of an upgrade to virtual machines in the scale set.' Manual - You control the application of updates to virtual machines in the scale set. You do this by using the manualUpgrade action. ; Automatic - All virtual machines in the scale set are automatically updated at the same time. - Automatic, Manual, Rolling. + - Required: No - Type: string - Default: `'Manual'` @@ -1988,6 +2068,7 @@ Specifies the mode of an upgrade to virtual machines in the scale set.' Manual - ### Parameter: `vmNamePrefix` Specifies the computer name prefix for all of the virtual machines in the scale set. + - Required: No - Type: string - Default: `'vmssvm'` @@ -1995,6 +2076,7 @@ Specifies the computer name prefix for all of the virtual machines in the scale ### Parameter: `vmPriority` Specifies the priority for the virtual machine. + - Required: No - Type: string - Default: `'Regular'` @@ -2010,6 +2092,7 @@ Specifies the priority for the virtual machine. ### Parameter: `vTpmEnabled` Specifies whether vTPM should be enabled on the virtual machine scale set. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings. + - Required: No - Type: bool - Default: `False` @@ -2017,6 +2100,7 @@ Specifies whether vTPM should be enabled on the virtual machine scale set. This ### Parameter: `winRM` Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. - WinRMConfiguration object. + - Required: No - Type: object - Default: `{}` @@ -2024,10 +2108,19 @@ Specifies the Windows Remote Management listeners. This enables remote Windows P ### Parameter: `zoneBalance` Whether to force strictly even Virtual Machine distribution cross x-zones in case there is zone outage. + - Required: No - Type: bool - Default: `False` +### Parameter: `baseTime` + +Do not provide a value! This date value is used to generate a registration token. + +- Required: No +- Type: string +- Default: `[utcNow('u')]` + ## Outputs diff --git a/modules/compute/virtual-machine-scale-set/extension/README.md b/modules/compute/virtual-machine-scale-set/extension/README.md index 468af0d8f6..9053bdd926 100644 --- a/modules/compute/virtual-machine-scale-set/extension/README.md +++ b/modules/compute/virtual-machine-scale-set/extension/README.md @@ -47,18 +47,56 @@ This module deploys a Virtual Machine Scale Set Extension. ### Parameter: `autoUpgradeMinorVersion` Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true. + - Required: Yes - Type: bool ### Parameter: `enableAutomaticUpgrade` Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available. + - Required: Yes - Type: bool +### Parameter: `name` + +The name of the virtual machine scale set extension. + +- Required: Yes +- Type: string + +### Parameter: `publisher` + +The name of the extension handler publisher. + +- Required: Yes +- Type: string + +### Parameter: `type` + +Specifies the type of the extension; an example is "CustomScriptExtension". + +- Required: Yes +- Type: string + +### Parameter: `typeHandlerVersion` + +Specifies the version of the script handler. + +- Required: Yes +- Type: string + +### Parameter: `virtualMachineScaleSetName` + +The name of the parent virtual machine scale set that extension is provisioned for. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -66,32 +104,23 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `forceUpdateTag` How the extension handler should be forced to update even if the extension configuration has not changed. + - Required: No - Type: string - Default: `''` -### Parameter: `name` - -The name of the virtual machine scale set extension. -- Required: Yes -- Type: string - ### Parameter: `protectedSettings` Any object that contains the extension specific protected settings. + - Required: No - Type: secureObject - Default: `{}` -### Parameter: `publisher` - -The name of the extension handler publisher. -- Required: Yes -- Type: string - ### Parameter: `settings` Any object that contains the extension specific settings. + - Required: No - Type: object - Default: `{}` @@ -99,28 +128,11 @@ Any object that contains the extension specific settings. ### Parameter: `supressFailures` Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false. + - Required: No - Type: bool - Default: `False` -### Parameter: `type` - -Specifies the type of the extension; an example is "CustomScriptExtension". -- Required: Yes -- Type: string - -### Parameter: `typeHandlerVersion` - -Specifies the version of the script handler. -- Required: Yes -- Type: string - -### Parameter: `virtualMachineScaleSetName` - -The name of the parent virtual machine scale set that extension is provisioned for. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/compute/virtual-machine/README.md b/modules/compute/virtual-machine/README.md index 3f0e0fce12..b92ce4549a 100644 --- a/modules/compute/virtual-machine/README.md +++ b/modules/compute/virtual-machine/README.md @@ -33,15 +33,15 @@ The following section provides usage examples for the module, which were used to >**Note**: To reference the module, please use the following syntax `br:bicep/modules/compute.virtual-machine:1.0.0`. -- [Linux](#example-1-linux) -- [Linux.Atmg](#example-2-linuxatmg) -- [Linux.Min](#example-3-linuxmin) -- [Windows](#example-4-windows) -- [Windows.Atmg](#example-5-windowsatmg) -- [Windows.Min](#example-6-windowsmin) -- [Windows.Ssecmk](#example-7-windowsssecmk) +- [Linux.Atmg](#example-1-linuxatmg) +- [Linux.Min](#example-2-linuxmin) +- [Linux](#example-3-linux) +- [Windows.Atmg](#example-4-windowsatmg) +- [Windows.Min](#example-5-windowsmin) +- [Windows.Ssecmk](#example-6-windowsssecmk) +- [Windows](#example-7-windows) -### Example 1: _Linux_ +### Example 1: _Linux.Atmg_
@@ -49,69 +49,28 @@ The following section provides usage examples for the module, which were used to ```bicep module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { - name: '${uniqueString(deployment().name, location)}-test-cvmlincom' + name: '${uniqueString(deployment().name, location)}-test-cvmlinatmg' params: { // Required parameters - adminUsername: 'localAdministrator' + adminUsername: 'localAdminUser' imageReference: { - offer: '0001-com-ubuntu-server-focal' + offer: '0001-com-ubuntu-server-jammy' publisher: 'Canonical' - sku: '' + sku: '22_04-lts-gen2' version: 'latest' } nicConfigurations: [ { - deleteOption: 'Delete' - diagnosticSettings: [ - { - eventHubAuthorizationRuleResourceId: '' - eventHubName: '' - metricCategories: [ - { - category: 'AllMetrics' - } - ] - name: 'customSetting' - storageAccountResourceId: '' - workspaceResourceId: '' - } - ] ipConfigurations: [ { - applicationSecurityGroups: [ - { - id: '' - } - ] - diagnosticSettings: [ - { - eventHubAuthorizationRuleResourceId: '' - eventHubName: '' - metricCategories: [ - { - category: 'AllMetrics' - } - ] - name: 'customSetting' - storageAccountResourceId: '' - workspaceResourceId: '' - } - ] - loadBalancerBackendAddressPools: [ - { - id: '' - } - ] name: 'ipconfig01' pipConfiguration: { publicIpNameSuffix: '-pip-01' - roleAssignments: [ - { - principalId: '' - principalType: 'ServicePrincipal' - roleDefinitionIdOrName: 'Reader' - } - ] + tags: { + Environment: 'Non-Prod' + 'hidden-title': 'This is visible in the resource name' + Role: 'DeploymentValidation' + } } subnetResourceId: '' zones: [ @@ -122,19 +81,14 @@ module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { } ] nicSuffix: '-nic-01' - roleAssignments: [ - { - principalId: '' - principalType: 'ServicePrincipal' - roleDefinitionIdOrName: 'Reader' - } - ] + tags: { + Environment: 'Non-Prod' + 'hidden-title': 'This is visible in the resource name' + Role: 'DeploymentValidation' + } } ] osDisk: { - caching: 'ReadOnly' - createOption: 'fromImage' - deleteOption: 'Delete' diskSizeGB: '128' managedDisk: { storageAccountType: 'Premium_LRS' @@ -143,145 +97,15 @@ module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { osType: 'Linux' vmSize: 'Standard_DS2_v2' // Non-required parameters - availabilityZone: 1 - backupPolicyName: '' - backupVaultName: '' - backupVaultResourceGroup: '' - computerName: 'linvm1' - dataDisks: [ - { - caching: 'ReadWrite' - createOption: 'Empty' - deleteOption: 'Delete' - diskSizeGB: '128' - managedDisk: { - storageAccountType: 'Premium_LRS' - } - } - { - caching: 'ReadWrite' - createOption: 'Empty' - deleteOption: 'Delete' - diskSizeGB: '128' - managedDisk: { - storageAccountType: 'Premium_LRS' - } - } - ] + configurationProfile: '/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction' disablePasswordAuthentication: true - enableAutomaticUpdates: true enableDefaultTelemetry: '' - encryptionAtHost: false - extensionAadJoinConfig: { - enabled: true - tags: { - Environment: 'Non-Prod' - 'hidden-title': 'This is visible in the resource name' - Role: 'DeploymentValidation' - } - } - extensionAzureDiskEncryptionConfig: { - enabled: true - settings: { - EncryptionOperation: 'EnableEncryption' - KekVaultResourceId: '' - KeyEncryptionAlgorithm: 'RSA-OAEP' - KeyEncryptionKeyURL: '' - KeyVaultResourceId: '' - KeyVaultURL: '' - ResizeOSDisk: 'false' - VolumeType: 'All' - } - tags: { - Environment: 'Non-Prod' - 'hidden-title': 'This is visible in the resource name' - Role: 'DeploymentValidation' - } - } - extensionCustomScriptConfig: { - enabled: true - fileData: [ - { - storageAccountId: '' - uri: '' - } - ] - tags: { - Environment: 'Non-Prod' - 'hidden-title': 'This is visible in the resource name' - Role: 'DeploymentValidation' - } - } - extensionCustomScriptProtectedSetting: { - commandToExecute: '' - } - extensionDependencyAgentConfig: { - enabled: true - tags: { - Environment: 'Non-Prod' - 'hidden-title': 'This is visible in the resource name' - Role: 'DeploymentValidation' - } - } - extensionDSCConfig: { - enabled: false - tags: { - Environment: 'Non-Prod' - 'hidden-title': 'This is visible in the resource name' - Role: 'DeploymentValidation' - } - } - extensionMonitoringAgentConfig: { - enabled: true - tags: { - Environment: 'Non-Prod' - 'hidden-title': 'This is visible in the resource name' - Role: 'DeploymentValidation' - } - } - extensionNetworkWatcherAgentConfig: { - enabled: true - tags: { - Environment: 'Non-Prod' - 'hidden-title': 'This is visible in the resource name' - Role: 'DeploymentValidation' - } - } location: '' - lock: { - kind: 'CanNotDelete' - name: 'myCustomLockName' - } - managedIdentities: { - systemAssigned: true - userAssignedResourceIds: [ - '' - ] - } - monitoringWorkspaceId: '' - name: 'cvmlincom' - patchMode: 'AutomaticByPlatform' + name: 'cvmlinatmg' publicKeys: [ { keyData: '' - path: '/home/localAdministrator/.ssh/authorized_keys' - } - ] - roleAssignments: [ - { - principalId: '' - principalType: 'ServicePrincipal' - roleDefinitionIdOrName: 'Owner' - } - { - principalId: '' - principalType: 'ServicePrincipal' - roleDefinitionIdOrName: 'b24988ac-6180-42a0-ab88-20f7382dd24c' - } - { - principalId: '' - principalType: 'ServicePrincipal' - roleDefinitionIdOrName: '' + path: '/home/localAdminUser/.ssh/authorized_keys' } ] tags: { @@ -307,70 +131,29 @@ module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { "parameters": { // Required parameters "adminUsername": { - "value": "localAdministrator" + "value": "localAdminUser" }, "imageReference": { "value": { - "offer": "0001-com-ubuntu-server-focal", + "offer": "0001-com-ubuntu-server-jammy", "publisher": "Canonical", - "sku": "", + "sku": "22_04-lts-gen2", "version": "latest" } }, "nicConfigurations": { "value": [ { - "deleteOption": "Delete", - "diagnosticSettings": [ - { - "eventHubAuthorizationRuleResourceId": "", - "eventHubName": "", - "metricCategories": [ - { - "category": "AllMetrics" - } - ], - "name": "customSetting", - "storageAccountResourceId": "", - "workspaceResourceId": "" - } - ], "ipConfigurations": [ { - "applicationSecurityGroups": [ - { - "id": "" - } - ], - "diagnosticSettings": [ - { - "eventHubAuthorizationRuleResourceId": "", - "eventHubName": "", - "metricCategories": [ - { - "category": "AllMetrics" - } - ], - "name": "customSetting", - "storageAccountResourceId": "", - "workspaceResourceId": "" - } - ], - "loadBalancerBackendAddressPools": [ - { - "id": "" - } - ], "name": "ipconfig01", "pipConfiguration": { "publicIpNameSuffix": "-pip-01", - "roleAssignments": [ - { - "principalId": "", - "principalType": "ServicePrincipal", - "roleDefinitionIdOrName": "Reader" - } - ] + "tags": { + "Environment": "Non-Prod", + "hidden-title": "This is visible in the resource name", + "Role": "DeploymentValidation" + } }, "subnetResourceId": "", "zones": [ @@ -381,21 +164,16 @@ module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { } ], "nicSuffix": "-nic-01", - "roleAssignments": [ - { - "principalId": "", - "principalType": "ServicePrincipal", - "roleDefinitionIdOrName": "Reader" - } - ] + "tags": { + "Environment": "Non-Prod", + "hidden-title": "This is visible in the resource name", + "Role": "DeploymentValidation" + } } ] }, "osDisk": { "value": { - "caching": "ReadOnly", - "createOption": "fromImage", - "deleteOption": "Delete", "diskSizeGB": "128", "managedDisk": { "storageAccountType": "Premium_LRS" @@ -409,196 +187,26 @@ module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { "value": "Standard_DS2_v2" }, // Non-required parameters - "availabilityZone": { - "value": 1 - }, - "backupPolicyName": { - "value": "" - }, - "backupVaultName": { - "value": "" - }, - "backupVaultResourceGroup": { - "value": "" - }, - "computerName": { - "value": "linvm1" - }, - "dataDisks": { - "value": [ - { - "caching": "ReadWrite", - "createOption": "Empty", - "deleteOption": "Delete", - "diskSizeGB": "128", - "managedDisk": { - "storageAccountType": "Premium_LRS" - } - }, - { - "caching": "ReadWrite", - "createOption": "Empty", - "deleteOption": "Delete", - "diskSizeGB": "128", - "managedDisk": { - "storageAccountType": "Premium_LRS" - } - } - ] + "configurationProfile": { + "value": "/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction" }, "disablePasswordAuthentication": { "value": true }, - "enableAutomaticUpdates": { - "value": true - }, "enableDefaultTelemetry": { "value": "" }, - "encryptionAtHost": { - "value": false - }, - "extensionAadJoinConfig": { - "value": { - "enabled": true, - "tags": { - "Environment": "Non-Prod", - "hidden-title": "This is visible in the resource name", - "Role": "DeploymentValidation" - } - } - }, - "extensionAzureDiskEncryptionConfig": { - "value": { - "enabled": true, - "settings": { - "EncryptionOperation": "EnableEncryption", - "KekVaultResourceId": "", - "KeyEncryptionAlgorithm": "RSA-OAEP", - "KeyEncryptionKeyURL": "", - "KeyVaultResourceId": "", - "KeyVaultURL": "", - "ResizeOSDisk": "false", - "VolumeType": "All" - }, - "tags": { - "Environment": "Non-Prod", - "hidden-title": "This is visible in the resource name", - "Role": "DeploymentValidation" - } - } - }, - "extensionCustomScriptConfig": { - "value": { - "enabled": true, - "fileData": [ - { - "storageAccountId": "", - "uri": "" - } - ], - "tags": { - "Environment": "Non-Prod", - "hidden-title": "This is visible in the resource name", - "Role": "DeploymentValidation" - } - } - }, - "extensionCustomScriptProtectedSetting": { - "value": { - "commandToExecute": "" - } - }, - "extensionDependencyAgentConfig": { - "value": { - "enabled": true, - "tags": { - "Environment": "Non-Prod", - "hidden-title": "This is visible in the resource name", - "Role": "DeploymentValidation" - } - } - }, - "extensionDSCConfig": { - "value": { - "enabled": false, - "tags": { - "Environment": "Non-Prod", - "hidden-title": "This is visible in the resource name", - "Role": "DeploymentValidation" - } - } - }, - "extensionMonitoringAgentConfig": { - "value": { - "enabled": true, - "tags": { - "Environment": "Non-Prod", - "hidden-title": "This is visible in the resource name", - "Role": "DeploymentValidation" - } - } - }, - "extensionNetworkWatcherAgentConfig": { - "value": { - "enabled": true, - "tags": { - "Environment": "Non-Prod", - "hidden-title": "This is visible in the resource name", - "Role": "DeploymentValidation" - } - } - }, "location": { "value": "" }, - "lock": { - "value": { - "kind": "CanNotDelete", - "name": "myCustomLockName" - } - }, - "managedIdentities": { - "value": { - "systemAssigned": true, - "userAssignedResourceIds": [ - "" - ] - } - }, - "monitoringWorkspaceId": { - "value": "" - }, "name": { - "value": "cvmlincom" - }, - "patchMode": { - "value": "AutomaticByPlatform" + "value": "cvmlinatmg" }, "publicKeys": { "value": [ { "keyData": "", - "path": "/home/localAdministrator/.ssh/authorized_keys" - } - ] - }, - "roleAssignments": { - "value": [ - { - "principalId": "", - "principalType": "ServicePrincipal", - "roleDefinitionIdOrName": "Owner" - }, - { - "principalId": "", - "principalType": "ServicePrincipal", - "roleDefinitionIdOrName": "b24988ac-6180-42a0-ab88-20f7382dd24c" - }, - { - "principalId": "", - "principalType": "ServicePrincipal", - "roleDefinitionIdOrName": "" + "path": "/home/localAdminUser/.ssh/authorized_keys" } ] }, @@ -616,7 +224,7 @@ module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = {

-### Example 2: _Linux.Atmg_ +### Example 2: _Linux.Min_

@@ -624,7 +232,7 @@ module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { ```bicep module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { - name: '${uniqueString(deployment().name, location)}-test-cvmlinatmg' + name: '${uniqueString(deployment().name, location)}-test-cvmlinmin' params: { // Required parameters adminUsername: 'localAdminUser' @@ -641,26 +249,11 @@ module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { name: 'ipconfig01' pipConfiguration: { publicIpNameSuffix: '-pip-01' - tags: { - Environment: 'Non-Prod' - 'hidden-title': 'This is visible in the resource name' - Role: 'DeploymentValidation' - } } subnetResourceId: '' - zones: [ - '1' - '2' - '3' - ] } ] nicSuffix: '-nic-01' - tags: { - Environment: 'Non-Prod' - 'hidden-title': 'This is visible in the resource name' - Role: 'DeploymentValidation' - } } ] osDisk: { @@ -672,22 +265,16 @@ module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { osType: 'Linux' vmSize: 'Standard_DS2_v2' // Non-required parameters - configurationProfile: '/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction' disablePasswordAuthentication: true enableDefaultTelemetry: '' location: '' - name: 'cvmlinatmg' + name: 'cvmlinmin' publicKeys: [ { keyData: '' path: '/home/localAdminUser/.ssh/authorized_keys' } ] - tags: { - Environment: 'Non-Prod' - 'hidden-title': 'This is visible in the resource name' - Role: 'DeploymentValidation' - } } } ``` @@ -723,27 +310,12 @@ module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { { "name": "ipconfig01", "pipConfiguration": { - "publicIpNameSuffix": "-pip-01", - "tags": { - "Environment": "Non-Prod", - "hidden-title": "This is visible in the resource name", - "Role": "DeploymentValidation" - } + "publicIpNameSuffix": "-pip-01" }, - "subnetResourceId": "", - "zones": [ - "1", - "2", - "3" - ] + "subnetResourceId": "" } ], - "nicSuffix": "-nic-01", - "tags": { - "Environment": "Non-Prod", - "hidden-title": "This is visible in the resource name", - "Role": "DeploymentValidation" - } + "nicSuffix": "-nic-01" } ] }, @@ -762,9 +334,6 @@ module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { "value": "Standard_DS2_v2" }, // Non-required parameters - "configurationProfile": { - "value": "/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction" - }, "disablePasswordAuthentication": { "value": true }, @@ -775,7 +344,7 @@ module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { "value": "" }, "name": { - "value": "cvmlinatmg" + "value": "cvmlinmin" }, "publicKeys": { "value": [ @@ -784,13 +353,6 @@ module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { "path": "/home/localAdminUser/.ssh/authorized_keys" } ] - }, - "tags": { - "value": { - "Environment": "Non-Prod", - "hidden-title": "This is visible in the resource name", - "Role": "DeploymentValidation" - } } } } @@ -799,7 +361,7 @@ module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = {

-### Example 3: _Linux.Min_ +### Example 3: _Linux_

@@ -807,151 +369,14 @@ module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { ```bicep module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { - name: '${uniqueString(deployment().name, location)}-test-cvmlinmin' + name: '${uniqueString(deployment().name, location)}-test-cvmlincom' params: { // Required parameters - adminUsername: 'localAdminUser' + adminUsername: 'localAdministrator' imageReference: { - offer: '0001-com-ubuntu-server-jammy' + offer: '0001-com-ubuntu-server-focal' publisher: 'Canonical' - sku: '22_04-lts-gen2' - version: 'latest' - } - nicConfigurations: [ - { - ipConfigurations: [ - { - name: 'ipconfig01' - pipConfiguration: { - publicIpNameSuffix: '-pip-01' - } - subnetResourceId: '' - } - ] - nicSuffix: '-nic-01' - } - ] - osDisk: { - diskSizeGB: '128' - managedDisk: { - storageAccountType: 'Premium_LRS' - } - } - osType: 'Linux' - vmSize: 'Standard_DS2_v2' - // Non-required parameters - disablePasswordAuthentication: true - enableDefaultTelemetry: '' - location: '' - name: 'cvmlinmin' - publicKeys: [ - { - keyData: '' - path: '/home/localAdminUser/.ssh/authorized_keys' - } - ] - } -} -``` - -
-

- -

- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - // Required parameters - "adminUsername": { - "value": "localAdminUser" - }, - "imageReference": { - "value": { - "offer": "0001-com-ubuntu-server-jammy", - "publisher": "Canonical", - "sku": "22_04-lts-gen2", - "version": "latest" - } - }, - "nicConfigurations": { - "value": [ - { - "ipConfigurations": [ - { - "name": "ipconfig01", - "pipConfiguration": { - "publicIpNameSuffix": "-pip-01" - }, - "subnetResourceId": "" - } - ], - "nicSuffix": "-nic-01" - } - ] - }, - "osDisk": { - "value": { - "diskSizeGB": "128", - "managedDisk": { - "storageAccountType": "Premium_LRS" - } - } - }, - "osType": { - "value": "Linux" - }, - "vmSize": { - "value": "Standard_DS2_v2" - }, - // Non-required parameters - "disablePasswordAuthentication": { - "value": true - }, - "enableDefaultTelemetry": { - "value": "" - }, - "location": { - "value": "" - }, - "name": { - "value": "cvmlinmin" - }, - "publicKeys": { - "value": [ - { - "keyData": "", - "path": "/home/localAdminUser/.ssh/authorized_keys" - } - ] - } - } -} -``` - -
-

- -### Example 4: _Windows_ - -

- -via Bicep module - -```bicep -module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { - name: '${uniqueString(deployment().name, location)}-test-cvmwincom' - params: { - // Required parameters - adminUsername: 'VMAdmin' - imageReference: { - offer: 'WindowsServer' - publisher: 'MicrosoftWindowsServer' - sku: '2019-datacenter' + sku: '' version: 'latest' } nicConfigurations: [ @@ -1027,7 +452,7 @@ module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { } ] osDisk: { - caching: 'None' + caching: 'ReadOnly' createOption: 'fromImage' deleteOption: 'Delete' diskSizeGB: '128' @@ -1035,18 +460,17 @@ module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { storageAccountType: 'Premium_LRS' } } - osType: 'Windows' + osType: 'Linux' vmSize: 'Standard_DS2_v2' // Non-required parameters - adminPassword: '' - availabilityZone: 2 + availabilityZone: 1 backupPolicyName: '' backupVaultName: '' backupVaultResourceGroup: '' - computerName: 'winvm1' + computerName: 'linvm1' dataDisks: [ { - caching: 'None' + caching: 'ReadWrite' createOption: 'Empty' deleteOption: 'Delete' diskSizeGB: '128' @@ -1055,7 +479,7 @@ module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { } } { - caching: 'None' + caching: 'ReadWrite' createOption: 'Empty' deleteOption: 'Delete' diskSizeGB: '128' @@ -1064,6 +488,7 @@ module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { } } ] + disablePasswordAuthentication: true enableAutomaticUpdates: true enableDefaultTelemetry: '' encryptionAtHost: false @@ -1075,29 +500,6 @@ module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { Role: 'DeploymentValidation' } } - extensionAntiMalwareConfig: { - enabled: true - settings: { - AntimalwareEnabled: 'true' - Exclusions: { - Extensions: '.ext1;.ext2' - Paths: 'c:\\excluded-path-1;c:\\excluded-path-2' - Processes: 'excludedproc1.exe;excludedproc2.exe' - } - RealtimeProtectionEnabled: 'true' - ScheduledScanSettings: { - day: '7' - isEnabled: 'true' - scanType: 'Quick' - time: '120' - } - } - tags: { - Environment: 'Non-Prod' - 'hidden-title': 'This is visible in the resource name' - Role: 'DeploymentValidation' - } - } extensionAzureDiskEncryptionConfig: { enabled: true settings: { @@ -1108,13 +510,13 @@ module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { KeyVaultResourceId: '' KeyVaultURL: '' ResizeOSDisk: 'false' - tags: { - Environment: 'Non-Prod' - 'hidden-title': 'This is visible in the resource name' - Role: 'DeploymentValidation' - } VolumeType: 'All' } + tags: { + Environment: 'Non-Prod' + 'hidden-title': 'This is visible in the resource name' + Role: 'DeploymentValidation' + } } extensionCustomScriptConfig: { enabled: true @@ -1142,7 +544,7 @@ module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { } } extensionDSCConfig: { - enabled: true + enabled: false tags: { Environment: 'Non-Prod' 'hidden-title': 'This is visible in the resource name' @@ -1177,9 +579,14 @@ module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { ] } monitoringWorkspaceId: '' - name: 'cvmwincom' + name: 'cvmlincom' patchMode: 'AutomaticByPlatform' - proximityPlacementGroupResourceId: '' + publicKeys: [ + { + keyData: '' + path: '/home/localAdministrator/.ssh/authorized_keys' + } + ] roleAssignments: [ { principalId: '' @@ -1220,13 +627,13 @@ module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { "parameters": { // Required parameters "adminUsername": { - "value": "VMAdmin" + "value": "localAdministrator" }, "imageReference": { "value": { - "offer": "WindowsServer", - "publisher": "MicrosoftWindowsServer", - "sku": "2019-datacenter", + "offer": "0001-com-ubuntu-server-focal", + "publisher": "Canonical", + "sku": "", "version": "latest" } }, @@ -1306,7 +713,7 @@ module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { }, "osDisk": { "value": { - "caching": "None", + "caching": "ReadOnly", "createOption": "fromImage", "deleteOption": "Delete", "diskSizeGB": "128", @@ -1316,17 +723,14 @@ module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { } }, "osType": { - "value": "Windows" + "value": "Linux" }, "vmSize": { "value": "Standard_DS2_v2" }, // Non-required parameters - "adminPassword": { - "value": "" - }, "availabilityZone": { - "value": 2 + "value": 1 }, "backupPolicyName": { "value": "" @@ -1338,12 +742,12 @@ module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { "value": "" }, "computerName": { - "value": "winvm1" + "value": "linvm1" }, "dataDisks": { "value": [ { - "caching": "None", + "caching": "ReadWrite", "createOption": "Empty", "deleteOption": "Delete", "diskSizeGB": "128", @@ -1352,7 +756,7 @@ module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { } }, { - "caching": "None", + "caching": "ReadWrite", "createOption": "Empty", "deleteOption": "Delete", "diskSizeGB": "128", @@ -1362,6 +766,9 @@ module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { } ] }, + "disablePasswordAuthentication": { + "value": true + }, "enableAutomaticUpdates": { "value": true }, @@ -1381,32 +788,7 @@ module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { } } }, - "extensionAntiMalwareConfig": { - "value": { - "enabled": true, - "settings": { - "AntimalwareEnabled": "true", - "Exclusions": { - "Extensions": ".ext1;.ext2", - "Paths": "c:\\excluded-path-1;c:\\excluded-path-2", - "Processes": "excludedproc1.exe;excludedproc2.exe" - }, - "RealtimeProtectionEnabled": "true", - "ScheduledScanSettings": { - "day": "7", - "isEnabled": "true", - "scanType": "Quick", - "time": "120" - } - }, - "tags": { - "Environment": "Non-Prod", - "hidden-title": "This is visible in the resource name", - "Role": "DeploymentValidation" - } - } - }, - "extensionAzureDiskEncryptionConfig": { + "extensionAzureDiskEncryptionConfig": { "value": { "enabled": true, "settings": { @@ -1417,12 +799,12 @@ module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { "KeyVaultResourceId": "", "KeyVaultURL": "", "ResizeOSDisk": "false", - "tags": { - "Environment": "Non-Prod", - "hidden-title": "This is visible in the resource name", - "Role": "DeploymentValidation" - }, "VolumeType": "All" + }, + "tags": { + "Environment": "Non-Prod", + "hidden-title": "This is visible in the resource name", + "Role": "DeploymentValidation" } } }, @@ -1459,7 +841,7 @@ module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { }, "extensionDSCConfig": { "value": { - "enabled": true, + "enabled": false, "tags": { "Environment": "Non-Prod", "hidden-title": "This is visible in the resource name", @@ -1508,13 +890,18 @@ module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { "value": "" }, "name": { - "value": "cvmwincom" + "value": "cvmlincom" }, "patchMode": { "value": "AutomaticByPlatform" }, - "proximityPlacementGroupResourceId": { - "value": "" + "publicKeys": { + "value": [ + { + "keyData": "", + "path": "/home/localAdministrator/.ssh/authorized_keys" + } + ] }, "roleAssignments": { "value": [ @@ -1549,7 +936,7 @@ module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = {

-### Example 5: _Windows.Atmg_ +### Example 4: _Windows.Atmg_

@@ -1682,7 +1069,7 @@ module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = {

-### Example 6: _Windows.Min_ +### Example 5: _Windows.Min_

@@ -1799,7 +1186,7 @@ module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = {

-### Example 7: _Windows.Ssecmk_ +### Example 6: _Windows.Ssecmk_

@@ -1935,15 +1322,628 @@ module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { } ] }, - "enableDefaultTelemetry": { - "value": "" - }, - "location": { - "value": "" - }, - "name": { - "value": "cvmwincmk" - }, + "enableDefaultTelemetry": { + "value": "" + }, + "location": { + "value": "" + }, + "name": { + "value": "cvmwincmk" + }, + "tags": { + "value": { + "Environment": "Non-Prod", + "hidden-title": "This is visible in the resource name", + "Role": "DeploymentValidation" + } + } + } +} +``` + +
+

+ +### Example 7: _Windows_ + +

+ +via Bicep module + +```bicep +module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { + name: '${uniqueString(deployment().name, location)}-test-cvmwincom' + params: { + // Required parameters + adminUsername: 'VMAdmin' + imageReference: { + offer: 'WindowsServer' + publisher: 'MicrosoftWindowsServer' + sku: '2019-datacenter' + version: 'latest' + } + nicConfigurations: [ + { + deleteOption: 'Delete' + diagnosticSettings: [ + { + eventHubAuthorizationRuleResourceId: '' + eventHubName: '' + metricCategories: [ + { + category: 'AllMetrics' + } + ] + name: 'customSetting' + storageAccountResourceId: '' + workspaceResourceId: '' + } + ] + ipConfigurations: [ + { + applicationSecurityGroups: [ + { + id: '' + } + ] + diagnosticSettings: [ + { + eventHubAuthorizationRuleResourceId: '' + eventHubName: '' + metricCategories: [ + { + category: 'AllMetrics' + } + ] + name: 'customSetting' + storageAccountResourceId: '' + workspaceResourceId: '' + } + ] + loadBalancerBackendAddressPools: [ + { + id: '' + } + ] + name: 'ipconfig01' + pipConfiguration: { + publicIpNameSuffix: '-pip-01' + roleAssignments: [ + { + principalId: '' + principalType: 'ServicePrincipal' + roleDefinitionIdOrName: 'Reader' + } + ] + } + subnetResourceId: '' + zones: [ + '1' + '2' + '3' + ] + } + ] + nicSuffix: '-nic-01' + roleAssignments: [ + { + principalId: '' + principalType: 'ServicePrincipal' + roleDefinitionIdOrName: 'Reader' + } + ] + } + ] + osDisk: { + caching: 'None' + createOption: 'fromImage' + deleteOption: 'Delete' + diskSizeGB: '128' + managedDisk: { + storageAccountType: 'Premium_LRS' + } + } + osType: 'Windows' + vmSize: 'Standard_DS2_v2' + // Non-required parameters + adminPassword: '' + availabilityZone: 2 + backupPolicyName: '' + backupVaultName: '' + backupVaultResourceGroup: '' + computerName: 'winvm1' + dataDisks: [ + { + caching: 'None' + createOption: 'Empty' + deleteOption: 'Delete' + diskSizeGB: '128' + managedDisk: { + storageAccountType: 'Premium_LRS' + } + } + { + caching: 'None' + createOption: 'Empty' + deleteOption: 'Delete' + diskSizeGB: '128' + managedDisk: { + storageAccountType: 'Premium_LRS' + } + } + ] + enableAutomaticUpdates: true + enableDefaultTelemetry: '' + encryptionAtHost: false + extensionAadJoinConfig: { + enabled: true + tags: { + Environment: 'Non-Prod' + 'hidden-title': 'This is visible in the resource name' + Role: 'DeploymentValidation' + } + } + extensionAntiMalwareConfig: { + enabled: true + settings: { + AntimalwareEnabled: 'true' + Exclusions: { + Extensions: '.ext1;.ext2' + Paths: 'c:\\excluded-path-1;c:\\excluded-path-2' + Processes: 'excludedproc1.exe;excludedproc2.exe' + } + RealtimeProtectionEnabled: 'true' + ScheduledScanSettings: { + day: '7' + isEnabled: 'true' + scanType: 'Quick' + time: '120' + } + } + tags: { + Environment: 'Non-Prod' + 'hidden-title': 'This is visible in the resource name' + Role: 'DeploymentValidation' + } + } + extensionAzureDiskEncryptionConfig: { + enabled: true + settings: { + EncryptionOperation: 'EnableEncryption' + KekVaultResourceId: '' + KeyEncryptionAlgorithm: 'RSA-OAEP' + KeyEncryptionKeyURL: '' + KeyVaultResourceId: '' + KeyVaultURL: '' + ResizeOSDisk: 'false' + tags: { + Environment: 'Non-Prod' + 'hidden-title': 'This is visible in the resource name' + Role: 'DeploymentValidation' + } + VolumeType: 'All' + } + } + extensionCustomScriptConfig: { + enabled: true + fileData: [ + { + storageAccountId: '' + uri: '' + } + ] + tags: { + Environment: 'Non-Prod' + 'hidden-title': 'This is visible in the resource name' + Role: 'DeploymentValidation' + } + } + extensionCustomScriptProtectedSetting: { + commandToExecute: '' + } + extensionDependencyAgentConfig: { + enabled: true + tags: { + Environment: 'Non-Prod' + 'hidden-title': 'This is visible in the resource name' + Role: 'DeploymentValidation' + } + } + extensionDSCConfig: { + enabled: true + tags: { + Environment: 'Non-Prod' + 'hidden-title': 'This is visible in the resource name' + Role: 'DeploymentValidation' + } + } + extensionMonitoringAgentConfig: { + enabled: true + tags: { + Environment: 'Non-Prod' + 'hidden-title': 'This is visible in the resource name' + Role: 'DeploymentValidation' + } + } + extensionNetworkWatcherAgentConfig: { + enabled: true + tags: { + Environment: 'Non-Prod' + 'hidden-title': 'This is visible in the resource name' + Role: 'DeploymentValidation' + } + } + location: '' + lock: { + kind: 'CanNotDelete' + name: 'myCustomLockName' + } + managedIdentities: { + systemAssigned: true + userAssignedResourceIds: [ + '' + ] + } + monitoringWorkspaceId: '' + name: 'cvmwincom' + patchMode: 'AutomaticByPlatform' + proximityPlacementGroupResourceId: '' + roleAssignments: [ + { + principalId: '' + principalType: 'ServicePrincipal' + roleDefinitionIdOrName: 'Owner' + } + { + principalId: '' + principalType: 'ServicePrincipal' + roleDefinitionIdOrName: 'b24988ac-6180-42a0-ab88-20f7382dd24c' + } + { + principalId: '' + principalType: 'ServicePrincipal' + roleDefinitionIdOrName: '' + } + ] + tags: { + Environment: 'Non-Prod' + 'hidden-title': 'This is visible in the resource name' + Role: 'DeploymentValidation' + } + } +} +``` + +
+

+ +

+ +via JSON Parameter file + +```json +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", + "contentVersion": "1.0.0.0", + "parameters": { + // Required parameters + "adminUsername": { + "value": "VMAdmin" + }, + "imageReference": { + "value": { + "offer": "WindowsServer", + "publisher": "MicrosoftWindowsServer", + "sku": "2019-datacenter", + "version": "latest" + } + }, + "nicConfigurations": { + "value": [ + { + "deleteOption": "Delete", + "diagnosticSettings": [ + { + "eventHubAuthorizationRuleResourceId": "", + "eventHubName": "", + "metricCategories": [ + { + "category": "AllMetrics" + } + ], + "name": "customSetting", + "storageAccountResourceId": "", + "workspaceResourceId": "" + } + ], + "ipConfigurations": [ + { + "applicationSecurityGroups": [ + { + "id": "" + } + ], + "diagnosticSettings": [ + { + "eventHubAuthorizationRuleResourceId": "", + "eventHubName": "", + "metricCategories": [ + { + "category": "AllMetrics" + } + ], + "name": "customSetting", + "storageAccountResourceId": "", + "workspaceResourceId": "" + } + ], + "loadBalancerBackendAddressPools": [ + { + "id": "" + } + ], + "name": "ipconfig01", + "pipConfiguration": { + "publicIpNameSuffix": "-pip-01", + "roleAssignments": [ + { + "principalId": "", + "principalType": "ServicePrincipal", + "roleDefinitionIdOrName": "Reader" + } + ] + }, + "subnetResourceId": "", + "zones": [ + "1", + "2", + "3" + ] + } + ], + "nicSuffix": "-nic-01", + "roleAssignments": [ + { + "principalId": "", + "principalType": "ServicePrincipal", + "roleDefinitionIdOrName": "Reader" + } + ] + } + ] + }, + "osDisk": { + "value": { + "caching": "None", + "createOption": "fromImage", + "deleteOption": "Delete", + "diskSizeGB": "128", + "managedDisk": { + "storageAccountType": "Premium_LRS" + } + } + }, + "osType": { + "value": "Windows" + }, + "vmSize": { + "value": "Standard_DS2_v2" + }, + // Non-required parameters + "adminPassword": { + "value": "" + }, + "availabilityZone": { + "value": 2 + }, + "backupPolicyName": { + "value": "" + }, + "backupVaultName": { + "value": "" + }, + "backupVaultResourceGroup": { + "value": "" + }, + "computerName": { + "value": "winvm1" + }, + "dataDisks": { + "value": [ + { + "caching": "None", + "createOption": "Empty", + "deleteOption": "Delete", + "diskSizeGB": "128", + "managedDisk": { + "storageAccountType": "Premium_LRS" + } + }, + { + "caching": "None", + "createOption": "Empty", + "deleteOption": "Delete", + "diskSizeGB": "128", + "managedDisk": { + "storageAccountType": "Premium_LRS" + } + } + ] + }, + "enableAutomaticUpdates": { + "value": true + }, + "enableDefaultTelemetry": { + "value": "" + }, + "encryptionAtHost": { + "value": false + }, + "extensionAadJoinConfig": { + "value": { + "enabled": true, + "tags": { + "Environment": "Non-Prod", + "hidden-title": "This is visible in the resource name", + "Role": "DeploymentValidation" + } + } + }, + "extensionAntiMalwareConfig": { + "value": { + "enabled": true, + "settings": { + "AntimalwareEnabled": "true", + "Exclusions": { + "Extensions": ".ext1;.ext2", + "Paths": "c:\\excluded-path-1;c:\\excluded-path-2", + "Processes": "excludedproc1.exe;excludedproc2.exe" + }, + "RealtimeProtectionEnabled": "true", + "ScheduledScanSettings": { + "day": "7", + "isEnabled": "true", + "scanType": "Quick", + "time": "120" + } + }, + "tags": { + "Environment": "Non-Prod", + "hidden-title": "This is visible in the resource name", + "Role": "DeploymentValidation" + } + } + }, + "extensionAzureDiskEncryptionConfig": { + "value": { + "enabled": true, + "settings": { + "EncryptionOperation": "EnableEncryption", + "KekVaultResourceId": "", + "KeyEncryptionAlgorithm": "RSA-OAEP", + "KeyEncryptionKeyURL": "", + "KeyVaultResourceId": "", + "KeyVaultURL": "", + "ResizeOSDisk": "false", + "tags": { + "Environment": "Non-Prod", + "hidden-title": "This is visible in the resource name", + "Role": "DeploymentValidation" + }, + "VolumeType": "All" + } + } + }, + "extensionCustomScriptConfig": { + "value": { + "enabled": true, + "fileData": [ + { + "storageAccountId": "", + "uri": "" + } + ], + "tags": { + "Environment": "Non-Prod", + "hidden-title": "This is visible in the resource name", + "Role": "DeploymentValidation" + } + } + }, + "extensionCustomScriptProtectedSetting": { + "value": { + "commandToExecute": "" + } + }, + "extensionDependencyAgentConfig": { + "value": { + "enabled": true, + "tags": { + "Environment": "Non-Prod", + "hidden-title": "This is visible in the resource name", + "Role": "DeploymentValidation" + } + } + }, + "extensionDSCConfig": { + "value": { + "enabled": true, + "tags": { + "Environment": "Non-Prod", + "hidden-title": "This is visible in the resource name", + "Role": "DeploymentValidation" + } + } + }, + "extensionMonitoringAgentConfig": { + "value": { + "enabled": true, + "tags": { + "Environment": "Non-Prod", + "hidden-title": "This is visible in the resource name", + "Role": "DeploymentValidation" + } + } + }, + "extensionNetworkWatcherAgentConfig": { + "value": { + "enabled": true, + "tags": { + "Environment": "Non-Prod", + "hidden-title": "This is visible in the resource name", + "Role": "DeploymentValidation" + } + } + }, + "location": { + "value": "" + }, + "lock": { + "value": { + "kind": "CanNotDelete", + "name": "myCustomLockName" + } + }, + "managedIdentities": { + "value": { + "systemAssigned": true, + "userAssignedResourceIds": [ + "" + ] + } + }, + "monitoringWorkspaceId": { + "value": "" + }, + "name": { + "value": "cvmwincom" + }, + "patchMode": { + "value": "AutomaticByPlatform" + }, + "proximityPlacementGroupResourceId": { + "value": "" + }, + "roleAssignments": { + "value": [ + { + "principalId": "", + "principalType": "ServicePrincipal", + "roleDefinitionIdOrName": "Owner" + }, + { + "principalId": "", + "principalType": "ServicePrincipal", + "roleDefinitionIdOrName": "b24988ac-6180-42a0-ab88-20f7382dd24c" + }, + { + "principalId": "", + "principalType": "ServicePrincipal", + "roleDefinitionIdOrName": "" + } + ] + }, "tags": { "value": { "Environment": "Non-Prod", @@ -2039,9 +2039,75 @@ module virtualMachine 'br:bicep/modules/compute.virtual-machine:1.0.0' = { | :-- | :-- | :-- | | [`baseTime`](#parameter-basetime) | string | Do not provide a value! This date value is used to generate a registration token. | +### Parameter: `adminUsername` + +Administrator username. + +- Required: Yes +- Type: securestring + +### Parameter: `configurationProfile` + +The configuration profile of automanage. + +- Required: No +- Type: string +- Default: `''` +- Allowed: + ```Bicep + [ + '' + '/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesDevTest' + '/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction' + ] + ``` + +### Parameter: `imageReference` + +OS image reference. In case of marketplace images, it's the combination of the publisher, offer, sku, version attributes. In case of custom images it's the resource ID of the custom image. + +- Required: Yes +- Type: object + +### Parameter: `nicConfigurations` + +Configures NICs and PIPs. + +- Required: Yes +- Type: array + +### Parameter: `osDisk` + +Specifies the OS disk. For security reasons, it is recommended to specify DiskEncryptionSet into the osDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs. + +- Required: Yes +- Type: object + +### Parameter: `osType` + +The chosen OS type. + +- Required: Yes +- Type: string +- Allowed: + ```Bicep + [ + 'Linux' + 'Windows' + ] + ``` + +### Parameter: `vmSize` + +Specifies the size for the VMs. + +- Required: Yes +- Type: string + ### Parameter: `additionalUnattendContent` Specifies additional base-64 encoded XML formatted information that can be included in the Unattend.xml file, which is used by Windows Setup. - AdditionalUnattendContent object. + - Required: No - Type: array - Default: `[]` @@ -2049,19 +2115,15 @@ Specifies additional base-64 encoded XML formatted information that can be inclu ### Parameter: `adminPassword` When specifying a Windows Virtual Machine, this value should be passed. + - Required: No - Type: securestring - Default: `''` -### Parameter: `adminUsername` - -Administrator username. -- Required: Yes -- Type: securestring - ### Parameter: `allowExtensionOperations` Specifies whether extension operations should be allowed on the virtual machine. This may only be set to False when no extensions are present on the virtual machine. + - Required: No - Type: bool - Default: `True` @@ -2069,6 +2131,7 @@ Specifies whether extension operations should be allowed on the virtual machine. ### Parameter: `availabilitySetResourceId` Resource ID of an availability set. Cannot be used in combination with availability zone nor scale set. + - Required: No - Type: string - Default: `''` @@ -2076,6 +2139,7 @@ Resource ID of an availability set. Cannot be used in combination with availabil ### Parameter: `availabilityZone` If set to 1, 2 or 3, the availability zone for all VMs is hardcoded to that value. If zero, then availability zones is not used. Cannot be used in combination with availability set nor scale set. + - Required: No - Type: int - Default: `0` @@ -2092,6 +2156,7 @@ If set to 1, 2 or 3, the availability zone for all VMs is hardcoded to that valu ### Parameter: `backupPolicyName` Backup policy the VMs should be using for backup. If not provided, it will use the DefaultPolicy from the backup recovery service vault. + - Required: No - Type: string - Default: `'DefaultPolicy'` @@ -2099,6 +2164,7 @@ Backup policy the VMs should be using for backup. If not provided, it will use t ### Parameter: `backupVaultName` Recovery service vault name to add VMs to backup. + - Required: No - Type: string - Default: `''` @@ -2106,20 +2172,15 @@ Recovery service vault name to add VMs to backup. ### Parameter: `backupVaultResourceGroup` Resource group of the backup recovery service vault. If not provided the current resource group name is considered by default. -- Required: No -- Type: string -- Default: `[resourceGroup().name]` - -### Parameter: `baseTime` -Do not provide a value! This date value is used to generate a registration token. - Required: No - Type: string -- Default: `[utcNow('u')]` +- Default: `[resourceGroup().name]` ### Parameter: `bootDiagnostics` Whether boot diagnostics should be enabled on the Virtual Machine. Boot diagnostics will be enabled with a managed storage account if no bootDiagnosticsStorageAccountName value is provided. If bootDiagnostics and bootDiagnosticsStorageAccountName values are not provided, boot diagnostics will be disabled. + - Required: No - Type: bool - Default: `False` @@ -2127,6 +2188,7 @@ Whether boot diagnostics should be enabled on the Virtual Machine. Boot diagnost ### Parameter: `bootDiagnosticStorageAccountName` Custom storage account used to store boot diagnostic information. Boot diagnostics will be enabled with a custom storage account if a value is provided. + - Required: No - Type: string - Default: `''` @@ -2134,6 +2196,7 @@ Custom storage account used to store boot diagnostic information. Boot diagnosti ### Parameter: `bootDiagnosticStorageAccountUri` Storage account boot diagnostic base URI. + - Required: No - Type: string - Default: `[format('.blob.{0}/', environment().suffixes.storage)]` @@ -2141,6 +2204,7 @@ Storage account boot diagnostic base URI. ### Parameter: `certificatesToBeInstalled` Specifies set of certificates that should be installed onto the virtual machine. + - Required: No - Type: array - Default: `[]` @@ -2148,28 +2212,15 @@ Specifies set of certificates that should be installed onto the virtual machine. ### Parameter: `computerName` Can be used if the computer name needs to be different from the Azure VM resource name. If not used, the resource name will be used as computer name. -- Required: No -- Type: string -- Default: `[parameters('name')]` - -### Parameter: `configurationProfile` -The configuration profile of automanage. - Required: No - Type: string -- Default: `''` -- Allowed: - ```Bicep - [ - '' - '/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesDevTest' - '/providers/Microsoft.Automanage/bestPractices/AzureBestPracticesProduction' - ] - ``` +- Default: `[parameters('name')]` ### Parameter: `customData` Custom data associated to the VM, this value will be automatically converted into base64 to account for the expected VM format. + - Required: No - Type: string - Default: `''` @@ -2177,6 +2228,7 @@ Custom data associated to the VM, this value will be automatically converted int ### Parameter: `dataDisks` Specifies the data disks. For security reasons, it is recommended to specify DiskEncryptionSet into the dataDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs. + - Required: No - Type: array - Default: `[]` @@ -2184,6 +2236,7 @@ Specifies the data disks. For security reasons, it is recommended to specify Dis ### Parameter: `dedicatedHostId` Specifies resource ID about the dedicated host that the virtual machine resides in. + - Required: No - Type: string - Default: `''` @@ -2191,6 +2244,7 @@ Specifies resource ID about the dedicated host that the virtual machine resides ### Parameter: `disablePasswordAuthentication` Specifies whether password authentication should be disabled. + - Required: No - Type: bool - Default: `False` @@ -2198,6 +2252,7 @@ Specifies whether password authentication should be disabled. ### Parameter: `enableAutomaticUpdates` Indicates whether Automatic Updates is enabled for the Windows virtual machine. Default value is true. When patchMode is set to Manual, this parameter must be set to false. For virtual machine scale sets, this property can be updated and updates will take effect on OS reprovisioning. + - Required: No - Type: bool - Default: `True` @@ -2205,6 +2260,7 @@ Indicates whether Automatic Updates is enabled for the Windows virtual machine. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -2212,6 +2268,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `enableEvictionPolicy` Specifies the eviction policy for the low priority virtual machine. Will result in 'Deallocate' eviction policy. + - Required: No - Type: bool - Default: `False` @@ -2219,6 +2276,7 @@ Specifies the eviction policy for the low priority virtual machine. Will result ### Parameter: `encryptionAtHost` This property can be used by user in the request to enable or disable the Host Encryption for the virtual machine. This will enable the encryption for all the disks including Resource/Temp disk at host itself. For security reasons, it is recommended to set encryptionAtHost to True. Restrictions: Cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs. + - Required: No - Type: bool - Default: `True` @@ -2226,6 +2284,7 @@ This property can be used by user in the request to enable or disable the Host E ### Parameter: `extensionAadJoinConfig` The configuration for the [AAD Join] extension. Must at least contain the ["enabled": true] property to be executed. + - Required: No - Type: object - Default: @@ -2238,6 +2297,7 @@ The configuration for the [AAD Join] extension. Must at least contain the ["enab ### Parameter: `extensionAntiMalwareConfig` The configuration for the [Anti Malware] extension. Must at least contain the ["enabled": true] property to be executed. + - Required: No - Type: object - Default: @@ -2250,6 +2310,7 @@ The configuration for the [Anti Malware] extension. Must at least contain the [" ### Parameter: `extensionAzureDiskEncryptionConfig` The configuration for the [Azure Disk Encryption] extension. Must at least contain the ["enabled": true] property to be executed. Restrictions: Cannot be enabled on disks that have encryption at host enabled. Managed disks encrypted using Azure Disk Encryption cannot be encrypted using customer-managed keys. + - Required: No - Type: object - Default: @@ -2262,6 +2323,7 @@ The configuration for the [Azure Disk Encryption] extension. Must at least conta ### Parameter: `extensionCustomScriptConfig` The configuration for the [Custom Script] extension. Must at least contain the ["enabled": true] property to be executed. + - Required: No - Type: object - Default: @@ -2275,6 +2337,7 @@ The configuration for the [Custom Script] extension. Must at least contain the [ ### Parameter: `extensionCustomScriptProtectedSetting` Any object that contains the extension specific protected settings. + - Required: No - Type: secureObject - Default: `{}` @@ -2282,6 +2345,7 @@ Any object that contains the extension specific protected settings. ### Parameter: `extensionDependencyAgentConfig` The configuration for the [Dependency Agent] extension. Must at least contain the ["enabled": true] property to be executed. + - Required: No - Type: object - Default: @@ -2294,6 +2358,7 @@ The configuration for the [Dependency Agent] extension. Must at least contain th ### Parameter: `extensionDomainJoinConfig` The configuration for the [Domain Join] extension. Must at least contain the ["enabled": true] property to be executed. + - Required: No - Type: object - Default: @@ -2306,6 +2371,7 @@ The configuration for the [Domain Join] extension. Must at least contain the ["e ### Parameter: `extensionDomainJoinPassword` Required if name is specified. Password of the user specified in user parameter. + - Required: No - Type: securestring - Default: `''` @@ -2313,6 +2379,7 @@ Required if name is specified. Password of the user specified in user parameter. ### Parameter: `extensionDSCConfig` The configuration for the [Desired State Configuration] extension. Must at least contain the ["enabled": true] property to be executed. + - Required: No - Type: object - Default: @@ -2325,6 +2392,7 @@ The configuration for the [Desired State Configuration] extension. Must at least ### Parameter: `extensionMonitoringAgentConfig` The configuration for the [Monitoring Agent] extension. Must at least contain the ["enabled": true] property to be executed. + - Required: No - Type: object - Default: @@ -2337,6 +2405,7 @@ The configuration for the [Monitoring Agent] extension. Must at least contain th ### Parameter: `extensionNetworkWatcherAgentConfig` The configuration for the [Network Watcher Agent] extension. Must at least contain the ["enabled": true] property to be executed. + - Required: No - Type: object - Default: @@ -2346,15 +2415,10 @@ The configuration for the [Network Watcher Agent] extension. Must at least conta } ``` -### Parameter: `imageReference` - -OS image reference. In case of marketplace images, it's the combination of the publisher, offer, sku, version attributes. In case of custom images it's the resource ID of the custom image. -- Required: Yes -- Type: object - ### Parameter: `licenseType` Specifies that the image or disk that is being used was licensed on-premises. This element is only used for images that contain the Windows Server operating system. + - Required: No - Type: string - Default: `''` @@ -2370,6 +2434,7 @@ Specifies that the image or disk that is being used was licensed on-premises. Th ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -2377,26 +2442,35 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -2404,25 +2478,27 @@ Optional. Specify the name of lock. ### Parameter: `managedIdentities` The managed identity definition for this resource. The system-assigned managed identity will automatically be enabled if extensionAadJoinConfig.enabled = "True". + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | No | bool | Optional. Enables system assigned managed identity on the resource. | -| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | No | array | Optional. The resource ID(s) to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | bool | Enables system assigned managed identity on the resource. | +| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. | ### Parameter: `managedIdentities.systemAssigned` -Optional. Enables system assigned managed identity on the resource. +Enables system assigned managed identity on the resource. - Required: No - Type: bool ### Parameter: `managedIdentities.userAssignedResourceIds` -Optional. The resource ID(s) to assign to the resource. +The resource ID(s) to assign to the resource. - Required: No - Type: array @@ -2430,6 +2506,7 @@ Optional. The resource ID(s) to assign to the resource. ### Parameter: `maxPriceForLowPriorityVm` Specifies the maximum price you are willing to pay for a low priority VM/VMSS. This price is in US Dollars. + - Required: No - Type: string - Default: `''` @@ -2437,6 +2514,7 @@ Specifies the maximum price you are willing to pay for a low priority VM/VMSS. T ### Parameter: `monitoringWorkspaceId` Resource ID of the monitoring log analytics workspace. Must be set when extensionMonitoringAgentConfig is set to true. + - Required: No - Type: string - Default: `''` @@ -2444,38 +2522,15 @@ Resource ID of the monitoring log analytics workspace. Must be set when extensio ### Parameter: `name` The name of the virtual machine to be created. You should use a unique prefix to reduce name collisions in Active Directory. If no value is provided, a 10 character long unique string will be generated based on the Resource Group's name. + - Required: No - Type: string - Default: `[take(toLower(uniqueString(resourceGroup().name)), 10)]` -### Parameter: `nicConfigurations` - -Configures NICs and PIPs. -- Required: Yes -- Type: array - -### Parameter: `osDisk` - -Specifies the OS disk. For security reasons, it is recommended to specify DiskEncryptionSet into the osDisk object. Restrictions: DiskEncryptionSet cannot be enabled if Azure Disk Encryption (guest-VM encryption using bitlocker/DM-Crypt) is enabled on your VMs. -- Required: Yes -- Type: object - -### Parameter: `osType` - -The chosen OS type. -- Required: Yes -- Type: string -- Allowed: - ```Bicep - [ - 'Linux' - 'Windows' - ] - ``` - ### Parameter: `patchAssessmentMode` VM guest patching assessment mode. Set it to 'AutomaticByPlatform' to enable automatically check for updates every 24 hours. + - Required: No - Type: string - Default: `'ImageDefault'` @@ -2490,6 +2545,7 @@ VM guest patching assessment mode. Set it to 'AutomaticByPlatform' to enable aut ### Parameter: `patchMode` VM guest patching orchestration mode. 'AutomaticByOS' & 'Manual' are for Windows only, 'ImageDefault' for Linux only. Refer to 'https://learn.microsoft.com/en-us/azure/virtual-machines/automatic-vm-guest-patching'. + - Required: No - Type: string - Default: `''` @@ -2507,6 +2563,7 @@ VM guest patching orchestration mode. 'AutomaticByOS' & 'Manual' are for Windows ### Parameter: `plan` Specifies information about the marketplace image used to create the virtual machine. This element is only used for marketplace images. Before you can use a marketplace image from an API, you must enable the image for programmatic use. + - Required: No - Type: object - Default: `{}` @@ -2514,6 +2571,7 @@ Specifies information about the marketplace image used to create the virtual mac ### Parameter: `priority` Specifies the priority for the virtual machine. + - Required: No - Type: string - Default: `'Regular'` @@ -2529,6 +2587,7 @@ Specifies the priority for the virtual machine. ### Parameter: `provisionVMAgent` Indicates whether virtual machine agent should be provisioned on the virtual machine. When this property is not specified in the request body, default behavior is to set it to true. This will ensure that VM Agent is installed on the VM so that extensions can be added to the VM later. + - Required: No - Type: bool - Default: `True` @@ -2536,6 +2595,7 @@ Indicates whether virtual machine agent should be provisioned on the virtual mac ### Parameter: `proximityPlacementGroupResourceId` Resource ID of a proximity placement group. + - Required: No - Type: string - Default: `''` @@ -2543,6 +2603,7 @@ Resource ID of a proximity placement group. ### Parameter: `publicKeys` The list of SSH public keys used to authenticate with linux based VMs. + - Required: No - Type: array - Default: `[]` @@ -2550,74 +2611,96 @@ The list of SSH public keys used to authenticate with linux based VMs. ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +**Optional parameters** -### Parameter: `roleAssignments.condition` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +### Parameter: `roleAssignments.principalId` -- Required: No +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `sasTokenValidityLength` SAS token validity length to use to download files from storage accounts. Usage: 'PT8H' - valid for 8 hours; 'P5D' - valid for 5 days; 'P1Y' - valid for 1 year. When not provided, the SAS token will be valid for 8 hours. + - Required: No - Type: string - Default: `'PT8H'` @@ -2625,6 +2708,7 @@ SAS token validity length to use to download files from storage accounts. Usage: ### Parameter: `secureBootEnabled` Specifies whether secure boot should be enabled on the virtual machine. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings. + - Required: No - Type: bool - Default: `False` @@ -2632,6 +2716,7 @@ Specifies whether secure boot should be enabled on the virtual machine. This par ### Parameter: `securityType` Specifies the SecurityType of the virtual machine. It is set as TrustedLaunch to enable UefiSettings. + - Required: No - Type: string - Default: `''` @@ -2639,12 +2724,14 @@ Specifies the SecurityType of the virtual machine. It is set as TrustedLaunch to ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object ### Parameter: `timeZone` Specifies the time zone of the virtual machine. e.g. 'Pacific Standard Time'. Possible values can be `TimeZoneInfo.id` value from time zones returned by `TimeZoneInfo.GetSystemTimeZones`. + - Required: No - Type: string - Default: `''` @@ -2652,19 +2739,15 @@ Specifies the time zone of the virtual machine. e.g. 'Pacific Standard Time'. Po ### Parameter: `ultraSSDEnabled` The flag that enables or disables a capability to have one or more managed data disks with UltraSSD_LRS storage account type on the VM or VMSS. Managed disks with storage account type UltraSSD_LRS can be added to a virtual machine or virtual machine scale set only if this property is enabled. + - Required: No - Type: bool - Default: `False` -### Parameter: `vmSize` - -Specifies the size for the VMs. -- Required: Yes -- Type: string - ### Parameter: `vTpmEnabled` Specifies whether vTPM should be enabled on the virtual machine. This parameter is part of the UefiSettings. SecurityType should be set to TrustedLaunch to enable UefiSettings. + - Required: No - Type: bool - Default: `False` @@ -2672,10 +2755,19 @@ Specifies whether vTPM should be enabled on the virtual machine. This parameter ### Parameter: `winRM` Specifies the Windows Remote Management listeners. This enables remote Windows PowerShell. - WinRMConfiguration object. + - Required: No - Type: object - Default: `{}` +### Parameter: `baseTime` + +Do not provide a value! This date value is used to generate a registration token. + +- Required: No +- Type: string +- Default: `[utcNow('u')]` + ## Outputs diff --git a/modules/compute/virtual-machine/extension/README.md b/modules/compute/virtual-machine/extension/README.md index 447f83aed0..324ebc8179 100644 --- a/modules/compute/virtual-machine/extension/README.md +++ b/modules/compute/virtual-machine/extension/README.md @@ -49,18 +49,56 @@ This module deploys a Virtual Machine Extension. ### Parameter: `autoUpgradeMinorVersion` Indicates whether the extension should use a newer minor version if one is available at deployment time. Once deployed, however, the extension will not upgrade minor versions unless redeployed, even with this property set to true. + - Required: Yes - Type: bool ### Parameter: `enableAutomaticUpgrade` Indicates whether the extension should be automatically upgraded by the platform if there is a newer version of the extension available. + - Required: Yes - Type: bool +### Parameter: `name` + +The name of the virtual machine extension. + +- Required: Yes +- Type: string + +### Parameter: `publisher` + +The name of the extension handler publisher. + +- Required: Yes +- Type: string + +### Parameter: `type` + +Specifies the type of the extension; an example is "CustomScriptExtension". + +- Required: Yes +- Type: string + +### Parameter: `typeHandlerVersion` + +Specifies the version of the script handler. + +- Required: Yes +- Type: string + +### Parameter: `virtualMachineName` + +The name of the parent virtual machine that extension is provisioned for. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -68,6 +106,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `forceUpdateTag` How the extension handler should be forced to update even if the extension configuration has not changed. + - Required: No - Type: string - Default: `''` @@ -75,32 +114,23 @@ How the extension handler should be forced to update even if the extension confi ### Parameter: `location` The location the extension is deployed to. + - Required: No - Type: string - Default: `[resourceGroup().location]` -### Parameter: `name` - -The name of the virtual machine extension. -- Required: Yes -- Type: string - ### Parameter: `protectedSettings` Any object that contains the extension specific protected settings. + - Required: No - Type: secureObject - Default: `{}` -### Parameter: `publisher` - -The name of the extension handler publisher. -- Required: Yes -- Type: string - ### Parameter: `settings` Any object that contains the extension specific settings. + - Required: No - Type: object - Default: `{}` @@ -108,6 +138,7 @@ Any object that contains the extension specific settings. ### Parameter: `supressFailures` Indicates whether failures stemming from the extension will be suppressed (Operational failures such as not connecting to the VM will not be suppressed regardless of this value). The default is false. + - Required: No - Type: bool - Default: `False` @@ -115,27 +146,10 @@ Indicates whether failures stemming from the extension will be suppressed (Opera ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object -### Parameter: `type` - -Specifies the type of the extension; an example is "CustomScriptExtension". -- Required: Yes -- Type: string - -### Parameter: `typeHandlerVersion` - -Specifies the version of the script handler. -- Required: Yes -- Type: string - -### Parameter: `virtualMachineName` - -The name of the parent virtual machine that extension is provisioned for. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/consumption/budget/README.md b/modules/consumption/budget/README.md index 748abdf07f..27a7dbedeb 100644 --- a/modules/consumption/budget/README.md +++ b/modules/consumption/budget/README.md @@ -270,36 +270,32 @@ module budget 'br:bicep/modules/consumption.budget:1.0.0' = { | [`startDate`](#parameter-startdate) | string | The start date for the budget. Start date should be the first day of the month and cannot be in the past (except for the current month). | | [`thresholds`](#parameter-thresholds) | array | Percent thresholds of budget for when to get a notification. Can be up to 5 thresholds, where each must be between 1 and 1000. | -### Parameter: `actionGroups` - -List of action group resource IDs that will receive the alert. Required if neither `contactEmails` nor `contactEmails` was provided. -- Required: No -- Type: array -- Default: `[]` - ### Parameter: `amount` The total amount of cost or usage to track with the budget. + - Required: Yes - Type: int -### Parameter: `category` +### Parameter: `name` -The category of the budget, whether the budget tracks cost or usage. -- Required: No +The name of the budget. + +- Required: Yes - Type: string -- Default: `'Cost'` -- Allowed: - ```Bicep - [ - 'Cost' - 'Usage' - ] - ``` + +### Parameter: `actionGroups` + +List of action group resource IDs that will receive the alert. Required if neither `contactEmails` nor `contactEmails` was provided. + +- Required: No +- Type: array +- Default: `[]` ### Parameter: `contactEmails` The list of email addresses to send the budget notification to when the thresholds are exceeded. Required if neither `contactRoles` nor `actionGroups` was provided. + - Required: No - Type: array - Default: `[]` @@ -307,13 +303,30 @@ The list of email addresses to send the budget notification to when the threshol ### Parameter: `contactRoles` The list of contact roles to send the budget notification to when the thresholds are exceeded. Required if neither `contactEmails` nor `actionGroups` was provided. + - Required: No - Type: array - Default: `[]` +### Parameter: `category` + +The category of the budget, whether the budget tracks cost or usage. + +- Required: No +- Type: string +- Default: `'Cost'` +- Allowed: + ```Bicep + [ + 'Cost' + 'Usage' + ] + ``` + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -321,6 +334,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `endDate` The end date for the budget. If not provided, it will default to 10 years from the start date. + - Required: No - Type: string - Default: `''` @@ -328,19 +342,15 @@ The end date for the budget. If not provided, it will default to 10 years from t ### Parameter: `location` Location deployment metadata. + - Required: No - Type: string - Default: `[deployment().location]` -### Parameter: `name` - -The name of the budget. -- Required: Yes -- Type: string - ### Parameter: `resetPeriod` The time covered by a budget. Tracking of the amount will be reset based on the time grain. BillingMonth, BillingQuarter, and BillingAnnual are only supported by WD customers. + - Required: No - Type: string - Default: `'Monthly'` @@ -359,6 +369,7 @@ The time covered by a budget. Tracking of the amount will be reset based on the ### Parameter: `startDate` The start date for the budget. Start date should be the first day of the month and cannot be in the past (except for the current month). + - Required: No - Type: string - Default: `[format('{0}-{1}-01T00:00:00Z', utcNow('yyyy'), utcNow('MM'))]` @@ -366,6 +377,7 @@ The start date for the budget. Start date should be the first day of the month a ### Parameter: `thresholds` Percent thresholds of budget for when to get a notification. Can be up to 5 thresholds, where each must be between 1 and 1000. + - Required: No - Type: array - Default: diff --git a/modules/container-instance/container-group/README.md b/modules/container-instance/container-group/README.md index 7c696de967..8e0da9832e 100644 --- a/modules/container-instance/container-group/README.md +++ b/modules/container-instance/container-group/README.md @@ -1023,9 +1023,32 @@ module containerGroup 'br:bicep/modules/container-instance.container-group:1.0.0 | [`tags`](#parameter-tags) | object | Tags of the resource. | | [`volumes`](#parameter-volumes) | array | Specify if volumes (emptyDir, AzureFileShare or GitRepo) shall be attached to your containergroup. | +### Parameter: `containers` + +The containers and their respective config within the container group. + +- Required: Yes +- Type: array + +### Parameter: `name` + +Name for the container group. + +- Required: Yes +- Type: string + +### Parameter: `ipAddressPorts` + +Ports to open on the public IP address. Must include all ports assigned on container level. Required if `ipAddressType` is set to `public`. + +- Required: No +- Type: array +- Default: `[]` + ### Parameter: `autoGeneratedDomainNameLabelScope` Specify level of protection of the domain name label. + - Required: No - Type: string - Default: `'TenantReuse'` @@ -1040,50 +1063,51 @@ Specify level of protection of the domain name label. ] ``` -### Parameter: `containers` - -The containers and their respective config within the container group. -- Required: Yes -- Type: array - ### Parameter: `customerManagedKey` The customer managed key definition. + - Required: No - Type: object +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`keyName`](#parameter-customermanagedkeykeyname) | string | The name of the customer managed key to use for encryption. | +| [`keyVaultResourceId`](#parameter-customermanagedkeykeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. | -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`keyName`](#parameter-customermanagedkeykeyname) | Yes | string | Required. The name of the customer managed key to use for encryption. | -| [`keyVaultResourceId`](#parameter-customermanagedkeykeyvaultresourceid) | Yes | string | Required. The resource ID of a key vault to reference a customer managed key for encryption from. | -| [`keyVersion`](#parameter-customermanagedkeykeyversion) | No | string | Optional. The version of the customer managed key to reference for encryption. If not provided, using 'latest'. | -| [`userAssignedIdentityResourceId`](#parameter-customermanagedkeyuserassignedidentityresourceid) | No | string | Optional. User assigned identity to use when fetching the customer managed key. Required if no system assigned identity is available for use. | +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`keyVersion`](#parameter-customermanagedkeykeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, using 'latest'. | +| [`userAssignedIdentityResourceId`](#parameter-customermanagedkeyuserassignedidentityresourceid) | string | User assigned identity to use when fetching the customer managed key. Required if no system assigned identity is available for use. | ### Parameter: `customerManagedKey.keyName` -Required. The name of the customer managed key to use for encryption. +The name of the customer managed key to use for encryption. - Required: Yes - Type: string ### Parameter: `customerManagedKey.keyVaultResourceId` -Required. The resource ID of a key vault to reference a customer managed key for encryption from. +The resource ID of a key vault to reference a customer managed key for encryption from. - Required: Yes - Type: string ### Parameter: `customerManagedKey.keyVersion` -Optional. The version of the customer managed key to reference for encryption. If not provided, using 'latest'. +The version of the customer managed key to reference for encryption. If not provided, using 'latest'. - Required: No - Type: string ### Parameter: `customerManagedKey.userAssignedIdentityResourceId` -Optional. User assigned identity to use when fetching the customer managed key. Required if no system assigned identity is available for use. +User assigned identity to use when fetching the customer managed key. Required if no system assigned identity is available for use. - Required: No - Type: string @@ -1091,6 +1115,7 @@ Optional. User assigned identity to use when fetching the customer managed key. ### Parameter: `dnsNameLabel` The Dns name label for the resource. + - Required: No - Type: string - Default: `''` @@ -1098,6 +1123,7 @@ The Dns name label for the resource. ### Parameter: `dnsNameServers` List of dns servers used by the containers for lookups. + - Required: No - Type: array - Default: `[]` @@ -1105,6 +1131,7 @@ List of dns servers used by the containers for lookups. ### Parameter: `dnsSearchDomains` DNS search domain which will be appended to each DNS lookup. + - Required: No - Type: string - Default: `''` @@ -1112,6 +1139,7 @@ DNS search domain which will be appended to each DNS lookup. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -1119,6 +1147,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `imageRegistryCredentials` The image registry credentials by which the container group is created from. + - Required: No - Type: array - Default: `[]` @@ -1126,13 +1155,7 @@ The image registry credentials by which the container group is created from. ### Parameter: `initContainers` A list of container definitions which will be executed before the application container starts. -- Required: No -- Type: array -- Default: `[]` - -### Parameter: `ipAddressPorts` -Ports to open on the public IP address. Must include all ports assigned on container level. Required if `ipAddressType` is set to `public`. - Required: No - Type: array - Default: `[]` @@ -1140,6 +1163,7 @@ Ports to open on the public IP address. Must include all ports assigned on conta ### Parameter: `ipAddressType` Specifies if the IP is exposed to the public internet or private VNET. - Public or Private. + - Required: No - Type: string - Default: `'Public'` @@ -1154,6 +1178,7 @@ Specifies if the IP is exposed to the public internet or private VNET. - Public ### Parameter: `location` Location for all Resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -1161,26 +1186,35 @@ Location for all Resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -1188,38 +1222,35 @@ Optional. Specify the name of lock. ### Parameter: `managedIdentities` The managed identity definition for this resource. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | No | bool | Optional. Enables system assigned managed identity on the resource. | -| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | No | array | Optional. The resource ID(s) to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | bool | Enables system assigned managed identity on the resource. | +| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. | ### Parameter: `managedIdentities.systemAssigned` -Optional. Enables system assigned managed identity on the resource. +Enables system assigned managed identity on the resource. - Required: No - Type: bool ### Parameter: `managedIdentities.userAssignedResourceIds` -Optional. The resource ID(s) to assign to the resource. +The resource ID(s) to assign to the resource. - Required: No - Type: array -### Parameter: `name` - -Name for the container group. -- Required: Yes -- Type: string - ### Parameter: `osType` The operating system type required by the containers in the container group. - Windows or Linux. + - Required: No - Type: string - Default: `'Linux'` @@ -1227,6 +1258,7 @@ The operating system type required by the containers in the container group. - W ### Parameter: `restartPolicy` Restart policy for all containers within the container group. - Always: Always restart. OnFailure: Restart on failure. Never: Never restart. - Always, OnFailure, Never. + - Required: No - Type: string - Default: `'Always'` @@ -1242,6 +1274,7 @@ Restart policy for all containers within the container group. - Always: Always r ### Parameter: `sku` The container group SKU. + - Required: No - Type: string - Default: `'Standard'` @@ -1256,6 +1289,7 @@ The container group SKU. ### Parameter: `subnetId` Resource ID of the subnet. Only specify when ipAddressType is Private. + - Required: No - Type: string - Default: `''` @@ -1263,12 +1297,14 @@ Resource ID of the subnet. Only specify when ipAddressType is Private. ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object ### Parameter: `volumes` Specify if volumes (emptyDir, AzureFileShare or GitRepo) shall be attached to your containergroup. + - Required: No - Type: array - Default: `[]` diff --git a/modules/container-registry/registry/README.md b/modules/container-registry/registry/README.md index 546708177b..51f807006c 100644 --- a/modules/container-registry/registry/README.md +++ b/modules/container-registry/registry/README.md @@ -823,9 +823,17 @@ module registry 'br:bicep/modules/container-registry.registry:1.0.0' = { | [`webhooks`](#parameter-webhooks) | array | All webhooks to create. | | [`zoneRedundancy`](#parameter-zoneredundancy) | string | Whether or not zone redundancy is enabled for this container registry. | +### Parameter: `name` + +Name of your Azure container registry. + +- Required: Yes +- Type: string + ### Parameter: `acrAdminUserEnabled` Enable admin user that have push / pull permission to the registry. + - Required: No - Type: bool - Default: `False` @@ -833,6 +841,7 @@ Enable admin user that have push / pull permission to the registry. ### Parameter: `acrSku` Tier of your Azure container registry. + - Required: No - Type: string - Default: `'Basic'` @@ -848,6 +857,7 @@ Tier of your Azure container registry. ### Parameter: `anonymousPullEnabled` Enables registry-wide pull from unauthenticated clients. It's in preview and available in the Standard and Premium service tiers. + - Required: No - Type: bool - Default: `False` @@ -855,6 +865,7 @@ Enables registry-wide pull from unauthenticated clients. It's in preview and ava ### Parameter: `azureADAuthenticationAsArmPolicyStatus` The value that indicates whether the policy for using ARM audience token for a container registr is enabled or not. Default is enabled. + - Required: No - Type: string - Default: `'enabled'` @@ -869,6 +880,7 @@ The value that indicates whether the policy for using ARM audience token for a c ### Parameter: `cacheRules` Array of Cache Rules. Note: This is a preview feature ([ref](https://learn.microsoft.com/en-us/azure/container-registry/tutorial-registry-cache#cache-for-acr-preview)). + - Required: No - Type: array - Default: `[]` @@ -876,41 +888,48 @@ Array of Cache Rules. Note: This is a preview feature ([ref](https://learn.micro ### Parameter: `customerManagedKey` The customer managed key definition. + - Required: No - Type: object +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`keyName`](#parameter-customermanagedkeykeyname) | string | The name of the customer managed key to use for encryption. | +| [`keyVaultResourceId`](#parameter-customermanagedkeykeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. | + +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`keyName`](#parameter-customermanagedkeykeyname) | Yes | string | Required. The name of the customer managed key to use for encryption. | -| [`keyVaultResourceId`](#parameter-customermanagedkeykeyvaultresourceid) | Yes | string | Required. The resource ID of a key vault to reference a customer managed key for encryption from. | -| [`keyVersion`](#parameter-customermanagedkeykeyversion) | No | string | Optional. The version of the customer managed key to reference for encryption. If not provided, using 'latest'. | -| [`userAssignedIdentityResourceId`](#parameter-customermanagedkeyuserassignedidentityresourceid) | No | string | Optional. User assigned identity to use when fetching the customer managed key. Required if no system assigned identity is available for use. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`keyVersion`](#parameter-customermanagedkeykeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, using 'latest'. | +| [`userAssignedIdentityResourceId`](#parameter-customermanagedkeyuserassignedidentityresourceid) | string | User assigned identity to use when fetching the customer managed key. Required if no system assigned identity is available for use. | ### Parameter: `customerManagedKey.keyName` -Required. The name of the customer managed key to use for encryption. +The name of the customer managed key to use for encryption. - Required: Yes - Type: string ### Parameter: `customerManagedKey.keyVaultResourceId` -Required. The resource ID of a key vault to reference a customer managed key for encryption from. +The resource ID of a key vault to reference a customer managed key for encryption from. - Required: Yes - Type: string ### Parameter: `customerManagedKey.keyVersion` -Optional. The version of the customer managed key to reference for encryption. If not provided, using 'latest'. +The version of the customer managed key to reference for encryption. If not provided, using 'latest'. - Required: No - Type: string ### Parameter: `customerManagedKey.userAssignedIdentityResourceId` -Optional. User assigned identity to use when fetching the customer managed key. Required if no system assigned identity is available for use. +User assigned identity to use when fetching the customer managed key. Required if no system assigned identity is available for use. - Required: No - Type: string @@ -918,6 +937,7 @@ Optional. User assigned identity to use when fetching the customer managed key. ### Parameter: `dataEndpointEnabled` Enable a single data endpoint per region for serving data. Not relevant in case of disabled public access. Note, requires the 'acrSku' to be 'Premium'. + - Required: No - Type: bool - Default: `False` @@ -925,114 +945,90 @@ Enable a single data endpoint per region for serving data. Not relevant in case ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.metricCategories` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | - -### Parameter: `diagnosticSettings.metricCategories.category` - -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. - -- Required: Yes -- Type: string - - ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -1040,6 +1036,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -1047,6 +1044,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `exportPolicyStatus` The value that indicates whether the export policy is enabled or not. + - Required: No - Type: string - Default: `'disabled'` @@ -1061,6 +1059,7 @@ The value that indicates whether the export policy is enabled or not. ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -1068,26 +1067,35 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -1095,38 +1103,35 @@ Optional. Specify the name of lock. ### Parameter: `managedIdentities` The managed identity definition for this resource. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | No | bool | Optional. Enables system assigned managed identity on the resource. | -| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | No | array | Optional. The resource ID(s) to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | bool | Enables system assigned managed identity on the resource. | +| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. | ### Parameter: `managedIdentities.systemAssigned` -Optional. Enables system assigned managed identity on the resource. +Enables system assigned managed identity on the resource. - Required: No - Type: bool ### Parameter: `managedIdentities.userAssignedResourceIds` -Optional. The resource ID(s) to assign to the resource. +The resource ID(s) to assign to the resource. - Required: No - Type: array -### Parameter: `name` - -Name of your Azure container registry. -- Required: Yes -- Type: string - ### Parameter: `networkRuleBypassOptions` Whether to allow trusted Azure services to access a network restricted registry. + - Required: No - Type: string - Default: `'AzureServices'` @@ -1141,6 +1146,7 @@ Whether to allow trusted Azure services to access a network restricted registry. ### Parameter: `networkRuleSetDefaultAction` The default action of allow or deny when no other rules match. + - Required: No - Type: string - Default: `'Deny'` @@ -1155,6 +1161,7 @@ The default action of allow or deny when no other rules match. ### Parameter: `networkRuleSetIpRules` The IP ACL rules. Note, requires the 'acrSku' to be 'Premium'. + - Required: No - Type: array - Default: `[]` @@ -1162,197 +1169,247 @@ The IP ACL rules. Note, requires the 'acrSku' to be 'Premium'. ### Parameter: `privateEndpoints` Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Note, requires the 'acrSku' to be 'Premium'. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | No | array | Optional. Application security groups in which the private endpoint IP configuration is included. | -| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | No | array | Optional. Custom DNS configurations. | -| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | No | string | Optional. The custom name of the network interface attached to the private endpoint. | -| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | No | bool | Optional. Enable/Disable usage telemetry for module. | -| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | No | array | Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | -| [`location`](#parameter-privateendpointslocation) | No | string | Optional. The location to deploy the private endpoint to. | -| [`lock`](#parameter-privateendpointslock) | No | object | Optional. Specify the type of lock. | -| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | No | array | Optional. Manual PrivateLink Service Connections. | -| [`name`](#parameter-privateendpointsname) | No | string | Optional. The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | No | string | Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | -| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | No | array | Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | -| [`roleAssignments`](#parameter-privateendpointsroleassignments) | No | array | Optional. Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | No | string | Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | -| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | Yes | string | Required. Resource ID of the subnet where the endpoint needs to be created. | -| [`tags`](#parameter-privateendpointstags) | No | object | Optional. Tags to be applied on all resources/resource groups in this deployment. | - -### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` - -Optional. Application security groups in which the private endpoint IP configuration is included. +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | string | Resource ID of the subnet where the endpoint needs to be created. | -- Required: No -- Type: array +**Optional parameters** -### Parameter: `privateEndpoints.customDnsConfigs` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | array | Application security groups in which the private endpoint IP configuration is included. | +| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | array | Custom DNS configurations. | +| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | +| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | +| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | +| [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | +| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | +| [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | +| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | +| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | +| [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | +| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | +| [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | -Optional. Custom DNS configurations. +### Parameter: `privateEndpoints.subnetResourceId` -- Required: No -- Type: array +Resource ID of the subnet where the endpoint needs to be created. -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | No | string | Required. Fqdn that resolves to private endpoint ip address. | -| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | Yes | array | Required. A list of private ip addresses of the private endpoint. | +- Required: Yes +- Type: string -### Parameter: `privateEndpoints.customDnsConfigs.fqdn` +### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` -Required. Fqdn that resolves to private endpoint ip address. +Application security groups in which the private endpoint IP configuration is included. - Required: No -- Type: string +- Type: array -### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` +### Parameter: `privateEndpoints.customDnsConfigs` -Required. A list of private ip addresses of the private endpoint. +Custom DNS configurations. -- Required: Yes +- Required: No - Type: array - ### Parameter: `privateEndpoints.customNetworkInterfaceName` -Optional. The custom name of the network interface attached to the private endpoint. +The custom name of the network interface attached to the private endpoint. - Required: No - Type: string ### Parameter: `privateEndpoints.enableTelemetry` -Optional. Enable/Disable usage telemetry for module. +Enable/Disable usage telemetry for module. - Required: No - Type: bool ### Parameter: `privateEndpoints.ipConfigurations` -Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. +A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`name`](#parameter-privateendpointsipconfigurationsname) | Yes | string | Required. The name of the resource that is unique within a resource group. | -| [`properties`](#parameter-privateendpointsipconfigurationsproperties) | Yes | object | Required. Properties of private endpoint IP configurations. | - -### Parameter: `privateEndpoints.ipConfigurations.name` +### Parameter: `privateEndpoints.location` -Required. The name of the resource that is unique within a resource group. +The location to deploy the private endpoint to. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties` +### Parameter: `privateEndpoints.lock` -Required. Properties of private endpoint IP configurations. +Specify the type of lock. -- Required: Yes +- Required: No - Type: object -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | Yes | string | Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. | -| [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | Yes | string | Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. | -| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | Yes | string | Required. A private ip address obtained from the private endpoint's subnet. | +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-privateendpointslockkind) | string | Specify the type of lock. | +| [`name`](#parameter-privateendpointslockname) | string | Specify the name of lock. | -### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` +### Parameter: `privateEndpoints.lock.kind` -Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. +Specify the type of lock. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` -### Parameter: `privateEndpoints.ipConfigurations.properties.memberName` +### Parameter: `privateEndpoints.lock.name` -Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. +Specify the name of lock. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` +### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` -Required. A private ip address obtained from the private endpoint's subnet. +Manual PrivateLink Service Connections. -- Required: Yes -- Type: string +- Required: No +- Type: array +### Parameter: `privateEndpoints.name` +The name of the private endpoint. -### Parameter: `privateEndpoints.location` +- Required: No +- Type: string + +### Parameter: `privateEndpoints.privateDnsZoneGroupName` -Optional. The location to deploy the private endpoint to. +The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. - Required: No - Type: string -### Parameter: `privateEndpoints.lock` +### Parameter: `privateEndpoints.privateDnsZoneResourceIds` -Optional. Specify the type of lock. +The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. - Required: No -- Type: object +- Type: array -### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` +### Parameter: `privateEndpoints.roleAssignments` -Optional. Manual PrivateLink Service Connections. +Array of role assignments to create. - Required: No - Type: array -### Parameter: `privateEndpoints.name` +**Required parameters** -Optional. The name of the private endpoint. +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-privateendpointsroleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-privateendpointsroleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-privateendpointsroleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-privateendpointsroleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-privateendpointsroleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-privateendpointsroleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-privateendpointsroleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | + +### Parameter: `privateEndpoints.roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.roleAssignments.roleDefinitionIdOrName` + +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.roleAssignments.condition` + +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `privateEndpoints.privateDnsZoneGroupName` +### Parameter: `privateEndpoints.roleAssignments.conditionVersion` -Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `privateEndpoints.privateDnsZoneResourceIds` +### Parameter: `privateEndpoints.roleAssignments.delegatedManagedIdentityResourceId` -Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. +The Resource Id of the delegated managed identity resource. - Required: No -- Type: array +- Type: string -### Parameter: `privateEndpoints.roleAssignments` +### Parameter: `privateEndpoints.roleAssignments.description` -Optional. Array of role assignments to create. +The description of the role assignment. - Required: No -- Type: array +- Type: string -### Parameter: `privateEndpoints.service` +### Parameter: `privateEndpoints.roleAssignments.principalType` -Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". +The principal type of the assigned principal ID. - Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` -### Parameter: `privateEndpoints.subnetResourceId` +### Parameter: `privateEndpoints.service` -Required. Resource ID of the subnet where the endpoint needs to be created. +The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". -- Required: Yes +- Required: No - Type: string ### Parameter: `privateEndpoints.tags` -Optional. Tags to be applied on all resources/resource groups in this deployment. +Tags to be applied on all resources/resource groups in this deployment. - Required: No - Type: object @@ -1360,6 +1417,7 @@ Optional. Tags to be applied on all resources/resource groups in this deployment ### Parameter: `publicNetworkAccess` Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and networkRuleSetIpRules are not set. Note, requires the 'acrSku' to be 'Premium'. + - Required: No - Type: string - Default: `''` @@ -1375,6 +1433,7 @@ Whether or not public network access is allowed for this resource. For security ### Parameter: `quarantinePolicyStatus` The value that indicates whether the quarantine policy is enabled or not. + - Required: No - Type: string - Default: `'disabled'` @@ -1389,6 +1448,7 @@ The value that indicates whether the quarantine policy is enabled or not. ### Parameter: `replications` All replications to create. + - Required: No - Type: array - Default: `[]` @@ -1396,6 +1456,7 @@ All replications to create. ### Parameter: `retentionPolicyDays` The number of days to retain an untagged manifest after which it gets purged. + - Required: No - Type: int - Default: `15` @@ -1403,6 +1464,7 @@ The number of days to retain an untagged manifest after which it gets purged. ### Parameter: `retentionPolicyStatus` The value that indicates whether the retention policy is enabled or not. + - Required: No - Type: string - Default: `'enabled'` @@ -1417,74 +1479,96 @@ The value that indicates whether the retention policy is enabled or not. ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `softDeletePolicyDays` The number of days after which a soft-deleted item is permanently deleted. + - Required: No - Type: int - Default: `7` @@ -1492,6 +1576,7 @@ The number of days after which a soft-deleted item is permanently deleted. ### Parameter: `softDeletePolicyStatus` Soft Delete policy status. Default is disabled. + - Required: No - Type: string - Default: `'disabled'` @@ -1506,12 +1591,14 @@ Soft Delete policy status. Default is disabled. ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object ### Parameter: `trustPolicyStatus` The value that indicates whether the trust policy is enabled or not. + - Required: No - Type: string - Default: `'disabled'` @@ -1526,6 +1613,7 @@ The value that indicates whether the trust policy is enabled or not. ### Parameter: `webhooks` All webhooks to create. + - Required: No - Type: array - Default: `[]` @@ -1533,6 +1621,7 @@ All webhooks to create. ### Parameter: `zoneRedundancy` Whether or not zone redundancy is enabled for this container registry. + - Required: No - Type: string - Default: `'Disabled'` diff --git a/modules/container-registry/registry/cache-rules/README.md b/modules/container-registry/registry/cache-rules/README.md index 75303e848b..9e9dd03dda 100644 --- a/modules/container-registry/registry/cache-rules/README.md +++ b/modules/container-registry/registry/cache-rules/README.md @@ -33,9 +33,24 @@ Cache for Azure Container Registry (Preview) feature allows users to cache conta | [`name`](#parameter-name) | string | The name of the cache rule. Will be dereived from the source repository name if not defined. | | [`targetRepository`](#parameter-targetrepository) | string | Target repository specified in docker pull command. E.g.: docker pull myregistry.azurecr.io/{targetRepository}:{tag}. | +### Parameter: `registryName` + +The name of the parent registry. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + +### Parameter: `sourceRepository` + +Source repository pulled from upstream. + +- Required: Yes +- Type: string + ### Parameter: `credentialSetResourceId` The resource ID of the credential store which is associated with the cache rule. + - Required: No - Type: string - Default: `''` @@ -43,6 +58,7 @@ The resource ID of the credential store which is associated with the cache rule. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -50,25 +66,15 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `name` The name of the cache rule. Will be dereived from the source repository name if not defined. + - Required: No - Type: string - Default: `[replace(replace(parameters('sourceRepository'), '/', '-'), '.', '-')]` -### Parameter: `registryName` - -The name of the parent registry. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - -### Parameter: `sourceRepository` - -Source repository pulled from upstream. -- Required: Yes -- Type: string - ### Parameter: `targetRepository` Target repository specified in docker pull command. E.g.: docker pull myregistry.azurecr.io/{targetRepository}:{tag}. + - Required: No - Type: string - Default: `[parameters('sourceRepository')]` diff --git a/modules/container-registry/registry/replication/README.md b/modules/container-registry/registry/replication/README.md index 1dbe5d559c..6f7f21c1f1 100644 --- a/modules/container-registry/registry/replication/README.md +++ b/modules/container-registry/registry/replication/README.md @@ -39,9 +39,24 @@ This module deploys an Azure Container Registry (ACR) Replication. | [`tags`](#parameter-tags) | object | Tags of the resource. | | [`zoneRedundancy`](#parameter-zoneredundancy) | string | Whether or not zone redundancy is enabled for this container registry. | +### Parameter: `name` + +The name of the replication. + +- Required: Yes +- Type: string + +### Parameter: `registryName` + +The name of the parent registry. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -49,38 +64,30 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` -### Parameter: `name` - -The name of the replication. -- Required: Yes -- Type: string - ### Parameter: `regionEndpointEnabled` Specifies whether the replication regional endpoint is enabled. Requests will not be routed to a replication whose regional endpoint is disabled, however its data will continue to be synced with other replications. + - Required: No - Type: bool - Default: `True` -### Parameter: `registryName` - -The name of the parent registry. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object ### Parameter: `zoneRedundancy` Whether or not zone redundancy is enabled for this container registry. + - Required: No - Type: string - Default: `'Disabled'` diff --git a/modules/container-registry/registry/webhook/README.md b/modules/container-registry/registry/webhook/README.md index 380e28389e..55b48b3f3e 100644 --- a/modules/container-registry/registry/webhook/README.md +++ b/modules/container-registry/registry/webhook/README.md @@ -42,9 +42,24 @@ This module deploys an Azure Container Registry (ACR) Webhook. | [`status`](#parameter-status) | string | The status of the webhook at the time the operation was called. | | [`tags`](#parameter-tags) | object | Tags of the resource. | +### Parameter: `serviceUri` + +The service URI for the webhook to post notifications. + +- Required: Yes +- Type: string + +### Parameter: `registryName` + +The name of the parent registry. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `action` The list of actions that trigger the webhook to post notifications. + - Required: No - Type: array - Default: @@ -61,6 +76,7 @@ The list of actions that trigger the webhook to post notifications. ### Parameter: `customHeaders` Custom headers that will be added to the webhook notifications. + - Required: No - Type: object - Default: `{}` @@ -68,6 +84,7 @@ Custom headers that will be added to the webhook notifications. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -75,6 +92,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -82,32 +100,23 @@ Location for all resources. ### Parameter: `name` The name of the registry webhook. + - Required: No - Type: string - Default: `[format('{0}webhook', parameters('registryName'))]` -### Parameter: `registryName` - -The name of the parent registry. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `scope` The scope of repositories where the event can be triggered. For example, 'foo:*' means events for all tags under repository 'foo'. 'foo:bar' means events for 'foo:bar' only. 'foo' is equivalent to 'foo:latest'. Empty means all events. + - Required: No - Type: string - Default: `''` -### Parameter: `serviceUri` - -The service URI for the webhook to post notifications. -- Required: Yes -- Type: string - ### Parameter: `status` The status of the webhook at the time the operation was called. + - Required: No - Type: string - Default: `'enabled'` @@ -122,6 +131,7 @@ The status of the webhook at the time the operation was called. ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object diff --git a/modules/container-service/managed-cluster/README.md b/modules/container-service/managed-cluster/README.md index dd804e181f..0b88e6a7b3 100644 --- a/modules/container-service/managed-cluster/README.md +++ b/modules/container-service/managed-cluster/README.md @@ -1278,9 +1278,40 @@ module managedCluster 'br:bicep/modules/container-service.managed-cluster:1.0.0' | [`tags`](#parameter-tags) | object | Tags of the resource. | | [`webApplicationRoutingEnabled`](#parameter-webapplicationroutingenabled) | bool | Specifies whether the webApplicationRoutingEnabled add-on is enabled or not. | +### Parameter: `name` + +Specifies the name of the AKS cluster. + +- Required: Yes +- Type: string + +### Parameter: `primaryAgentPoolProfile` + +Properties of the primary agent pool. + +- Required: Yes +- Type: array + +### Parameter: `aksServicePrincipalProfile` + +Information about a service principal identity for the cluster to use for manipulating Azure APIs. Required if no managed identities are assigned to the cluster. + +- Required: No +- Type: object +- Default: `{}` + +### Parameter: `appGatewayResourceId` + +Specifies the resource ID of connected application gateway. Required if `ingressApplicationGatewayEnabled` is set to `true`. + +- Required: No +- Type: string +- Default: `''` + ### Parameter: `aadProfileAdminGroupObjectIDs` Specifies the AAD group object IDs that will have admin role of the cluster. + - Required: No - Type: array - Default: `[]` @@ -1288,6 +1319,7 @@ Specifies the AAD group object IDs that will have admin role of the cluster. ### Parameter: `aadProfileClientAppID` The client AAD application ID. + - Required: No - Type: string - Default: `''` @@ -1295,6 +1327,7 @@ The client AAD application ID. ### Parameter: `aadProfileEnableAzureRBAC` Specifies whether to enable Azure RBAC for Kubernetes authorization. + - Required: No - Type: bool - Default: `[parameters('enableRBAC')]` @@ -1302,6 +1335,7 @@ Specifies whether to enable Azure RBAC for Kubernetes authorization. ### Parameter: `aadProfileManaged` Specifies whether to enable managed AAD integration. + - Required: No - Type: bool - Default: `True` @@ -1309,6 +1343,7 @@ Specifies whether to enable managed AAD integration. ### Parameter: `aadProfileServerAppID` The server AAD application ID. + - Required: No - Type: string - Default: `''` @@ -1316,6 +1351,7 @@ The server AAD application ID. ### Parameter: `aadProfileServerAppSecret` The server AAD application secret. + - Required: No - Type: string - Default: `''` @@ -1323,6 +1359,7 @@ The server AAD application secret. ### Parameter: `aadProfileTenantId` Specifies the tenant ID of the Azure Active Directory used by the AKS cluster for authentication. + - Required: No - Type: string - Default: `[subscription().tenantId]` @@ -1330,6 +1367,7 @@ Specifies the tenant ID of the Azure Active Directory used by the AKS cluster fo ### Parameter: `aciConnectorLinuxEnabled` Specifies whether the aciConnectorLinux add-on is enabled or not. + - Required: No - Type: bool - Default: `False` @@ -1337,6 +1375,7 @@ Specifies whether the aciConnectorLinux add-on is enabled or not. ### Parameter: `adminUsername` Specifies the administrator username of Linux virtual machines. + - Required: No - Type: string - Default: `'azureuser'` @@ -1344,27 +1383,15 @@ Specifies the administrator username of Linux virtual machines. ### Parameter: `agentPools` Define one or more secondary/additional agent pools. + - Required: No - Type: array - Default: `[]` -### Parameter: `aksServicePrincipalProfile` - -Information about a service principal identity for the cluster to use for manipulating Azure APIs. Required if no managed identities are assigned to the cluster. -- Required: No -- Type: object -- Default: `{}` - -### Parameter: `appGatewayResourceId` - -Specifies the resource ID of connected application gateway. Required if `ingressApplicationGatewayEnabled` is set to `true`. -- Required: No -- Type: string -- Default: `''` - ### Parameter: `authorizedIPRanges` IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is not compatible with clusters that use Public IP Per Node, or clusters that are using a Basic Load Balancer. + - Required: No - Type: array - Default: `[]` @@ -1372,6 +1399,7 @@ IP ranges are specified in CIDR format, e.g. 137.117.106.88/29. This feature is ### Parameter: `autoScalerProfileBalanceSimilarNodeGroups` Specifies the balance of similar node groups for the auto-scaler of the AKS cluster. + - Required: No - Type: string - Default: `'false'` @@ -1386,6 +1414,7 @@ Specifies the balance of similar node groups for the auto-scaler of the AKS clus ### Parameter: `autoScalerProfileExpander` Specifies the expand strategy for the auto-scaler of the AKS cluster. + - Required: No - Type: string - Default: `'random'` @@ -1402,6 +1431,7 @@ Specifies the expand strategy for the auto-scaler of the AKS cluster. ### Parameter: `autoScalerProfileMaxEmptyBulkDelete` Specifies the maximum empty bulk delete for the auto-scaler of the AKS cluster. + - Required: No - Type: string - Default: `'10'` @@ -1409,6 +1439,7 @@ Specifies the maximum empty bulk delete for the auto-scaler of the AKS cluster. ### Parameter: `autoScalerProfileMaxGracefulTerminationSec` Specifies the max graceful termination time interval in seconds for the auto-scaler of the AKS cluster. + - Required: No - Type: string - Default: `'600'` @@ -1416,6 +1447,7 @@ Specifies the max graceful termination time interval in seconds for the auto-sca ### Parameter: `autoScalerProfileMaxNodeProvisionTime` Specifies the maximum node provisioning time for the auto-scaler of the AKS cluster. Values must be an integer followed by an "m". No unit of time other than minutes (m) is supported. + - Required: No - Type: string - Default: `'15m'` @@ -1423,6 +1455,7 @@ Specifies the maximum node provisioning time for the auto-scaler of the AKS clus ### Parameter: `autoScalerProfileMaxTotalUnreadyPercentage` Specifies the mximum total unready percentage for the auto-scaler of the AKS cluster. The maximum is 100 and the minimum is 0. + - Required: No - Type: string - Default: `'45'` @@ -1430,6 +1463,7 @@ Specifies the mximum total unready percentage for the auto-scaler of the AKS clu ### Parameter: `autoScalerProfileNewPodScaleUpDelay` For scenarios like burst/batch scale where you do not want CA to act before the kubernetes scheduler could schedule all the pods, you can tell CA to ignore unscheduled pods before they are a certain age. Values must be an integer followed by a unit ("s" for seconds, "m" for minutes, "h" for hours, etc). + - Required: No - Type: string - Default: `'0s'` @@ -1437,6 +1471,7 @@ For scenarios like burst/batch scale where you do not want CA to act before the ### Parameter: `autoScalerProfileOkTotalUnreadyCount` Specifies the OK total unready count for the auto-scaler of the AKS cluster. + - Required: No - Type: string - Default: `'3'` @@ -1444,6 +1479,7 @@ Specifies the OK total unready count for the auto-scaler of the AKS cluster. ### Parameter: `autoScalerProfileScaleDownDelayAfterAdd` Specifies the scale down delay after add of the auto-scaler of the AKS cluster. + - Required: No - Type: string - Default: `'10m'` @@ -1451,6 +1487,7 @@ Specifies the scale down delay after add of the auto-scaler of the AKS cluster. ### Parameter: `autoScalerProfileScaleDownDelayAfterDelete` Specifies the scale down delay after delete of the auto-scaler of the AKS cluster. + - Required: No - Type: string - Default: `'20s'` @@ -1458,6 +1495,7 @@ Specifies the scale down delay after delete of the auto-scaler of the AKS cluste ### Parameter: `autoScalerProfileScaleDownDelayAfterFailure` Specifies scale down delay after failure of the auto-scaler of the AKS cluster. + - Required: No - Type: string - Default: `'3m'` @@ -1465,6 +1503,7 @@ Specifies scale down delay after failure of the auto-scaler of the AKS cluster. ### Parameter: `autoScalerProfileScaleDownUnneededTime` Specifies the scale down unneeded time of the auto-scaler of the AKS cluster. + - Required: No - Type: string - Default: `'10m'` @@ -1472,6 +1511,7 @@ Specifies the scale down unneeded time of the auto-scaler of the AKS cluster. ### Parameter: `autoScalerProfileScaleDownUnreadyTime` Specifies the scale down unready time of the auto-scaler of the AKS cluster. + - Required: No - Type: string - Default: `'20m'` @@ -1479,6 +1519,7 @@ Specifies the scale down unready time of the auto-scaler of the AKS cluster. ### Parameter: `autoScalerProfileScanInterval` Specifies the scan interval of the auto-scaler of the AKS cluster. + - Required: No - Type: string - Default: `'10s'` @@ -1486,6 +1527,7 @@ Specifies the scan interval of the auto-scaler of the AKS cluster. ### Parameter: `autoScalerProfileSkipNodesWithLocalStorage` Specifies if nodes with local storage should be skipped for the auto-scaler of the AKS cluster. + - Required: No - Type: string - Default: `'true'` @@ -1500,6 +1542,7 @@ Specifies if nodes with local storage should be skipped for the auto-scaler of t ### Parameter: `autoScalerProfileSkipNodesWithSystemPods` Specifies if nodes with system pods should be skipped for the auto-scaler of the AKS cluster. + - Required: No - Type: string - Default: `'true'` @@ -1514,6 +1557,7 @@ Specifies if nodes with system pods should be skipped for the auto-scaler of the ### Parameter: `autoScalerProfileUtilizationThreshold` Specifies the utilization threshold of the auto-scaler of the AKS cluster. + - Required: No - Type: string - Default: `'0.5'` @@ -1521,6 +1565,7 @@ Specifies the utilization threshold of the auto-scaler of the AKS cluster. ### Parameter: `autoUpgradeProfileUpgradeChannel` Auto-upgrade channel on the AKS cluster. + - Required: No - Type: string - Default: `''` @@ -1539,6 +1584,7 @@ Auto-upgrade channel on the AKS cluster. ### Parameter: `azurePolicyEnabled` Specifies whether the azurepolicy add-on is enabled or not. For security reasons, this setting should be enabled. + - Required: No - Type: bool - Default: `True` @@ -1546,6 +1592,7 @@ Specifies whether the azurepolicy add-on is enabled or not. For security reasons ### Parameter: `azurePolicyVersion` Specifies the azure policy version to use. + - Required: No - Type: string - Default: `'v2'` @@ -1553,42 +1600,55 @@ Specifies the azure policy version to use. ### Parameter: `customerManagedKey` The customer managed key definition. + - Required: No - Type: object +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`keyName`](#parameter-customermanagedkeykeyname) | string | The name of the customer managed key to use for encryption. | +| [`keyVaultNetworkAccess`](#parameter-customermanagedkeykeyvaultnetworkaccess) | string | Network access of key vault. The possible values are Public and Private. Public means the key vault allows public access from all networks. Private means the key vault disables public access and enables private link. The default value is Public. | +| [`keyVaultResourceId`](#parameter-customermanagedkeykeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. | -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`keyName`](#parameter-customermanagedkeykeyname) | Yes | string | Required. The name of the customer managed key to use for encryption. | -| [`keyVaultNetworkAccess`](#parameter-customermanagedkeykeyvaultnetworkaccess) | Yes | string | Required. Network access of key vault. The possible values are Public and Private. Public means the key vault allows public access from all networks. Private means the key vault disables public access and enables private link. The default value is Public. | -| [`keyVaultResourceId`](#parameter-customermanagedkeykeyvaultresourceid) | Yes | string | Required. The resource ID of a key vault to reference a customer managed key for encryption from. | -| [`keyVersion`](#parameter-customermanagedkeykeyversion) | No | string | Optional. The version of the customer managed key to reference for encryption. If not provided, using 'latest'. | +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`keyVersion`](#parameter-customermanagedkeykeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, using 'latest'. | ### Parameter: `customerManagedKey.keyName` -Required. The name of the customer managed key to use for encryption. +The name of the customer managed key to use for encryption. - Required: Yes - Type: string ### Parameter: `customerManagedKey.keyVaultNetworkAccess` -Required. Network access of key vault. The possible values are Public and Private. Public means the key vault allows public access from all networks. Private means the key vault disables public access and enables private link. The default value is Public. +Network access of key vault. The possible values are Public and Private. Public means the key vault allows public access from all networks. Private means the key vault disables public access and enables private link. The default value is Public. - Required: Yes - Type: string -- Allowed: `[Private, Public]` +- Allowed: + ```Bicep + [ + 'Private' + 'Public' + ] + ``` ### Parameter: `customerManagedKey.keyVaultResourceId` -Required. The resource ID of a key vault to reference a customer managed key for encryption from. +The resource ID of a key vault to reference a customer managed key for encryption from. - Required: Yes - Type: string ### Parameter: `customerManagedKey.keyVersion` -Optional. The version of the customer managed key to reference for encryption. If not provided, using 'latest'. +The version of the customer managed key to reference for encryption. If not provided, using 'latest'. - Required: No - Type: string @@ -1596,114 +1656,90 @@ Optional. The version of the customer managed key to reference for encryption. I ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.metricCategories` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | - -### Parameter: `diagnosticSettings.metricCategories.category` - -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. - -- Required: Yes -- Type: string - - ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -1711,6 +1747,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `disableLocalAccounts` If set to true, getting static credentials will be disabled for this cluster. This must only be used on Managed Clusters that are AAD enabled. + - Required: No - Type: bool - Default: `False` @@ -1718,6 +1755,7 @@ If set to true, getting static credentials will be disabled for this cluster. Th ### Parameter: `disableRunCommand` Whether to disable run command for the cluster or not. + - Required: No - Type: bool - Default: `False` @@ -1725,6 +1763,7 @@ Whether to disable run command for the cluster or not. ### Parameter: `diskEncryptionSetID` The resource ID of the disc encryption set to apply to the cluster. For security reasons, this value should be provided. + - Required: No - Type: string - Default: `''` @@ -1732,6 +1771,7 @@ The resource ID of the disc encryption set to apply to the cluster. For security ### Parameter: `dnsPrefix` Specifies the DNS prefix specified when creating the managed cluster. + - Required: No - Type: string - Default: `[parameters('name')]` @@ -1739,6 +1779,7 @@ Specifies the DNS prefix specified when creating the managed cluster. ### Parameter: `dnsServiceIP` Specifies the IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr. + - Required: No - Type: string - Default: `''` @@ -1746,6 +1787,7 @@ Specifies the IP address assigned to the Kubernetes DNS service. It must be with ### Parameter: `dnsZoneResourceId` Specifies the resource ID of connected DNS zone. It will be ignored if `webApplicationRoutingEnabled` is set to `false`. + - Required: No - Type: string - Default: `''` @@ -1753,6 +1795,7 @@ Specifies the resource ID of connected DNS zone. It will be ignored if `webAppli ### Parameter: `enableAzureDefender` Whether to enable Azure Defender. + - Required: No - Type: bool - Default: `False` @@ -1760,6 +1803,7 @@ Whether to enable Azure Defender. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -1767,6 +1811,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `enableDnsZoneContributorRoleAssignment` Specifies whether assing the DNS zone contributor role to the cluster service principal. It will be ignored if `webApplicationRoutingEnabled` is set to `false` or `dnsZoneResourceId` not provided. + - Required: No - Type: bool - Default: `True` @@ -1774,6 +1819,7 @@ Specifies whether assing the DNS zone contributor role to the cluster service pr ### Parameter: `enableKeyvaultSecretsProvider` Specifies whether the KeyvaultSecretsProvider add-on is enabled or not. + - Required: No - Type: bool - Default: `False` @@ -1781,6 +1827,7 @@ Specifies whether the KeyvaultSecretsProvider add-on is enabled or not. ### Parameter: `enableOidcIssuerProfile` Whether the The OIDC issuer profile of the Managed Cluster is enabled. + - Required: No - Type: bool - Default: `False` @@ -1788,6 +1835,7 @@ Whether the The OIDC issuer profile of the Managed Cluster is enabled. ### Parameter: `enablePodSecurityPolicy` Whether to enable Kubernetes pod security policy. Requires enabling the pod security policy feature flag on the subscription. + - Required: No - Type: bool - Default: `False` @@ -1795,6 +1843,7 @@ Whether to enable Kubernetes pod security policy. Requires enabling the pod secu ### Parameter: `enablePrivateCluster` Specifies whether to create the cluster as a private cluster or not. + - Required: No - Type: bool - Default: `False` @@ -1802,6 +1851,7 @@ Specifies whether to create the cluster as a private cluster or not. ### Parameter: `enablePrivateClusterPublicFQDN` Whether to create additional public FQDN for private cluster or not. + - Required: No - Type: bool - Default: `False` @@ -1809,6 +1859,7 @@ Whether to create additional public FQDN for private cluster or not. ### Parameter: `enableRBAC` Whether to enable Kubernetes Role-Based Access Control. + - Required: No - Type: bool - Default: `True` @@ -1816,6 +1867,7 @@ Whether to enable Kubernetes Role-Based Access Control. ### Parameter: `enableSecretRotation` Specifies whether the KeyvaultSecretsProvider add-on uses secret rotation. + - Required: No - Type: string - Default: `'false'` @@ -1830,6 +1882,7 @@ Specifies whether the KeyvaultSecretsProvider add-on uses secret rotation. ### Parameter: `enableStorageProfileBlobCSIDriver` Whether the AzureBlob CSI Driver for the storage profile is enabled. + - Required: No - Type: bool - Default: `False` @@ -1837,6 +1890,7 @@ Whether the AzureBlob CSI Driver for the storage profile is enabled. ### Parameter: `enableStorageProfileDiskCSIDriver` Whether the AzureDisk CSI Driver for the storage profile is enabled. + - Required: No - Type: bool - Default: `False` @@ -1844,6 +1898,7 @@ Whether the AzureDisk CSI Driver for the storage profile is enabled. ### Parameter: `enableStorageProfileFileCSIDriver` Whether the AzureFile CSI Driver for the storage profile is enabled. + - Required: No - Type: bool - Default: `False` @@ -1851,6 +1906,7 @@ Whether the AzureFile CSI Driver for the storage profile is enabled. ### Parameter: `enableStorageProfileSnapshotController` Whether the snapshot controller for the storage profile is enabled. + - Required: No - Type: bool - Default: `False` @@ -1858,6 +1914,7 @@ Whether the snapshot controller for the storage profile is enabled. ### Parameter: `enableWorkloadIdentity` Whether to enable Workload Identity. Requires OIDC issuer profile to be enabled. + - Required: No - Type: bool - Default: `False` @@ -1865,6 +1922,7 @@ Whether to enable Workload Identity. Requires OIDC issuer profile to be enabled. ### Parameter: `fluxConfigurationProtectedSettings` Configuration settings that are sensitive, as name-value pairs for configuring this extension. + - Required: No - Type: secureObject - Default: `{}` @@ -1872,6 +1930,7 @@ Configuration settings that are sensitive, as name-value pairs for configuring t ### Parameter: `fluxExtension` Settings and configurations for the flux extension. + - Required: No - Type: object - Default: `{}` @@ -1879,6 +1938,7 @@ Settings and configurations for the flux extension. ### Parameter: `httpApplicationRoutingEnabled` Specifies whether the httpApplicationRouting add-on is enabled or not. + - Required: No - Type: bool - Default: `False` @@ -1886,6 +1946,7 @@ Specifies whether the httpApplicationRouting add-on is enabled or not. ### Parameter: `httpProxyConfig` Configurations for provisioning the cluster with HTTP proxy servers. + - Required: No - Type: object - Default: `{}` @@ -1893,6 +1954,7 @@ Configurations for provisioning the cluster with HTTP proxy servers. ### Parameter: `identityProfile` Identities associated with the cluster. + - Required: No - Type: object - Default: `{}` @@ -1900,6 +1962,7 @@ Identities associated with the cluster. ### Parameter: `ingressApplicationGatewayEnabled` Specifies whether the ingressApplicationGateway (AGIC) add-on is enabled or not. + - Required: No - Type: bool - Default: `False` @@ -1907,6 +1970,7 @@ Specifies whether the ingressApplicationGateway (AGIC) add-on is enabled or not. ### Parameter: `kubeDashboardEnabled` Specifies whether the kubeDashboard add-on is enabled or not. + - Required: No - Type: bool - Default: `False` @@ -1914,6 +1978,7 @@ Specifies whether the kubeDashboard add-on is enabled or not. ### Parameter: `kubernetesVersion` Version of Kubernetes specified when creating the managed cluster. + - Required: No - Type: string - Default: `''` @@ -1921,6 +1986,7 @@ Version of Kubernetes specified when creating the managed cluster. ### Parameter: `loadBalancerSku` Specifies the sku of the load balancer used by the virtual machine scale sets used by nodepools. + - Required: No - Type: string - Default: `'standard'` @@ -1935,6 +2001,7 @@ Specifies the sku of the load balancer used by the virtual machine scale sets us ### Parameter: `location` Specifies the location of AKS cluster. It picks up Resource Group's location by default. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -1942,26 +2009,35 @@ Specifies the location of AKS cluster. It picks up Resource Group's location by ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -1969,25 +2045,27 @@ Optional. Specify the name of lock. ### Parameter: `managedIdentities` The managed identity definition for this resource. Only one type of identity is supported: system-assigned or user-assigned, but not both. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | No | bool | Optional. Enables system assigned managed identity on the resource. | -| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | No | array | Optional. The resource ID(s) to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | bool | Enables system assigned managed identity on the resource. | +| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. | ### Parameter: `managedIdentities.systemAssigned` -Optional. Enables system assigned managed identity on the resource. +Enables system assigned managed identity on the resource. - Required: No - Type: bool ### Parameter: `managedIdentities.userAssignedResourceIds` -Optional. The resource ID(s) to assign to the resource. +The resource ID(s) to assign to the resource. - Required: No - Type: array @@ -1995,6 +2073,7 @@ Optional. The resource ID(s) to assign to the resource. ### Parameter: `managedOutboundIPCount` Outbound IP Count for the Load balancer. + - Required: No - Type: int - Default: `0` @@ -2002,19 +2081,15 @@ Outbound IP Count for the Load balancer. ### Parameter: `monitoringWorkspaceId` Resource ID of the monitoring log analytics workspace. + - Required: No - Type: string - Default: `''` -### Parameter: `name` - -Specifies the name of the AKS cluster. -- Required: Yes -- Type: string - ### Parameter: `networkDataplane` Network dataplane used in the Kubernetes cluster. Not compatible with kubenet network plugin. + - Required: No - Type: string - Default: `''` @@ -2030,6 +2105,7 @@ Network dataplane used in the Kubernetes cluster. Not compatible with kubenet ne ### Parameter: `networkPlugin` Specifies the network plugin used for building Kubernetes network. + - Required: No - Type: string - Default: `''` @@ -2045,6 +2121,7 @@ Specifies the network plugin used for building Kubernetes network. ### Parameter: `networkPluginMode` Network plugin mode used for building the Kubernetes network. Not compatible with kubenet network plugin. + - Required: No - Type: string - Default: `''` @@ -2059,6 +2136,7 @@ Network plugin mode used for building the Kubernetes network. Not compatible wit ### Parameter: `networkPolicy` Specifies the network policy used for building Kubernetes network. - calico or azure. + - Required: No - Type: string - Default: `''` @@ -2074,6 +2152,7 @@ Specifies the network policy used for building Kubernetes network. - calico or a ### Parameter: `nodeResourceGroup` Name of the resource group containing agent pool nodes. + - Required: No - Type: string - Default: `[format('{0}_aks_{1}_nodes', resourceGroup().name, parameters('name'))]` @@ -2081,6 +2160,7 @@ Name of the resource group containing agent pool nodes. ### Parameter: `omsAgentEnabled` Specifies whether the OMS agent is enabled. + - Required: No - Type: bool - Default: `True` @@ -2088,6 +2168,7 @@ Specifies whether the OMS agent is enabled. ### Parameter: `openServiceMeshEnabled` Specifies whether the openServiceMesh add-on is enabled or not. + - Required: No - Type: bool - Default: `False` @@ -2095,6 +2176,7 @@ Specifies whether the openServiceMesh add-on is enabled or not. ### Parameter: `outboundType` Specifies outbound (egress) routing method. - loadBalancer or userDefinedRouting. + - Required: No - Type: string - Default: `'loadBalancer'` @@ -2109,6 +2191,7 @@ Specifies outbound (egress) routing method. - loadBalancer or userDefinedRouting ### Parameter: `podCidr` Specifies the CIDR notation IP range from which to assign pod IPs when kubenet is used. + - Required: No - Type: string - Default: `''` @@ -2116,6 +2199,7 @@ Specifies the CIDR notation IP range from which to assign pod IPs when kubenet i ### Parameter: `podIdentityProfileAllowNetworkPluginKubenet` Running in Kubenet is disabled by default due to the security related nature of AAD Pod Identity and the risks of IP spoofing. + - Required: No - Type: bool - Default: `False` @@ -2123,6 +2207,7 @@ Running in Kubenet is disabled by default due to the security related nature of ### Parameter: `podIdentityProfileEnable` Whether the pod identity addon is enabled. + - Required: No - Type: bool - Default: `False` @@ -2130,6 +2215,7 @@ Whether the pod identity addon is enabled. ### Parameter: `podIdentityProfileUserAssignedIdentities` The pod identities to use in the cluster. + - Required: No - Type: array - Default: `[]` @@ -2137,19 +2223,15 @@ The pod identities to use in the cluster. ### Parameter: `podIdentityProfileUserAssignedIdentityExceptions` The pod identity exceptions to allow. + - Required: No - Type: array - Default: `[]` -### Parameter: `primaryAgentPoolProfile` - -Properties of the primary agent pool. -- Required: Yes -- Type: array - ### Parameter: `privateDNSZone` Private DNS Zone configuration. Set to 'system' and AKS will create a private DNS zone in the node resource group. Set to '' to disable private DNS Zone creation and use public DNS. Supply the resource ID here of an existing Private DNS zone to use an existing zone. + - Required: No - Type: string - Default: `''` @@ -2157,74 +2239,96 @@ Private DNS Zone configuration. Set to 'system' and AKS will create a private DN ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +**Optional parameters** -### Parameter: `roleAssignments.condition` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +### Parameter: `roleAssignments.principalId` -- Required: No +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `serviceCidr` A CIDR notation IP range from which to assign service cluster IPs. It must not overlap with any Subnet IP ranges. + - Required: No - Type: string - Default: `''` @@ -2232,6 +2336,7 @@ A CIDR notation IP range from which to assign service cluster IPs. It must not o ### Parameter: `skuTier` Tier of a managed cluster SKU. - Free or Standard. + - Required: No - Type: string - Default: `'Free'` @@ -2247,6 +2352,7 @@ Tier of a managed cluster SKU. - Free or Standard. ### Parameter: `sshPublicKey` Specifies the SSH RSA public key string for the Linux nodes. + - Required: No - Type: string - Default: `''` @@ -2254,6 +2360,7 @@ Specifies the SSH RSA public key string for the Linux nodes. ### Parameter: `supportPlan` The support plan for the Managed Cluster. + - Required: No - Type: string - Default: `'KubernetesOfficial'` @@ -2268,12 +2375,14 @@ The support plan for the Managed Cluster. ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object ### Parameter: `webApplicationRoutingEnabled` Specifies whether the webApplicationRoutingEnabled add-on is enabled or not. + - Required: No - Type: bool - Default: `False` diff --git a/modules/container-service/managed-cluster/agent-pool/README.md b/modules/container-service/managed-cluster/agent-pool/README.md index ea2052f582..5519e82572 100644 --- a/modules/container-service/managed-cluster/agent-pool/README.md +++ b/modules/container-service/managed-cluster/agent-pool/README.md @@ -69,9 +69,24 @@ This module deploys an Azure Kubernetes Service (AKS) Managed Cluster Agent Pool | [`vnetSubnetId`](#parameter-vnetsubnetid) | string | Node Subnet ID. If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}. | | [`workloadRuntime`](#parameter-workloadruntime) | string | Determines the type of workload a node can run. | +### Parameter: `name` + +Name of the agent pool. + +- Required: Yes +- Type: string + +### Parameter: `managedClusterName` + +The name of the parent managed cluster. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `availabilityZones` The list of Availability zones to use for nodes. This can only be specified if the AgentPoolType property is "VirtualMachineScaleSets". + - Required: No - Type: array - Default: `[]` @@ -79,6 +94,7 @@ The list of Availability zones to use for nodes. This can only be specified if t ### Parameter: `count` Desired Number of agents (VMs) specified to host docker containers. Allowed values must be in the range of 0 to 1000 (inclusive) for user pools and in the range of 1 to 1000 (inclusive) for system pools. The default value is 1. + - Required: No - Type: int - Default: `1` @@ -86,6 +102,7 @@ Desired Number of agents (VMs) specified to host docker containers. Allowed valu ### Parameter: `enableAutoScaling` Whether to enable auto-scaler. + - Required: No - Type: bool - Default: `False` @@ -93,6 +110,7 @@ Whether to enable auto-scaler. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -100,6 +118,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `enableEncryptionAtHost` This is only supported on certain VM sizes and in certain Azure regions. For more information, see: /azure/aks/enable-host-encryption. For security reasons, this setting should be enabled. + - Required: No - Type: bool - Default: `False` @@ -107,6 +126,7 @@ This is only supported on certain VM sizes and in certain Azure regions. For mor ### Parameter: `enableFIPS` See Add a FIPS-enabled node pool (https://learn.microsoft.com/en-us/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview) for more details. + - Required: No - Type: bool - Default: `False` @@ -114,6 +134,7 @@ See Add a FIPS-enabled node pool (https://learn.microsoft.com/en-us/azure/aks/us ### Parameter: `enableNodePublicIP` Some scenarios may require nodes in a node pool to receive their own dedicated public IP addresses. A common scenario is for gaming workloads, where a console needs to make a direct connection to a cloud virtual machine to minimize hops. For more information see assigning a public IP per node (https://learn.microsoft.com/en-us/azure/aks/use-multiple-node-pools#assign-a-public-ip-per-node-for-your-node-pools). + - Required: No - Type: bool - Default: `False` @@ -121,6 +142,7 @@ Some scenarios may require nodes in a node pool to receive their own dedicated p ### Parameter: `enableUltraSSD` Whether to enable UltraSSD. + - Required: No - Type: bool - Default: `False` @@ -128,6 +150,7 @@ Whether to enable UltraSSD. ### Parameter: `gpuInstanceProfile` GPUInstanceProfile to be used to specify GPU MIG instance profile for supported GPU VM SKU. + - Required: No - Type: string - Default: `''` @@ -146,19 +169,15 @@ GPUInstanceProfile to be used to specify GPU MIG instance profile for supported ### Parameter: `kubeletDiskType` Determines the placement of emptyDir volumes, container runtime data root, and Kubelet ephemeral storage. + - Required: No - Type: string - Default: `''` -### Parameter: `managedClusterName` - -The name of the parent managed cluster. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `maxCount` The maximum number of nodes for auto-scaling. + - Required: No - Type: int - Default: `-1` @@ -166,6 +185,7 @@ The maximum number of nodes for auto-scaling. ### Parameter: `maxPods` The maximum number of pods that can run on a node. + - Required: No - Type: int - Default: `-1` @@ -173,6 +193,7 @@ The maximum number of pods that can run on a node. ### Parameter: `maxSurge` This can either be set to an integer (e.g. "5") or a percentage (e.g. "50%"). If a percentage is specified, it is the percentage of the total agent pool size at the time of the upgrade. For percentages, fractional nodes are rounded up. If not specified, the default is 1. For more information, including best practices, see: /azure/aks/upgrade-cluster#customize-node-surge-upgrade. + - Required: No - Type: string - Default: `''` @@ -180,6 +201,7 @@ This can either be set to an integer (e.g. "5") or a percentage (e.g. "50%"). If ### Parameter: `minCount` The minimum number of nodes for auto-scaling. + - Required: No - Type: int - Default: `-1` @@ -187,19 +209,15 @@ The minimum number of nodes for auto-scaling. ### Parameter: `mode` A cluster must have at least one "System" Agent Pool at all times. For additional information on agent pool restrictions and best practices, see: /azure/aks/use-system-pools. + - Required: No - Type: string - Default: `''` -### Parameter: `name` - -Name of the agent pool. -- Required: Yes -- Type: string - ### Parameter: `nodeLabels` The node labels to be persisted across all nodes in agent pool. + - Required: No - Type: object - Default: `{}` @@ -207,6 +225,7 @@ The node labels to be persisted across all nodes in agent pool. ### Parameter: `nodePublicIpPrefixId` ResourceId of the node PublicIPPrefix. + - Required: No - Type: string - Default: `''` @@ -214,6 +233,7 @@ ResourceId of the node PublicIPPrefix. ### Parameter: `nodeTaints` The taints added to new nodes during node pool create and scale. For example, key=value:NoSchedule. + - Required: No - Type: array - Default: `[]` @@ -221,6 +241,7 @@ The taints added to new nodes during node pool create and scale. For example, ke ### Parameter: `orchestratorVersion` As a best practice, you should upgrade all node pools in an AKS cluster to the same Kubernetes version. The node pool version must have the same major version as the control plane. The node pool minor version must be within two minor versions of the control plane version. The node pool version cannot be greater than the control plane version. For more information see upgrading a node pool (https://learn.microsoft.com/en-us/azure/aks/use-multiple-node-pools#upgrade-a-node-pool). + - Required: No - Type: string - Default: `''` @@ -228,6 +249,7 @@ As a best practice, you should upgrade all node pools in an AKS cluster to the s ### Parameter: `osDiskSizeGB` OS Disk Size in GB to be used to specify the disk size for every machine in the master/agent pool. If you specify 0, it will apply the default osDisk size according to the vmSize specified. + - Required: No - Type: int - Default: `0` @@ -235,6 +257,7 @@ OS Disk Size in GB to be used to specify the disk size for every machine in the ### Parameter: `osDiskType` The default is "Ephemeral" if the VM supports it and has a cache disk larger than the requested OSDiskSizeGB. Otherwise, defaults to "Managed". May not be changed after creation. For more information see Ephemeral OS (https://learn.microsoft.com/en-us/azure/aks/cluster-configuration#ephemeral-os). + - Required: No - Type: string - Default: `''` @@ -250,6 +273,7 @@ The default is "Ephemeral" if the VM supports it and has a cache disk larger tha ### Parameter: `osSku` Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is Linux. The default is Windows2019 when Kubernetes <= 1.24 or Windows2022 when Kubernetes >= 1.25 if OSType is Windows. + - Required: No - Type: string - Default: `''` @@ -268,6 +292,7 @@ Specifies the OS SKU used by the agent pool. The default is Ubuntu if OSType is ### Parameter: `osType` The operating system type. The default is Linux. + - Required: No - Type: string - Default: `'Linux'` @@ -282,6 +307,7 @@ The operating system type. The default is Linux. ### Parameter: `podSubnetId` Subnet ID for the pod IPs. If omitted, pod IPs are statically assigned on the node subnet (see vnetSubnetID for more details). This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}. + - Required: No - Type: string - Default: `''` @@ -289,6 +315,7 @@ Subnet ID for the pod IPs. If omitted, pod IPs are statically assigned on the no ### Parameter: `proximityPlacementGroupResourceId` The ID for the Proximity Placement Group. + - Required: No - Type: string - Default: `''` @@ -296,6 +323,7 @@ The ID for the Proximity Placement Group. ### Parameter: `scaleDownMode` Describes how VMs are added to or removed from Agent Pools. See billing states (https://learn.microsoft.com/en-us/azure/virtual-machines/states-billing). + - Required: No - Type: string - Default: `'Delete'` @@ -310,6 +338,7 @@ Describes how VMs are added to or removed from Agent Pools. See billing states ( ### Parameter: `scaleSetEvictionPolicy` The eviction policy specifies what to do with the VM when it is evicted. The default is Delete. For more information about eviction see spot VMs. + - Required: No - Type: string - Default: `'Delete'` @@ -324,6 +353,7 @@ The eviction policy specifies what to do with the VM when it is evicted. The def ### Parameter: `scaleSetPriority` The Virtual Machine Scale Set priority. + - Required: No - Type: string - Default: `''` @@ -339,6 +369,7 @@ The Virtual Machine Scale Set priority. ### Parameter: `sourceResourceId` This is the ARM ID of the source object to be used to create the target object. + - Required: No - Type: string - Default: `''` @@ -346,6 +377,7 @@ This is the ARM ID of the source object to be used to create the target object. ### Parameter: `spotMaxPrice` Possible values are any decimal value greater than zero or -1 which indicates the willingness to pay any on-demand price. For more details on spot pricing, see spot VMs pricing (https://learn.microsoft.com/en-us/azure/virtual-machines/spot-vms#pricing). + - Required: No - Type: int - Default: `-1` @@ -353,12 +385,14 @@ Possible values are any decimal value greater than zero or -1 which indicates th ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object ### Parameter: `type` The type of Agent Pool. + - Required: No - Type: string - Default: `''` @@ -366,6 +400,7 @@ The type of Agent Pool. ### Parameter: `vmSize` VM size. VM size availability varies by region. If a node contains insufficient compute resources (memory, cpu, etc) pods might fail to run correctly. For more details on restricted VM sizes, see: /azure/aks/quotas-skus-regions. + - Required: No - Type: string - Default: `'Standard_D2s_v3'` @@ -373,6 +408,7 @@ VM size. VM size availability varies by region. If a node contains insufficient ### Parameter: `vnetSubnetId` Node Subnet ID. If this is not specified, a VNET and subnet will be generated and used. If no podSubnetID is specified, this applies to nodes and pods, otherwise it applies to just nodes. This is of the form: /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{virtualNetworkName}/subnets/{subnetName}. + - Required: No - Type: string - Default: `''` @@ -380,6 +416,7 @@ Node Subnet ID. If this is not specified, a VNET and subnet will be generated an ### Parameter: `workloadRuntime` Determines the type of workload a node can run. + - Required: No - Type: string - Default: `''` diff --git a/modules/data-factory/factory/README.md b/modules/data-factory/factory/README.md index c04ef52978..dd0ad74ada 100644 --- a/modules/data-factory/factory/README.md +++ b/modules/data-factory/factory/README.md @@ -618,44 +618,58 @@ module factory 'br:bicep/modules/data-factory.factory:1.0.0' = { | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignments to create. | | [`tags`](#parameter-tags) | object | Tags of the resource. | +### Parameter: `name` + +The name of the Azure Factory to create. + +- Required: Yes +- Type: string + ### Parameter: `customerManagedKey` The customer managed key definition. + - Required: No - Type: object +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`keyName`](#parameter-customermanagedkeykeyname) | Yes | string | Required. The name of the customer managed key to use for encryption. | -| [`keyVaultResourceId`](#parameter-customermanagedkeykeyvaultresourceid) | Yes | string | Required. The resource ID of a key vault to reference a customer managed key for encryption from. | -| [`keyVersion`](#parameter-customermanagedkeykeyversion) | No | string | Optional. The version of the customer managed key to reference for encryption. If not provided, using 'latest'. | -| [`userAssignedIdentityResourceId`](#parameter-customermanagedkeyuserassignedidentityresourceid) | No | string | Optional. User assigned identity to use when fetching the customer managed key. Required if no system assigned identity is available for use. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`keyName`](#parameter-customermanagedkeykeyname) | string | The name of the customer managed key to use for encryption. | +| [`keyVaultResourceId`](#parameter-customermanagedkeykeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`keyVersion`](#parameter-customermanagedkeykeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, using 'latest'. | +| [`userAssignedIdentityResourceId`](#parameter-customermanagedkeyuserassignedidentityresourceid) | string | User assigned identity to use when fetching the customer managed key. Required if no system assigned identity is available for use. | ### Parameter: `customerManagedKey.keyName` -Required. The name of the customer managed key to use for encryption. +The name of the customer managed key to use for encryption. - Required: Yes - Type: string ### Parameter: `customerManagedKey.keyVaultResourceId` -Required. The resource ID of a key vault to reference a customer managed key for encryption from. +The resource ID of a key vault to reference a customer managed key for encryption from. - Required: Yes - Type: string ### Parameter: `customerManagedKey.keyVersion` -Optional. The version of the customer managed key to reference for encryption. If not provided, using 'latest'. +The version of the customer managed key to reference for encryption. If not provided, using 'latest'. - Required: No - Type: string ### Parameter: `customerManagedKey.userAssignedIdentityResourceId` -Optional. User assigned identity to use when fetching the customer managed key. Required if no system assigned identity is available for use. +User assigned identity to use when fetching the customer managed key. Required if no system assigned identity is available for use. - Required: No - Type: string @@ -663,114 +677,90 @@ Optional. User assigned identity to use when fetching the customer managed key. ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.metricCategories` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | - -### Parameter: `diagnosticSettings.metricCategories.category` - -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. - -- Required: Yes -- Type: string - - ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -778,6 +768,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -785,6 +776,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `gitAccountName` The account name. + - Required: No - Type: string - Default: `''` @@ -792,6 +784,7 @@ The account name. ### Parameter: `gitCollaborationBranch` The collaboration branch name. Default is 'main'. + - Required: No - Type: string - Default: `'main'` @@ -799,6 +792,7 @@ The collaboration branch name. Default is 'main'. ### Parameter: `gitConfigureLater` Boolean to define whether or not to configure git during template deployment. + - Required: No - Type: bool - Default: `True` @@ -806,6 +800,7 @@ Boolean to define whether or not to configure git during template deployment. ### Parameter: `gitDisablePublish` Disable manual publish operation in ADF studio to favor automated publish. + - Required: No - Type: bool - Default: `False` @@ -813,6 +808,7 @@ Disable manual publish operation in ADF studio to favor automated publish. ### Parameter: `gitHostName` The GitHub Enterprise Server host (prefixed with 'https://'). Only relevant for 'FactoryGitHubConfiguration'. + - Required: No - Type: string - Default: `''` @@ -820,6 +816,7 @@ The GitHub Enterprise Server host (prefixed with 'https://'). Only relevant for ### Parameter: `gitProjectName` The project name. Only relevant for 'FactoryVSTSConfiguration'. + - Required: No - Type: string - Default: `''` @@ -827,6 +824,7 @@ The project name. Only relevant for 'FactoryVSTSConfiguration'. ### Parameter: `gitRepositoryName` The repository name. + - Required: No - Type: string - Default: `''` @@ -834,6 +832,7 @@ The repository name. ### Parameter: `gitRepoType` Repository type - can be 'FactoryVSTSConfiguration' or 'FactoryGitHubConfiguration'. Default is 'FactoryVSTSConfiguration'. + - Required: No - Type: string - Default: `'FactoryVSTSConfiguration'` @@ -841,6 +840,7 @@ Repository type - can be 'FactoryVSTSConfiguration' or 'FactoryGitHubConfigurati ### Parameter: `gitRootFolder` The root folder path name. Default is '/'. + - Required: No - Type: string - Default: `'/'` @@ -848,6 +848,7 @@ The root folder path name. Default is '/'. ### Parameter: `globalParameters` List of Global Parameters for the factory. + - Required: No - Type: object - Default: `{}` @@ -855,6 +856,7 @@ List of Global Parameters for the factory. ### Parameter: `integrationRuntimes` An array of objects for the configuration of an Integration Runtime. + - Required: No - Type: array - Default: `[]` @@ -862,6 +864,7 @@ An array of objects for the configuration of an Integration Runtime. ### Parameter: `location` Location for all Resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -869,26 +872,35 @@ Location for all Resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -896,25 +908,27 @@ Optional. Specify the name of lock. ### Parameter: `managedIdentities` The managed identity definition for this resource. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | No | bool | Optional. Enables system assigned managed identity on the resource. | -| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | No | array | Optional. The resource ID(s) to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | bool | Enables system assigned managed identity on the resource. | +| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. | ### Parameter: `managedIdentities.systemAssigned` -Optional. Enables system assigned managed identity on the resource. +Enables system assigned managed identity on the resource. - Required: No - Type: bool ### Parameter: `managedIdentities.userAssignedResourceIds` -Optional. The resource ID(s) to assign to the resource. +The resource ID(s) to assign to the resource. - Required: No - Type: array @@ -922,6 +936,7 @@ Optional. The resource ID(s) to assign to the resource. ### Parameter: `managedPrivateEndpoints` An array of managed private endpoints objects created in the Data Factory managed virtual network. + - Required: No - Type: array - Default: `[]` @@ -929,210 +944,255 @@ An array of managed private endpoints objects created in the Data Factory manage ### Parameter: `managedVirtualNetworkName` The name of the Managed Virtual Network. + - Required: No - Type: string - Default: `''` -### Parameter: `name` - -The name of the Azure Factory to create. -- Required: Yes -- Type: string - ### Parameter: `privateEndpoints` Configuration Details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | No | array | Optional. Application security groups in which the private endpoint IP configuration is included. | -| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | No | array | Optional. Custom DNS configurations. | -| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | No | string | Optional. The custom name of the network interface attached to the private endpoint. | -| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | No | bool | Optional. Enable/Disable usage telemetry for module. | -| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | No | array | Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | -| [`location`](#parameter-privateendpointslocation) | No | string | Optional. The location to deploy the private endpoint to. | -| [`lock`](#parameter-privateendpointslock) | No | object | Optional. Specify the type of lock. | -| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | No | array | Optional. Manual PrivateLink Service Connections. | -| [`name`](#parameter-privateendpointsname) | No | string | Optional. The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | No | string | Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | -| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | No | array | Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | -| [`roleAssignments`](#parameter-privateendpointsroleassignments) | No | array | Optional. Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | No | string | Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | -| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | Yes | string | Required. Resource ID of the subnet where the endpoint needs to be created. | -| [`tags`](#parameter-privateendpointstags) | No | object | Optional. Tags to be applied on all resources/resource groups in this deployment. | - -### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` - -Optional. Application security groups in which the private endpoint IP configuration is included. +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | string | Resource ID of the subnet where the endpoint needs to be created. | -- Required: No -- Type: array +**Optional parameters** -### Parameter: `privateEndpoints.customDnsConfigs` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | array | Application security groups in which the private endpoint IP configuration is included. | +| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | array | Custom DNS configurations. | +| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | +| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | +| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | +| [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | +| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | +| [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | +| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | +| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | +| [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | +| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | +| [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | -Optional. Custom DNS configurations. +### Parameter: `privateEndpoints.subnetResourceId` -- Required: No -- Type: array +Resource ID of the subnet where the endpoint needs to be created. -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | No | string | Required. Fqdn that resolves to private endpoint ip address. | -| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | Yes | array | Required. A list of private ip addresses of the private endpoint. | +- Required: Yes +- Type: string -### Parameter: `privateEndpoints.customDnsConfigs.fqdn` +### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` -Required. Fqdn that resolves to private endpoint ip address. +Application security groups in which the private endpoint IP configuration is included. - Required: No -- Type: string +- Type: array -### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` +### Parameter: `privateEndpoints.customDnsConfigs` -Required. A list of private ip addresses of the private endpoint. +Custom DNS configurations. -- Required: Yes +- Required: No - Type: array - ### Parameter: `privateEndpoints.customNetworkInterfaceName` -Optional. The custom name of the network interface attached to the private endpoint. +The custom name of the network interface attached to the private endpoint. - Required: No - Type: string ### Parameter: `privateEndpoints.enableTelemetry` -Optional. Enable/Disable usage telemetry for module. +Enable/Disable usage telemetry for module. - Required: No - Type: bool ### Parameter: `privateEndpoints.ipConfigurations` -Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. +A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`name`](#parameter-privateendpointsipconfigurationsname) | Yes | string | Required. The name of the resource that is unique within a resource group. | -| [`properties`](#parameter-privateendpointsipconfigurationsproperties) | Yes | object | Required. Properties of private endpoint IP configurations. | - -### Parameter: `privateEndpoints.ipConfigurations.name` +### Parameter: `privateEndpoints.location` -Required. The name of the resource that is unique within a resource group. +The location to deploy the private endpoint to. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties` +### Parameter: `privateEndpoints.lock` -Required. Properties of private endpoint IP configurations. +Specify the type of lock. -- Required: Yes +- Required: No - Type: object -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | Yes | string | Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. | -| [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | Yes | string | Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. | -| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | Yes | string | Required. A private ip address obtained from the private endpoint's subnet. | +**Optional parameters** -### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-privateendpointslockkind) | string | Specify the type of lock. | +| [`name`](#parameter-privateendpointslockname) | string | Specify the name of lock. | -Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. +### Parameter: `privateEndpoints.lock.kind` -- Required: Yes +Specify the type of lock. + +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` -### Parameter: `privateEndpoints.ipConfigurations.properties.memberName` +### Parameter: `privateEndpoints.lock.name` -Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. +Specify the name of lock. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` +### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` -Required. A private ip address obtained from the private endpoint's subnet. +Manual PrivateLink Service Connections. -- Required: Yes -- Type: string +- Required: No +- Type: array +### Parameter: `privateEndpoints.name` +The name of the private endpoint. -### Parameter: `privateEndpoints.location` +- Required: No +- Type: string -Optional. The location to deploy the private endpoint to. +### Parameter: `privateEndpoints.privateDnsZoneGroupName` + +The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. - Required: No - Type: string -### Parameter: `privateEndpoints.lock` +### Parameter: `privateEndpoints.privateDnsZoneResourceIds` -Optional. Specify the type of lock. +The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. - Required: No -- Type: object +- Type: array -### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` +### Parameter: `privateEndpoints.roleAssignments` -Optional. Manual PrivateLink Service Connections. +Array of role assignments to create. - Required: No - Type: array -### Parameter: `privateEndpoints.name` +**Required parameters** -Optional. The name of the private endpoint. +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-privateendpointsroleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-privateendpointsroleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-privateendpointsroleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-privateendpointsroleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-privateendpointsroleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-privateendpointsroleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-privateendpointsroleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | + +### Parameter: `privateEndpoints.roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.roleAssignments.roleDefinitionIdOrName` + +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.roleAssignments.condition` + +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `privateEndpoints.privateDnsZoneGroupName` +### Parameter: `privateEndpoints.roleAssignments.conditionVersion` -Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `privateEndpoints.privateDnsZoneResourceIds` +### Parameter: `privateEndpoints.roleAssignments.delegatedManagedIdentityResourceId` -Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. +The Resource Id of the delegated managed identity resource. - Required: No -- Type: array +- Type: string -### Parameter: `privateEndpoints.roleAssignments` +### Parameter: `privateEndpoints.roleAssignments.description` -Optional. Array of role assignments to create. +The description of the role assignment. - Required: No -- Type: array +- Type: string -### Parameter: `privateEndpoints.service` +### Parameter: `privateEndpoints.roleAssignments.principalType` -Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". +The principal type of the assigned principal ID. - Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` -### Parameter: `privateEndpoints.subnetResourceId` +### Parameter: `privateEndpoints.service` -Required. Resource ID of the subnet where the endpoint needs to be created. +The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". -- Required: Yes +- Required: No - Type: string ### Parameter: `privateEndpoints.tags` -Optional. Tags to be applied on all resources/resource groups in this deployment. +Tags to be applied on all resources/resource groups in this deployment. - Required: No - Type: object @@ -1140,6 +1200,7 @@ Optional. Tags to be applied on all resources/resource groups in this deployment ### Parameter: `publicNetworkAccess` Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. + - Required: No - Type: string - Default: `''` @@ -1155,74 +1216,96 @@ Whether or not public network access is allowed for this resource. For security ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +### Parameter: `roleAssignments.principalId` -- Required: No +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object diff --git a/modules/data-factory/factory/integration-runtime/README.md b/modules/data-factory/factory/integration-runtime/README.md index 0e9de57341..1db7d93a4e 100644 --- a/modules/data-factory/factory/integration-runtime/README.md +++ b/modules/data-factory/factory/integration-runtime/README.md @@ -39,15 +39,38 @@ This module deploys a Data Factory Managed or Self-Hosted Integration Runtime. | [`managedVirtualNetworkName`](#parameter-managedvirtualnetworkname) | string | The name of the Managed Virtual Network if using type "Managed" . | | [`typeProperties`](#parameter-typeproperties) | object | Integration Runtime type properties. Required if type is "Managed". | +### Parameter: `name` + +The name of the Integration Runtime. + +- Required: Yes +- Type: string + +### Parameter: `type` + +The type of Integration Runtime. + +- Required: Yes +- Type: string +- Allowed: + ```Bicep + [ + 'Managed' + 'SelfHosted' + ] + ``` + ### Parameter: `dataFactoryName` The name of the parent Azure Data Factory. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -55,32 +78,15 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `managedVirtualNetworkName` The name of the Managed Virtual Network if using type "Managed" . + - Required: No - Type: string - Default: `''` -### Parameter: `name` - -The name of the Integration Runtime. -- Required: Yes -- Type: string - -### Parameter: `type` - -The type of Integration Runtime. -- Required: Yes -- Type: string -- Allowed: - ```Bicep - [ - 'Managed' - 'SelfHosted' - ] - ``` - ### Parameter: `typeProperties` Integration Runtime type properties. Required if type is "Managed". + - Required: No - Type: object - Default: `{}` diff --git a/modules/data-factory/factory/managed-virtual-network/README.md b/modules/data-factory/factory/managed-virtual-network/README.md index 59b92e31fe..a22063ff97 100644 --- a/modules/data-factory/factory/managed-virtual-network/README.md +++ b/modules/data-factory/factory/managed-virtual-network/README.md @@ -38,15 +38,24 @@ This module deploys a Data Factory Managed Virtual Network. | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`managedPrivateEndpoints`](#parameter-managedprivateendpoints) | array | An array of managed private endpoints objects created in the Data Factory managed virtual network. | +### Parameter: `name` + +The name of the Managed Virtual Network. + +- Required: Yes +- Type: string + ### Parameter: `dataFactoryName` The name of the parent Azure Data Factory. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -54,16 +63,11 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `managedPrivateEndpoints` An array of managed private endpoints objects created in the Data Factory managed virtual network. + - Required: No - Type: array - Default: `[]` -### Parameter: `name` - -The name of the Managed Virtual Network. -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/data-factory/factory/managed-virtual-network/managed-private-endpoint/README.md b/modules/data-factory/factory/managed-virtual-network/managed-private-endpoint/README.md index 8d1265830d..dbffcad961 100644 --- a/modules/data-factory/factory/managed-virtual-network/managed-private-endpoint/README.md +++ b/modules/data-factory/factory/managed-virtual-network/managed-private-endpoint/README.md @@ -39,49 +39,56 @@ This module deploys a Data Factory Managed Virtual Network Managed Private Endpo | :-- | :-- | :-- | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | -### Parameter: `dataFactoryName` - -The name of the parent data factory. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` - ### Parameter: `fqdns` Fully qualified domain names. + - Required: Yes - Type: array ### Parameter: `groupId` The groupId to which the managed private endpoint is created. + - Required: Yes - Type: string ### Parameter: `managedVirtualNetworkName` The name of the parent managed virtual network. + - Required: Yes - Type: string ### Parameter: `name` The managed private endpoint resource name. + - Required: Yes - Type: string ### Parameter: `privateLinkResourceId` The ARM resource ID of the resource to which the managed private endpoint is created. + +- Required: Yes +- Type: string + +### Parameter: `dataFactoryName` + +The name of the parent data factory. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` + ## Outputs diff --git a/modules/data-protection/backup-vault/README.md b/modules/data-protection/backup-vault/README.md index 6ade55fb30..3744f13387 100644 --- a/modules/data-protection/backup-vault/README.md +++ b/modules/data-protection/backup-vault/README.md @@ -558,9 +558,17 @@ module backupVault 'br:bicep/modules/data-protection.backup-vault:1.0.0' = { | [`tags`](#parameter-tags) | object | Tags of the Recovery Service Vault resource. | | [`type`](#parameter-type) | string | The vault redundancy level to use. | +### Parameter: `name` + +Name of the Backup Vault. + +- Required: Yes +- Type: string + ### Parameter: `azureMonitorAlertSettingsAlertsForAllJobFailures` Settings for Azure Monitor based alerts for job failures. + - Required: No - Type: string - Default: `'Enabled'` @@ -575,6 +583,7 @@ Settings for Azure Monitor based alerts for job failures. ### Parameter: `backupPolicies` List of all backup policies. + - Required: No - Type: array - Default: `[]` @@ -582,6 +591,7 @@ List of all backup policies. ### Parameter: `dataStoreType` The datastore type to use. ArchiveStore does not support ZoneRedundancy. + - Required: No - Type: string - Default: `'VaultStore'` @@ -597,6 +607,7 @@ The datastore type to use. ArchiveStore does not support ZoneRedundancy. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -604,6 +615,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `featureSettings` Feature settings for the backup vault. + - Required: No - Type: object - Default: `{}` @@ -611,6 +623,7 @@ Feature settings for the backup vault. ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -618,26 +631,35 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -645,98 +667,116 @@ Optional. Specify the name of lock. ### Parameter: `managedIdentities` The managed identity definition for this resource. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | No | bool | Optional. Enables system assigned managed identity on the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | bool | Enables system assigned managed identity on the resource. | ### Parameter: `managedIdentities.systemAssigned` -Optional. Enables system assigned managed identity on the resource. +Enables system assigned managed identity on the resource. - Required: No - Type: bool -### Parameter: `name` - -Name of the Backup Vault. -- Required: Yes -- Type: string - ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `securitySettings` Security settings for the backup vault. + - Required: No - Type: object - Default: `{}` @@ -744,12 +784,14 @@ Security settings for the backup vault. ### Parameter: `tags` Tags of the Recovery Service Vault resource. + - Required: No - Type: object ### Parameter: `type` The vault redundancy level to use. + - Required: No - Type: string - Default: `'GeoRedundant'` diff --git a/modules/data-protection/backup-vault/backup-policy/README.md b/modules/data-protection/backup-vault/backup-policy/README.md index 07cfc9da89..990af9e3de 100644 --- a/modules/data-protection/backup-vault/backup-policy/README.md +++ b/modules/data-protection/backup-vault/backup-policy/README.md @@ -35,12 +35,14 @@ This module deploys a Data Protection Backup Vault Backup Policy. ### Parameter: `backupVaultName` The name of the backup vault. + - Required: Yes - Type: string ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -48,6 +50,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `name` The name of the backup policy. + - Required: No - Type: string - Default: `'DefaultPolicy'` @@ -55,6 +58,7 @@ The name of the backup policy. ### Parameter: `properties` The properties of the backup policy. + - Required: No - Type: object - Default: `{}` diff --git a/modules/databricks/access-connector/README.md b/modules/databricks/access-connector/README.md index 02ebe4193a..ba68a44a37 100644 --- a/modules/databricks/access-connector/README.md +++ b/modules/databricks/access-connector/README.md @@ -310,9 +310,17 @@ module accessConnector 'br:bicep/modules/databricks.access-connector:1.0.0' = { | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignments to create. | | [`tags`](#parameter-tags) | object | Tags of the resource. | +### Parameter: `name` + +The name of the Azure Databricks access connector to create. + +- Required: Yes +- Type: string + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -320,6 +328,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` Location for all Resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -327,26 +336,35 @@ Location for all Resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -354,106 +372,124 @@ Optional. Specify the name of lock. ### Parameter: `managedIdentities` The managed identity definition for this resource. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | No | bool | Optional. Enables system assigned managed identity on the resource. | -| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | No | array | Optional. The resource ID(s) to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | bool | Enables system assigned managed identity on the resource. | +| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. | ### Parameter: `managedIdentities.systemAssigned` -Optional. Enables system assigned managed identity on the resource. +Enables system assigned managed identity on the resource. - Required: No - Type: bool ### Parameter: `managedIdentities.userAssignedResourceIds` -Optional. The resource ID(s) to assign to the resource. +The resource ID(s) to assign to the resource. - Required: No - Type: array -### Parameter: `name` - -The name of the Azure Databricks access connector to create. -- Required: Yes -- Type: string - ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object diff --git a/modules/databricks/workspace/README.md b/modules/databricks/workspace/README.md index a41556f10d..a6502ad9f6 100644 --- a/modules/databricks/workspace/README.md +++ b/modules/databricks/workspace/README.md @@ -619,9 +619,17 @@ module workspace 'br:bicep/modules/databricks.workspace:1.0.0' = { | [`tags`](#parameter-tags) | object | Tags of the resource. | | [`vnetAddressPrefix`](#parameter-vnetaddressprefix) | string | Address prefix for Managed virtual network. | +### Parameter: `name` + +The name of the Azure Databricks workspace to create. + +- Required: Yes +- Type: string + ### Parameter: `amlWorkspaceResourceId` The resource ID of a Azure Machine Learning workspace to link with Databricks workspace. + - Required: No - Type: string - Default: `''` @@ -629,41 +637,48 @@ The resource ID of a Azure Machine Learning workspace to link with Databricks wo ### Parameter: `customerManagedKey` The customer managed key definition to use for the managed service. + - Required: No - Type: object +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`keyName`](#parameter-customermanagedkeykeyname) | Yes | string | Required. The name of the customer managed key to use for encryption. | -| [`keyVaultResourceId`](#parameter-customermanagedkeykeyvaultresourceid) | Yes | string | Required. The resource ID of a key vault to reference a customer managed key for encryption from. | -| [`keyVersion`](#parameter-customermanagedkeykeyversion) | No | string | Optional. The version of the customer managed key to reference for encryption. If not provided, using 'latest'. | -| [`userAssignedIdentityResourceId`](#parameter-customermanagedkeyuserassignedidentityresourceid) | No | string | Optional. User assigned identity to use when fetching the customer managed key. Required if no system assigned identity is available for use. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`keyName`](#parameter-customermanagedkeykeyname) | string | The name of the customer managed key to use for encryption. | +| [`keyVaultResourceId`](#parameter-customermanagedkeykeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`keyVersion`](#parameter-customermanagedkeykeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, using 'latest'. | +| [`userAssignedIdentityResourceId`](#parameter-customermanagedkeyuserassignedidentityresourceid) | string | User assigned identity to use when fetching the customer managed key. Required if no system assigned identity is available for use. | ### Parameter: `customerManagedKey.keyName` -Required. The name of the customer managed key to use for encryption. +The name of the customer managed key to use for encryption. - Required: Yes - Type: string ### Parameter: `customerManagedKey.keyVaultResourceId` -Required. The resource ID of a key vault to reference a customer managed key for encryption from. +The resource ID of a key vault to reference a customer managed key for encryption from. - Required: Yes - Type: string ### Parameter: `customerManagedKey.keyVersion` -Optional. The version of the customer managed key to reference for encryption. If not provided, using 'latest'. +The version of the customer managed key to reference for encryption. If not provided, using 'latest'. - Required: No - Type: string ### Parameter: `customerManagedKey.userAssignedIdentityResourceId` -Optional. User assigned identity to use when fetching the customer managed key. Required if no system assigned identity is available for use. +User assigned identity to use when fetching the customer managed key. Required if no system assigned identity is available for use. - Required: No - Type: string @@ -671,49 +686,56 @@ Optional. User assigned identity to use when fetching the customer managed key. ### Parameter: `customerManagedKeyManagedDisk` The customer managed key definition to use for the managed disk. + - Required: No - Type: object +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`keyName`](#parameter-customermanagedkeymanageddiskkeyname) | string | The name of the customer managed key to use for encryption. | +| [`keyVaultResourceId`](#parameter-customermanagedkeymanageddiskkeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. | + +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`keyName`](#parameter-customermanagedkeymanageddiskkeyname) | Yes | string | Required. The name of the customer managed key to use for encryption. | -| [`keyVaultResourceId`](#parameter-customermanagedkeymanageddiskkeyvaultresourceid) | Yes | string | Required. The resource ID of a key vault to reference a customer managed key for encryption from. | -| [`keyVersion`](#parameter-customermanagedkeymanageddiskkeyversion) | No | string | Optional. The version of the customer managed key to reference for encryption. If not provided, using 'latest'. | -| [`rotationToLatestKeyVersionEnabled`](#parameter-customermanagedkeymanageddiskrotationtolatestkeyversionenabled) | No | bool | Optional. Indicate whether the latest key version should be automatically used for Managed Disk Encryption. Enabled by default. | -| [`userAssignedIdentityResourceId`](#parameter-customermanagedkeymanageddiskuserassignedidentityresourceid) | No | string | Optional. User assigned identity to use when fetching the customer managed key. Required if no system assigned identity is available for use. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`keyVersion`](#parameter-customermanagedkeymanageddiskkeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, using 'latest'. | +| [`rotationToLatestKeyVersionEnabled`](#parameter-customermanagedkeymanageddiskrotationtolatestkeyversionenabled) | bool | Indicate whether the latest key version should be automatically used for Managed Disk Encryption. Enabled by default. | +| [`userAssignedIdentityResourceId`](#parameter-customermanagedkeymanageddiskuserassignedidentityresourceid) | string | User assigned identity to use when fetching the customer managed key. Required if no system assigned identity is available for use. | ### Parameter: `customerManagedKeyManagedDisk.keyName` -Required. The name of the customer managed key to use for encryption. +The name of the customer managed key to use for encryption. - Required: Yes - Type: string ### Parameter: `customerManagedKeyManagedDisk.keyVaultResourceId` -Required. The resource ID of a key vault to reference a customer managed key for encryption from. +The resource ID of a key vault to reference a customer managed key for encryption from. - Required: Yes - Type: string ### Parameter: `customerManagedKeyManagedDisk.keyVersion` -Optional. The version of the customer managed key to reference for encryption. If not provided, using 'latest'. +The version of the customer managed key to reference for encryption. If not provided, using 'latest'. - Required: No - Type: string ### Parameter: `customerManagedKeyManagedDisk.rotationToLatestKeyVersionEnabled` -Optional. Indicate whether the latest key version should be automatically used for Managed Disk Encryption. Enabled by default. +Indicate whether the latest key version should be automatically used for Managed Disk Encryption. Enabled by default. - Required: No - Type: bool ### Parameter: `customerManagedKeyManagedDisk.userAssignedIdentityResourceId` -Optional. User assigned identity to use when fetching the customer managed key. Required if no system assigned identity is available for use. +User assigned identity to use when fetching the customer managed key. Required if no system assigned identity is available for use. - Required: No - Type: string @@ -721,6 +743,7 @@ Optional. User assigned identity to use when fetching the customer managed key. ### Parameter: `customPrivateSubnetName` The name of the Private Subnet within the Virtual Network. + - Required: No - Type: string - Default: `''` @@ -728,6 +751,7 @@ The name of the Private Subnet within the Virtual Network. ### Parameter: `customPublicSubnetName` The name of a Public Subnet within the Virtual Network. + - Required: No - Type: string - Default: `''` @@ -735,6 +759,7 @@ The name of a Public Subnet within the Virtual Network. ### Parameter: `customVirtualNetworkResourceId` The resource ID of a Virtual Network where this Databricks Cluster should be created. + - Required: No - Type: string - Default: `''` @@ -742,94 +767,82 @@ The resource ID of a Virtual Network where this Databricks Cluster should be cre ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -837,6 +850,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `disablePublicIp` Disable Public IP. + - Required: No - Type: bool - Default: `False` @@ -844,6 +858,7 @@ Disable Public IP. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -851,6 +866,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `loadBalancerBackendPoolName` Name of the outbound Load Balancer Backend Pool for Secure Cluster Connectivity (No Public IP). + - Required: No - Type: string - Default: `''` @@ -858,6 +874,7 @@ Name of the outbound Load Balancer Backend Pool for Secure Cluster Connectivity ### Parameter: `loadBalancerResourceId` Resource URI of Outbound Load balancer for Secure Cluster Connectivity (No Public IP) workspace. + - Required: No - Type: string - Default: `''` @@ -865,6 +882,7 @@ Resource URI of Outbound Load balancer for Secure Cluster Connectivity (No Publi ### Parameter: `location` Location for all Resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -872,26 +890,35 @@ Location for all Resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -899,19 +926,15 @@ Optional. Specify the name of lock. ### Parameter: `managedResourceGroupResourceId` The managed resource group ID. It is created by the module as per the to-be resource ID you provide. + - Required: No - Type: string - Default: `''` -### Parameter: `name` - -The name of the Azure Databricks workspace to create. -- Required: Yes -- Type: string - ### Parameter: `natGatewayName` Name of the NAT gateway for Secure Cluster Connectivity (No Public IP) workspace subnets. + - Required: No - Type: string - Default: `''` @@ -919,6 +942,7 @@ Name of the NAT gateway for Secure Cluster Connectivity (No Public IP) workspace ### Parameter: `prepareEncryption` Prepare the workspace for encryption. Enables the Managed Identity for managed storage account. + - Required: No - Type: bool - Default: `False` @@ -926,197 +950,247 @@ Prepare the workspace for encryption. Enables the Managed Identity for managed s ### Parameter: `privateEndpoints` Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | No | array | Optional. Application security groups in which the private endpoint IP configuration is included. | -| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | No | array | Optional. Custom DNS configurations. | -| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | No | string | Optional. The custom name of the network interface attached to the private endpoint. | -| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | No | bool | Optional. Enable/Disable usage telemetry for module. | -| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | No | array | Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | -| [`location`](#parameter-privateendpointslocation) | No | string | Optional. The location to deploy the private endpoint to. | -| [`lock`](#parameter-privateendpointslock) | No | object | Optional. Specify the type of lock. | -| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | No | array | Optional. Manual PrivateLink Service Connections. | -| [`name`](#parameter-privateendpointsname) | No | string | Optional. The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | No | string | Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | -| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | No | array | Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | -| [`roleAssignments`](#parameter-privateendpointsroleassignments) | No | array | Optional. Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | No | string | Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | -| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | Yes | string | Required. Resource ID of the subnet where the endpoint needs to be created. | -| [`tags`](#parameter-privateendpointstags) | No | object | Optional. Tags to be applied on all resources/resource groups in this deployment. | - -### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | string | Resource ID of the subnet where the endpoint needs to be created. | -Optional. Application security groups in which the private endpoint IP configuration is included. +**Optional parameters** -- Required: No -- Type: array +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | array | Application security groups in which the private endpoint IP configuration is included. | +| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | array | Custom DNS configurations. | +| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | +| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | +| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | +| [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | +| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | +| [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | +| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | +| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | +| [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | +| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | +| [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | -### Parameter: `privateEndpoints.customDnsConfigs` +### Parameter: `privateEndpoints.subnetResourceId` -Optional. Custom DNS configurations. +Resource ID of the subnet where the endpoint needs to be created. -- Required: No -- Type: array - -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | No | string | Required. Fqdn that resolves to private endpoint ip address. | -| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | Yes | array | Required. A list of private ip addresses of the private endpoint. | +- Required: Yes +- Type: string -### Parameter: `privateEndpoints.customDnsConfigs.fqdn` +### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` -Required. Fqdn that resolves to private endpoint ip address. +Application security groups in which the private endpoint IP configuration is included. - Required: No -- Type: string +- Type: array -### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` +### Parameter: `privateEndpoints.customDnsConfigs` -Required. A list of private ip addresses of the private endpoint. +Custom DNS configurations. -- Required: Yes +- Required: No - Type: array - ### Parameter: `privateEndpoints.customNetworkInterfaceName` -Optional. The custom name of the network interface attached to the private endpoint. +The custom name of the network interface attached to the private endpoint. - Required: No - Type: string ### Parameter: `privateEndpoints.enableTelemetry` -Optional. Enable/Disable usage telemetry for module. +Enable/Disable usage telemetry for module. - Required: No - Type: bool ### Parameter: `privateEndpoints.ipConfigurations` -Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. +A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`name`](#parameter-privateendpointsipconfigurationsname) | Yes | string | Required. The name of the resource that is unique within a resource group. | -| [`properties`](#parameter-privateendpointsipconfigurationsproperties) | Yes | object | Required. Properties of private endpoint IP configurations. | - -### Parameter: `privateEndpoints.ipConfigurations.name` +### Parameter: `privateEndpoints.location` -Required. The name of the resource that is unique within a resource group. +The location to deploy the private endpoint to. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties` +### Parameter: `privateEndpoints.lock` -Required. Properties of private endpoint IP configurations. +Specify the type of lock. -- Required: Yes +- Required: No - Type: object -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | Yes | string | Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. | -| [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | Yes | string | Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. | -| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | Yes | string | Required. A private ip address obtained from the private endpoint's subnet. | +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-privateendpointslockkind) | string | Specify the type of lock. | +| [`name`](#parameter-privateendpointslockname) | string | Specify the name of lock. | -### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` +### Parameter: `privateEndpoints.lock.kind` -Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. +Specify the type of lock. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` -### Parameter: `privateEndpoints.ipConfigurations.properties.memberName` +### Parameter: `privateEndpoints.lock.name` -Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. +Specify the name of lock. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` +### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` -Required. A private ip address obtained from the private endpoint's subnet. +Manual PrivateLink Service Connections. -- Required: Yes -- Type: string +- Required: No +- Type: array +### Parameter: `privateEndpoints.name` +The name of the private endpoint. -### Parameter: `privateEndpoints.location` +- Required: No +- Type: string -Optional. The location to deploy the private endpoint to. +### Parameter: `privateEndpoints.privateDnsZoneGroupName` + +The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. - Required: No - Type: string -### Parameter: `privateEndpoints.lock` +### Parameter: `privateEndpoints.privateDnsZoneResourceIds` -Optional. Specify the type of lock. +The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. - Required: No -- Type: object +- Type: array -### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` +### Parameter: `privateEndpoints.roleAssignments` -Optional. Manual PrivateLink Service Connections. +Array of role assignments to create. - Required: No - Type: array -### Parameter: `privateEndpoints.name` +**Required parameters** -Optional. The name of the private endpoint. +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-privateendpointsroleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-privateendpointsroleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-privateendpointsroleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-privateendpointsroleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-privateendpointsroleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-privateendpointsroleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-privateendpointsroleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | + +### Parameter: `privateEndpoints.roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.roleAssignments.roleDefinitionIdOrName` + +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.roleAssignments.condition` + +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `privateEndpoints.privateDnsZoneGroupName` +### Parameter: `privateEndpoints.roleAssignments.conditionVersion` -Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `privateEndpoints.privateDnsZoneResourceIds` +### Parameter: `privateEndpoints.roleAssignments.delegatedManagedIdentityResourceId` -Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. +The Resource Id of the delegated managed identity resource. - Required: No -- Type: array +- Type: string -### Parameter: `privateEndpoints.roleAssignments` +### Parameter: `privateEndpoints.roleAssignments.description` -Optional. Array of role assignments to create. +The description of the role assignment. - Required: No -- Type: array +- Type: string -### Parameter: `privateEndpoints.service` +### Parameter: `privateEndpoints.roleAssignments.principalType` -Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". +The principal type of the assigned principal ID. - Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` -### Parameter: `privateEndpoints.subnetResourceId` +### Parameter: `privateEndpoints.service` -Required. Resource ID of the subnet where the endpoint needs to be created. +The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". -- Required: Yes +- Required: No - Type: string ### Parameter: `privateEndpoints.tags` -Optional. Tags to be applied on all resources/resource groups in this deployment. +Tags to be applied on all resources/resource groups in this deployment. - Required: No - Type: object @@ -1124,6 +1198,7 @@ Optional. Tags to be applied on all resources/resource groups in this deployment ### Parameter: `publicIpName` Name of the Public IP for No Public IP workspace with managed vNet. + - Required: No - Type: string - Default: `''` @@ -1131,6 +1206,7 @@ Name of the Public IP for No Public IP workspace with managed vNet. ### Parameter: `publicNetworkAccess` The network access type for accessing workspace. Set value to disabled to access workspace only via private link. + - Required: No - Type: string - Default: `'Enabled'` @@ -1145,6 +1221,7 @@ Name of the Public IP for No Public IP workspace with managed vNet. ### Parameter: `requiredNsgRules` Gets or sets a value indicating whether data plane (clusters) to control plane communication happen over private endpoint. + - Required: No - Type: string - Default: `'AllRules'` @@ -1159,6 +1236,7 @@ Gets or sets a value indicating whether data plane (clusters) to control plane c ### Parameter: `requireInfrastructureEncryption` A boolean indicating whether or not the DBFS root file system will be enabled with secondary layer of encryption with platform managed keys for data at rest. + - Required: No - Type: bool - Default: `False` @@ -1166,74 +1244,96 @@ A boolean indicating whether or not the DBFS root file system will be enabled wi ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `skuName` The pricing tier of workspace. + - Required: No - Type: string - Default: `'premium'` @@ -1249,6 +1349,7 @@ The pricing tier of workspace. ### Parameter: `storageAccountName` Default DBFS storage account name. + - Required: No - Type: string - Default: `''` @@ -1256,6 +1357,7 @@ Default DBFS storage account name. ### Parameter: `storageAccountSkuName` Storage account SKU name. + - Required: No - Type: string - Default: `'Standard_GRS'` @@ -1263,12 +1365,14 @@ Storage account SKU name. ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object ### Parameter: `vnetAddressPrefix` Address prefix for Managed virtual network. + - Required: No - Type: string - Default: `'10.139'` diff --git a/modules/db-for-my-sql/flexible-server/README.md b/modules/db-for-my-sql/flexible-server/README.md index 4d655aab35..bdbfbf4aa1 100644 --- a/modules/db-for-my-sql/flexible-server/README.md +++ b/modules/db-for-my-sql/flexible-server/README.md @@ -639,9 +639,98 @@ module flexibleServer 'br:bicep/modules/db-for-my-sql.flexible-server:1.0.0' = { | [`tags`](#parameter-tags) | object | Tags of the resource. | | [`version`](#parameter-version) | string | MySQL Server version. | +### Parameter: `name` + +The name of the MySQL flexible server. + +- Required: Yes +- Type: string + +### Parameter: `skuName` + +The name of the sku, typically, tier + family + cores, e.g. Standard_D4s_v3. + +- Required: Yes +- Type: string + +### Parameter: `tier` + +The tier of the particular SKU. Tier must align with the "skuName" property. Example, tier cannot be "Burstable" if skuName is "Standard_D4s_v3". + +- Required: Yes +- Type: string +- Allowed: + ```Bicep + [ + 'Burstable' + 'GeneralPurpose' + 'MemoryOptimized' + ] + ``` + +### Parameter: `managedIdentities` + +The managed identity definition for this resource. Required if 'customerManagedKey' is not empty. + +- Required: No +- Type: object + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. | + +### Parameter: `managedIdentities.userAssignedResourceIds` + +The resource ID(s) to assign to the resource. + +- Required: Yes +- Type: array + +### Parameter: `privateDnsZoneResourceId` + +Private dns zone arm resource ID. Used when the desired connectivity mode is "Private Access". Required if "delegatedSubnetResourceId" is used and the Private DNS Zone name must end with mysql.database.azure.com in order to be linked to the MySQL Flexible Server. + +- Required: No +- Type: string +- Default: `''` + +### Parameter: `restorePointInTime` + +Restore point creation time (ISO8601 format), specifying the time to restore from. Required if "createMode" is set to "PointInTimeRestore". + +- Required: No +- Type: string +- Default: `''` + +### Parameter: `sourceServerResourceId` + +The source MySQL server ID. Required if "createMode" is set to "PointInTimeRestore". + +- Required: No +- Type: string +- Default: `''` + +### Parameter: `storageAutoGrow` + +Enable Storage Auto Grow or not. Storage auto-growth prevents a server from running out of storage and becoming read-only. Required if "highAvailability" is not "Disabled". + +- Required: No +- Type: string +- Default: `'Disabled'` +- Allowed: + ```Bicep + [ + 'Disabled' + 'Enabled' + ] + ``` + ### Parameter: `administratorLogin` The administrator login name of a server. Can only be specified when the MySQL server is being created. + - Required: No - Type: string - Default: `''` @@ -649,6 +738,7 @@ The administrator login name of a server. Can only be specified when the MySQL s ### Parameter: `administratorLoginPassword` The administrator login password. + - Required: No - Type: securestring - Default: `''` @@ -656,6 +746,7 @@ The administrator login password. ### Parameter: `administrators` The Azure AD administrators when AAD authentication enabled. + - Required: No - Type: array - Default: `[]` @@ -663,6 +754,7 @@ The Azure AD administrators when AAD authentication enabled. ### Parameter: `availabilityZone` Availability zone information of the server. Default will have no preference set. + - Required: No - Type: string - Default: `''` @@ -679,6 +771,7 @@ Availability zone information of the server. Default will have no preference set ### Parameter: `backupRetentionDays` Backup retention days for the server. + - Required: No - Type: int - Default: `7` @@ -686,6 +779,7 @@ Backup retention days for the server. ### Parameter: `createMode` The mode to create a new MySQL server. + - Required: No - Type: string - Default: `'Default'` @@ -702,90 +796,105 @@ The mode to create a new MySQL server. ### Parameter: `customerManagedKey` The customer managed key definition to use for the managed service. + - Required: No - Type: object +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`keyName`](#parameter-customermanagedkeykeyname) | Yes | string | Required. The name of the customer managed key to use for encryption. | -| [`keyVaultResourceId`](#parameter-customermanagedkeykeyvaultresourceid) | Yes | string | Required. The resource ID of a key vault to reference a customer managed key for encryption from. | -| [`keyVersion`](#parameter-customermanagedkeykeyversion) | No | string | Optional. The version of the customer managed key to reference for encryption. If not provided, using 'latest'. | -| [`userAssignedIdentityResourceId`](#parameter-customermanagedkeyuserassignedidentityresourceid) | Yes | string | Required. User assigned identity to use when fetching the customer managed key. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`keyName`](#parameter-customermanagedkeykeyname) | string | The name of the customer managed key to use for encryption. | +| [`keyVaultResourceId`](#parameter-customermanagedkeykeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. | +| [`userAssignedIdentityResourceId`](#parameter-customermanagedkeyuserassignedidentityresourceid) | string | User assigned identity to use when fetching the customer managed key. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`keyVersion`](#parameter-customermanagedkeykeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, using 'latest'. | ### Parameter: `customerManagedKey.keyName` -Required. The name of the customer managed key to use for encryption. +The name of the customer managed key to use for encryption. - Required: Yes - Type: string ### Parameter: `customerManagedKey.keyVaultResourceId` -Required. The resource ID of a key vault to reference a customer managed key for encryption from. +The resource ID of a key vault to reference a customer managed key for encryption from. - Required: Yes - Type: string -### Parameter: `customerManagedKey.keyVersion` +### Parameter: `customerManagedKey.userAssignedIdentityResourceId` -Optional. The version of the customer managed key to reference for encryption. If not provided, using 'latest'. +User assigned identity to use when fetching the customer managed key. -- Required: No +- Required: Yes - Type: string -### Parameter: `customerManagedKey.userAssignedIdentityResourceId` +### Parameter: `customerManagedKey.keyVersion` -Required. User assigned identity to use when fetching the customer managed key. +The version of the customer managed key to reference for encryption. If not provided, using 'latest'. -- Required: Yes +- Required: No - Type: string ### Parameter: `customerManagedKeyGeo` The customer managed key definition to use when geoRedundantBackup is "Enabled". + - Required: No - Type: object +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`keyName`](#parameter-customermanagedkeygeokeyname) | string | The name of the customer managed key to use for encryption. | +| [`keyVaultResourceId`](#parameter-customermanagedkeygeokeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. | +| [`userAssignedIdentityResourceId`](#parameter-customermanagedkeygeouserassignedidentityresourceid) | string | User assigned identity to use when fetching the customer managed key. | + +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`keyName`](#parameter-customermanagedkeygeokeyname) | Yes | string | Required. The name of the customer managed key to use for encryption. | -| [`keyVaultResourceId`](#parameter-customermanagedkeygeokeyvaultresourceid) | Yes | string | Required. The resource ID of a key vault to reference a customer managed key for encryption from. | -| [`keyVersion`](#parameter-customermanagedkeygeokeyversion) | No | string | Optional. The version of the customer managed key to reference for encryption. If not provided, using 'latest'. | -| [`userAssignedIdentityResourceId`](#parameter-customermanagedkeygeouserassignedidentityresourceid) | Yes | string | Required. User assigned identity to use when fetching the customer managed key. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`keyVersion`](#parameter-customermanagedkeygeokeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, using 'latest'. | ### Parameter: `customerManagedKeyGeo.keyName` -Required. The name of the customer managed key to use for encryption. +The name of the customer managed key to use for encryption. - Required: Yes - Type: string ### Parameter: `customerManagedKeyGeo.keyVaultResourceId` -Required. The resource ID of a key vault to reference a customer managed key for encryption from. +The resource ID of a key vault to reference a customer managed key for encryption from. - Required: Yes - Type: string -### Parameter: `customerManagedKeyGeo.keyVersion` +### Parameter: `customerManagedKeyGeo.userAssignedIdentityResourceId` -Optional. The version of the customer managed key to reference for encryption. If not provided, using 'latest'. +User assigned identity to use when fetching the customer managed key. -- Required: No +- Required: Yes - Type: string -### Parameter: `customerManagedKeyGeo.userAssignedIdentityResourceId` +### Parameter: `customerManagedKeyGeo.keyVersion` -Required. User assigned identity to use when fetching the customer managed key. +The version of the customer managed key to reference for encryption. If not provided, using 'latest'. -- Required: Yes +- Required: No - Type: string ### Parameter: `databases` The databases to create in the server. + - Required: No - Type: array - Default: `[]` @@ -793,6 +902,7 @@ The databases to create in the server. ### Parameter: `delegatedSubnetResourceId` Delegated subnet arm resource ID. Used when the desired connectivity mode is "Private Access" - virtual network integration. Delegation must be enabled on the subnet for MySQL Flexible Servers and subnet CIDR size is /29. + - Required: No - Type: string - Default: `''` @@ -800,114 +910,90 @@ Delegated subnet arm resource ID. Used when the desired connectivity mode is "Pr ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.metricCategories` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | - -### Parameter: `diagnosticSettings.metricCategories.category` - -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. - -- Required: Yes -- Type: string - - ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -915,6 +1001,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -922,6 +1009,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `firewallRules` The firewall rules to create in the MySQL flexible server. + - Required: No - Type: array - Default: `[]` @@ -929,6 +1017,7 @@ The firewall rules to create in the MySQL flexible server. ### Parameter: `geoRedundantBackup` A value indicating whether Geo-Redundant backup is enabled on the server. If "Enabled" and "cMKKeyName" is not empty, then "geoBackupCMKKeyVaultResourceId" and "cMKUserAssignedIdentityResourceId" are also required. + - Required: No - Type: string - Default: `'Disabled'` @@ -943,6 +1032,7 @@ A value indicating whether Geo-Redundant backup is enabled on the server. If "En ### Parameter: `highAvailability` The mode for High Availability (HA). It is not supported for the Burstable pricing tier and Zone redundant HA can only be set during server provisioning. + - Required: No - Type: string - Default: `'Disabled'` @@ -958,6 +1048,7 @@ The mode for High Availability (HA). It is not supported for the Burstable prici ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -965,26 +1056,35 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -992,44 +1092,15 @@ Optional. Specify the name of lock. ### Parameter: `maintenanceWindow` Properties for the maintenence window. If provided, "customWindow" property must exist and set to "Enabled". -- Required: No -- Type: object -- Default: `{}` - -### Parameter: `managedIdentities` -The managed identity definition for this resource. Required if 'customerManagedKey' is not empty. - Required: No - Type: object - - -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | Yes | array | Optional. The resource ID(s) to assign to the resource. | - -### Parameter: `managedIdentities.userAssignedResourceIds` - -Optional. The resource ID(s) to assign to the resource. - -- Required: Yes -- Type: array - -### Parameter: `name` - -The name of the MySQL flexible server. -- Required: Yes -- Type: string - -### Parameter: `privateDnsZoneResourceId` - -Private dns zone arm resource ID. Used when the desired connectivity mode is "Private Access". Required if "delegatedSubnetResourceId" is used and the Private DNS Zone name must end with mysql.database.azure.com in order to be linked to the MySQL Flexible Server. -- Required: No -- Type: string -- Default: `''` +- Default: `{}` ### Parameter: `replicationRole` The replication role. + - Required: No - Type: string - Default: `'None'` @@ -1042,111 +1113,99 @@ The replication role. ] ``` -### Parameter: `restorePointInTime` - -Restore point creation time (ISO8601 format), specifying the time to restore from. Required if "createMode" is set to "PointInTimeRestore". -- Required: No -- Type: string -- Default: `''` - ### Parameter: `roleAssignments` Array of role assignment objects that contain the "roleDefinitionIdOrName" and "principalId" to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11". + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | - -### Parameter: `roleAssignments.condition` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +**Optional parameters** -- Required: No -- Type: string +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.principalId` -Optional. Version of the condition. +The principal ID of the principal (user/group/identity) to assign the role to. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. The Resource Id of the delegated managed identity resource. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.condition` -Optional. The description of the role assignment. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.principalId` - -Required. The principal ID of the principal (user/group/identity) to assign the role to. - -- Required: Yes -- Type: string - -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.conditionVersion` -Optional. The principal type of the assigned principal ID. +Version of the condition. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `skuName` - -The name of the sku, typically, tier + family + cores, e.g. Standard_D4s_v3. -- Required: Yes -- Type: string +### Parameter: `roleAssignments.description` -### Parameter: `sourceServerResourceId` +The description of the role assignment. -The source MySQL server ID. Required if "createMode" is set to "PointInTimeRestore". - Required: No - Type: string -- Default: `''` -### Parameter: `storageAutoGrow` +### Parameter: `roleAssignments.principalType` + +The principal type of the assigned principal ID. -Enable Storage Auto Grow or not. Storage auto-growth prevents a server from running out of storage and becoming read-only. Required if "highAvailability" is not "Disabled". - Required: No - Type: string -- Default: `'Disabled'` - Allowed: ```Bicep [ - 'Disabled' - 'Enabled' + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' ] ``` ### Parameter: `storageAutoIoScaling` Enable IO Auto Scaling or not. The server scales IOPs up or down automatically depending on your workload needs. + - Required: No - Type: string - Default: `'Disabled'` @@ -1161,6 +1220,7 @@ Enable IO Auto Scaling or not. The server scales IOPs up or down automatically d ### Parameter: `storageIOPS` Storage IOPS for a server. Max IOPS are determined by compute size. + - Required: No - Type: int - Default: `1000` @@ -1168,6 +1228,7 @@ Storage IOPS for a server. Max IOPS are determined by compute size. ### Parameter: `storageSizeGB` Max storage allowed for a server. In all compute tiers, the minimum storage supported is 20 GiB and maximum is 16 TiB. + - Required: No - Type: int - Default: `64` @@ -1191,26 +1252,14 @@ Max storage allowed for a server. In all compute tiers, the minimum storage supp ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object -### Parameter: `tier` - -The tier of the particular SKU. Tier must align with the "skuName" property. Example, tier cannot be "Burstable" if skuName is "Standard_D4s_v3". -- Required: Yes -- Type: string -- Allowed: - ```Bicep - [ - 'Burstable' - 'GeneralPurpose' - 'MemoryOptimized' - ] - ``` - ### Parameter: `version` MySQL Server version. + - Required: No - Type: string - Default: `'5.7'` diff --git a/modules/db-for-my-sql/flexible-server/administrator/README.md b/modules/db-for-my-sql/flexible-server/administrator/README.md index 247e680d29..827b434ef7 100644 --- a/modules/db-for-my-sql/flexible-server/administrator/README.md +++ b/modules/db-for-my-sql/flexible-server/administrator/README.md @@ -39,47 +39,54 @@ This module deploys a DBforMySQL Flexible Server Administrator. | [`location`](#parameter-location) | string | Location for all resources. | | [`tenantId`](#parameter-tenantid) | string | The tenantId of the Active Directory administrator. | -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` +### Parameter: `identityResourceId` -### Parameter: `flexibleServerName` +The resource ID of the identity used for AAD Authentication. -The name of the parent DBforMySQL flexible server. Required if the template is used in a standalone deployment. - Required: Yes - Type: string -### Parameter: `identityResourceId` +### Parameter: `login` + +Login name of the server administrator. -The resource ID of the identity used for AAD Authentication. - Required: Yes - Type: string -### Parameter: `location` +### Parameter: `sid` -Location for all resources. -- Required: No +SID (object ID) of the server administrator. + +- Required: Yes - Type: string -- Default: `[resourceGroup().location]` -### Parameter: `login` +### Parameter: `flexibleServerName` + +The name of the parent DBforMySQL flexible server. Required if the template is used in a standalone deployment. -Login name of the server administrator. - Required: Yes - Type: string -### Parameter: `sid` +### Parameter: `enableDefaultTelemetry` -SID (object ID) of the server administrator. -- Required: Yes +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location for all resources. + +- Required: No - Type: string +- Default: `[resourceGroup().location]` ### Parameter: `tenantId` The tenantId of the Active Directory administrator. + - Required: No - Type: string - Default: `[tenant().tenantId]` diff --git a/modules/db-for-my-sql/flexible-server/database/README.md b/modules/db-for-my-sql/flexible-server/database/README.md index f2cced0ae4..4bcb034a0b 100644 --- a/modules/db-for-my-sql/flexible-server/database/README.md +++ b/modules/db-for-my-sql/flexible-server/database/README.md @@ -38,9 +38,24 @@ This module deploys a DBforMySQL Flexible Server Database. | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`location`](#parameter-location) | string | Location for all resources. | +### Parameter: `name` + +The name of the database. + +- Required: Yes +- Type: string + +### Parameter: `flexibleServerName` + +The name of the parent MySQL flexible server. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `charset` The charset of the database. + - Required: No - Type: string - Default: `'utf8_general_ci'` @@ -48,6 +63,7 @@ The charset of the database. ### Parameter: `collation` The collation of the database. + - Required: No - Type: string - Default: `'utf8'` @@ -55,29 +71,19 @@ The collation of the database. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` -### Parameter: `flexibleServerName` - -The name of the parent MySQL flexible server. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` -### Parameter: `name` - -The name of the database. -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/db-for-my-sql/flexible-server/firewall-rule/README.md b/modules/db-for-my-sql/flexible-server/firewall-rule/README.md index ee7be0779a..593969aa25 100644 --- a/modules/db-for-my-sql/flexible-server/firewall-rule/README.md +++ b/modules/db-for-my-sql/flexible-server/firewall-rule/README.md @@ -37,37 +37,42 @@ This module deploys a DBforMySQL Flexible Server Firewall Rule. | :-- | :-- | :-- | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` - ### Parameter: `endIpAddress` The end IP address of the firewall rule. Must be IPv4 format. Must be greater than or equal to startIpAddress. Use value '0.0.0.0' for all Azure-internal IP addresses. -- Required: Yes -- Type: string - -### Parameter: `flexibleServerName` -The name of the parent MySQL flexible server. Required if the template is used in a standalone deployment. - Required: Yes - Type: string ### Parameter: `name` The name of the MySQL flexible server Firewall Rule. + - Required: Yes - Type: string ### Parameter: `startIpAddress` The start IP address of the firewall rule. Must be IPv4 format. Use value '0.0.0.0' for all Azure-internal IP addresses. + - Required: Yes - Type: string +### Parameter: `flexibleServerName` + +The name of the parent MySQL flexible server. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` + ## Outputs diff --git a/modules/db-for-postgre-sql/flexible-server/README.md b/modules/db-for-postgre-sql/flexible-server/README.md index 30ebf9dba0..eb3ff48630 100644 --- a/modules/db-for-postgre-sql/flexible-server/README.md +++ b/modules/db-for-postgre-sql/flexible-server/README.md @@ -549,9 +549,75 @@ module flexibleServer 'br:bicep/modules/db-for-postgre-sql.flexible-server:1.0.0 | [`tenantId`](#parameter-tenantid) | string | Tenant id of the server. | | [`version`](#parameter-version) | string | PostgreSQL Server version. | +### Parameter: `name` + +The name of the PostgreSQL flexible server. + +- Required: Yes +- Type: string + +### Parameter: `skuName` + +The name of the sku, typically, tier + family + cores, e.g. Standard_D4s_v3. + +- Required: Yes +- Type: string + +### Parameter: `tier` + +The tier of the particular SKU. Tier must align with the "skuName" property. Example, tier cannot be "Burstable" if skuName is "Standard_D4s_v3". + +- Required: Yes +- Type: string +- Allowed: + ```Bicep + [ + 'Burstable' + 'GeneralPurpose' + 'MemoryOptimized' + ] + ``` + +### Parameter: `managedIdentities` + +The managed identity definition for this resource. Required if 'cMKKeyName' is not empty. + +- Required: No +- Type: object + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. | + +### Parameter: `managedIdentities.userAssignedResourceIds` + +The resource ID(s) to assign to the resource. + +- Required: Yes +- Type: array + +### Parameter: `pointInTimeUTC` + +Required if "createMode" is set to "PointInTimeRestore". + +- Required: No +- Type: string +- Default: `''` + +### Parameter: `sourceServerResourceId` + +Required if "createMode" is set to "PointInTimeRestore". + +- Required: No +- Type: string +- Default: `''` + ### Parameter: `activeDirectoryAuth` If Enabled, Azure Active Directory authentication is enabled. + - Required: No - Type: string - Default: `'Enabled'` @@ -566,6 +632,7 @@ If Enabled, Azure Active Directory authentication is enabled. ### Parameter: `administratorLogin` The administrator login name of a server. Can only be specified when the PostgreSQL server is being created. + - Required: No - Type: string - Default: `''` @@ -573,6 +640,7 @@ The administrator login name of a server. Can only be specified when the Postgre ### Parameter: `administratorLoginPassword` The administrator login password. + - Required: No - Type: securestring - Default: `''` @@ -580,6 +648,7 @@ The administrator login password. ### Parameter: `administrators` The Azure AD administrators when AAD authentication enabled. + - Required: No - Type: array - Default: `[]` @@ -587,6 +656,7 @@ The Azure AD administrators when AAD authentication enabled. ### Parameter: `availabilityZone` Availability zone information of the server. Default will have no preference set. + - Required: No - Type: string - Default: `''` @@ -603,6 +673,7 @@ Availability zone information of the server. Default will have no preference set ### Parameter: `backupRetentionDays` Backup retention days for the server. + - Required: No - Type: int - Default: `7` @@ -610,6 +681,7 @@ Backup retention days for the server. ### Parameter: `configurations` The configurations to create in the server. + - Required: No - Type: array - Default: `[]` @@ -617,6 +689,7 @@ The configurations to create in the server. ### Parameter: `createMode` The mode to create a new PostgreSQL server. + - Required: No - Type: string - Default: `'Default'` @@ -633,48 +706,56 @@ The mode to create a new PostgreSQL server. ### Parameter: `customerManagedKey` The customer managed key definition. + - Required: No - Type: object +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`keyName`](#parameter-customermanagedkeykeyname) | Yes | string | Required. The name of the customer managed key to use for encryption. | -| [`keyVaultResourceId`](#parameter-customermanagedkeykeyvaultresourceid) | Yes | string | Required. The resource ID of a key vault to reference a customer managed key for encryption from. | -| [`keyVersion`](#parameter-customermanagedkeykeyversion) | No | string | Optional. The version of the customer managed key to reference for encryption. If not provided, using 'latest'. | -| [`userAssignedIdentityResourceId`](#parameter-customermanagedkeyuserassignedidentityresourceid) | Yes | string | Required. User assigned identity to use when fetching the customer managed key. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`keyName`](#parameter-customermanagedkeykeyname) | string | The name of the customer managed key to use for encryption. | +| [`keyVaultResourceId`](#parameter-customermanagedkeykeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. | +| [`userAssignedIdentityResourceId`](#parameter-customermanagedkeyuserassignedidentityresourceid) | string | User assigned identity to use when fetching the customer managed key. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`keyVersion`](#parameter-customermanagedkeykeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, using 'latest'. | ### Parameter: `customerManagedKey.keyName` -Required. The name of the customer managed key to use for encryption. +The name of the customer managed key to use for encryption. - Required: Yes - Type: string ### Parameter: `customerManagedKey.keyVaultResourceId` -Required. The resource ID of a key vault to reference a customer managed key for encryption from. +The resource ID of a key vault to reference a customer managed key for encryption from. - Required: Yes - Type: string -### Parameter: `customerManagedKey.keyVersion` +### Parameter: `customerManagedKey.userAssignedIdentityResourceId` -Optional. The version of the customer managed key to reference for encryption. If not provided, using 'latest'. +User assigned identity to use when fetching the customer managed key. -- Required: No +- Required: Yes - Type: string -### Parameter: `customerManagedKey.userAssignedIdentityResourceId` +### Parameter: `customerManagedKey.keyVersion` -Required. User assigned identity to use when fetching the customer managed key. +The version of the customer managed key to reference for encryption. If not provided, using 'latest'. -- Required: Yes +- Required: No - Type: string ### Parameter: `databases` The databases to create in the server. + - Required: No - Type: array - Default: `[]` @@ -682,6 +763,7 @@ The databases to create in the server. ### Parameter: `delegatedSubnetResourceId` Delegated subnet arm resource ID. Used when the desired connectivity mode is "Private Access" - virtual network integration. + - Required: No - Type: string - Default: `''` @@ -689,114 +771,90 @@ Delegated subnet arm resource ID. Used when the desired connectivity mode is "Pr ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.metricCategories` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | - -### Parameter: `diagnosticSettings.metricCategories.category` - -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. - -- Required: Yes -- Type: string - - ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -804,6 +862,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -811,6 +870,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `firewallRules` The firewall rules to create in the PostgreSQL flexible server. + - Required: No - Type: array - Default: `[]` @@ -818,6 +878,7 @@ The firewall rules to create in the PostgreSQL flexible server. ### Parameter: `geoRedundantBackup` A value indicating whether Geo-Redundant backup is enabled on the server. Should be left disabled if 'cMKKeyName' is not empty. + - Required: No - Type: string - Default: `'Disabled'` @@ -832,6 +893,7 @@ A value indicating whether Geo-Redundant backup is enabled on the server. Should ### Parameter: `highAvailability` The mode for high availability. + - Required: No - Type: string - Default: `'Disabled'` @@ -847,6 +909,7 @@ The mode for high availability. ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -854,26 +917,35 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -881,37 +953,15 @@ Optional. Specify the name of lock. ### Parameter: `maintenanceWindow` Properties for the maintenence window. If provided, "customWindow" property must exist and set to "Enabled". -- Required: No -- Type: object -- Default: `{}` - -### Parameter: `managedIdentities` -The managed identity definition for this resource. Required if 'cMKKeyName' is not empty. - Required: No - Type: object - - -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | Yes | array | Optional. The resource ID(s) to assign to the resource. | - -### Parameter: `managedIdentities.userAssignedResourceIds` - -Optional. The resource ID(s) to assign to the resource. - -- Required: Yes -- Type: array - -### Parameter: `name` - -The name of the PostgreSQL flexible server. -- Required: Yes -- Type: string +- Default: `{}` ### Parameter: `passwordAuth` If Enabled, password authentication is enabled. + - Required: No - Type: string - Default: `'Disabled'` @@ -923,16 +973,10 @@ If Enabled, password authentication is enabled. ] ``` -### Parameter: `pointInTimeUTC` - -Required if "createMode" is set to "PointInTimeRestore". -- Required: No -- Type: string -- Default: `''` - ### Parameter: `privateDnsZoneArmResourceId` Private dns zone arm resource ID. Used when the desired connectivity mode is "Private Access" and required when "delegatedSubnetResourceId" is used. The Private DNS Zone must be lined to the Virtual Network referenced in "delegatedSubnetResourceId". + - Required: No - Type: string - Default: `''` @@ -940,87 +984,96 @@ Private dns zone arm resource ID. Used when the desired connectivity mode is "Pr ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | - -### Parameter: `roleAssignments.condition` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +**Optional parameters** -- Required: No -- Type: string +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.principalId` -Optional. Version of the condition. +The principal ID of the principal (user/group/identity) to assign the role to. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. The Resource Id of the delegated managed identity resource. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.condition` -Optional. The description of the role assignment. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.conditionVersion` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +Version of the condition. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Optional. The principal type of the assigned principal ID. +The Resource Id of the delegated managed identity resource. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.description` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The description of the role assignment. -- Required: Yes +- Required: No - Type: string -### Parameter: `skuName` - -The name of the sku, typically, tier + family + cores, e.g. Standard_D4s_v3. -- Required: Yes -- Type: string +### Parameter: `roleAssignments.principalType` -### Parameter: `sourceServerResourceId` +The principal type of the assigned principal ID. -Required if "createMode" is set to "PointInTimeRestore". - Required: No - Type: string -- Default: `''` +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `storageSizeGB` Max storage allowed for a server. + - Required: No - Type: int - Default: `32` @@ -1043,33 +1096,22 @@ Max storage allowed for a server. ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object ### Parameter: `tenantId` Tenant id of the server. + - Required: No - Type: string - Default: `''` -### Parameter: `tier` - -The tier of the particular SKU. Tier must align with the "skuName" property. Example, tier cannot be "Burstable" if skuName is "Standard_D4s_v3". -- Required: Yes -- Type: string -- Allowed: - ```Bicep - [ - 'Burstable' - 'GeneralPurpose' - 'MemoryOptimized' - ] - ``` - ### Parameter: `version` PostgreSQL Server version. + - Required: No - Type: string - Default: `'15'` diff --git a/modules/db-for-postgre-sql/flexible-server/administrator/README.md b/modules/db-for-postgre-sql/flexible-server/administrator/README.md index 3c95a48a9c..c0f2f4352f 100644 --- a/modules/db-for-postgre-sql/flexible-server/administrator/README.md +++ b/modules/db-for-postgre-sql/flexible-server/administrator/README.md @@ -39,41 +39,24 @@ This module deploys a DBforPostgreSQL Flexible Server Administrator. | [`location`](#parameter-location) | string | Location for all resources. | | [`tenantId`](#parameter-tenantid) | string | The tenantId of the Active Directory administrator. | -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` - -### Parameter: `flexibleServerName` - -The name of the parent PostgreSQL flexible server. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - -### Parameter: `location` - -Location for all resources. -- Required: No -- Type: string -- Default: `[resourceGroup().location]` - ### Parameter: `objectId` The objectId of the Active Directory administrator. + - Required: Yes - Type: string ### Parameter: `principalName` Active Directory administrator principal name. + - Required: Yes - Type: string ### Parameter: `principalType` The principal type used to represent the type of Active Directory Administrator. + - Required: Yes - Type: string - Allowed: @@ -86,9 +69,33 @@ The principal type used to represent the type of Active Directory Administrator. ] ``` +### Parameter: `flexibleServerName` + +The name of the parent PostgreSQL flexible server. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location for all resources. + +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + ### Parameter: `tenantId` The tenantId of the Active Directory administrator. + - Required: No - Type: string - Default: `[tenant().tenantId]` diff --git a/modules/db-for-postgre-sql/flexible-server/configuration/README.md b/modules/db-for-postgre-sql/flexible-server/configuration/README.md index d156b0635a..fc940f2120 100644 --- a/modules/db-for-postgre-sql/flexible-server/configuration/README.md +++ b/modules/db-for-postgre-sql/flexible-server/configuration/README.md @@ -38,35 +38,40 @@ This module deploys a DBforPostgreSQL Flexible Server Configuration. | [`source`](#parameter-source) | string | Source of the configuration. | | [`value`](#parameter-value) | string | Value of the configuration. | -### Parameter: `enableDefaultTelemetry` +### Parameter: `name` -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` +The name of the configuration. + +- Required: Yes +- Type: string ### Parameter: `flexibleServerName` The name of the parent PostgreSQL flexible server. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` + ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` -### Parameter: `name` - -The name of the configuration. -- Required: Yes -- Type: string - ### Parameter: `source` Source of the configuration. + - Required: No - Type: string - Default: `''` @@ -74,6 +79,7 @@ Source of the configuration. ### Parameter: `value` Value of the configuration. + - Required: No - Type: string - Default: `''` diff --git a/modules/db-for-postgre-sql/flexible-server/database/README.md b/modules/db-for-postgre-sql/flexible-server/database/README.md index 57ba0b45a5..7e2b9c3c0d 100644 --- a/modules/db-for-postgre-sql/flexible-server/database/README.md +++ b/modules/db-for-postgre-sql/flexible-server/database/README.md @@ -38,9 +38,24 @@ This module deploys a DBforPostgreSQL Flexible Server Database. | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`location`](#parameter-location) | string | Location for all resources. | +### Parameter: `name` + +The name of the database. + +- Required: Yes +- Type: string + +### Parameter: `flexibleServerName` + +The name of the parent PostgreSQL flexible server. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `charset` The charset of the database. + - Required: No - Type: string - Default: `''` @@ -48,6 +63,7 @@ The charset of the database. ### Parameter: `collation` The collation of the database. + - Required: No - Type: string - Default: `''` @@ -55,29 +71,19 @@ The collation of the database. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` -### Parameter: `flexibleServerName` - -The name of the parent PostgreSQL flexible server. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` -### Parameter: `name` - -The name of the database. -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/db-for-postgre-sql/flexible-server/firewall-rule/README.md b/modules/db-for-postgre-sql/flexible-server/firewall-rule/README.md index de0f21fadf..db3b0df266 100644 --- a/modules/db-for-postgre-sql/flexible-server/firewall-rule/README.md +++ b/modules/db-for-postgre-sql/flexible-server/firewall-rule/README.md @@ -37,37 +37,42 @@ This module deploys a DBforPostgreSQL Flexible Server Firewall Rule. | :-- | :-- | :-- | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` - ### Parameter: `endIpAddress` The end IP address of the firewall rule. Must be IPv4 format. Must be greater than or equal to startIpAddress. Use value '0.0.0.0' for all Azure-internal IP addresses. -- Required: Yes -- Type: string - -### Parameter: `flexibleServerName` -The name of the parent PostgreSQL flexible server. Required if the template is used in a standalone deployment. - Required: Yes - Type: string ### Parameter: `name` The name of the PostgreSQL flexible server Firewall Rule. + - Required: Yes - Type: string ### Parameter: `startIpAddress` The start IP address of the firewall rule. Must be IPv4 format. Use value '0.0.0.0' for all Azure-internal IP addresses. + - Required: Yes - Type: string +### Parameter: `flexibleServerName` + +The name of the parent PostgreSQL flexible server. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` + ## Outputs diff --git a/modules/desktop-virtualization/application-group/README.md b/modules/desktop-virtualization/application-group/README.md index 0c3b211b08..2a1f26658b 100644 --- a/modules/desktop-virtualization/application-group/README.md +++ b/modules/desktop-virtualization/application-group/README.md @@ -448,6 +448,7 @@ module applicationGroup 'br:bicep/modules/desktop-virtualization.application-gro ### Parameter: `applicationGroupType` The type of the Application Group to be created. Allowed values: RemoteApp or Desktop. + - Required: Yes - Type: string - Allowed: @@ -458,9 +459,24 @@ The type of the Application Group to be created. Allowed values: RemoteApp or De ] ``` +### Parameter: `hostpoolName` + +Name of the Host Pool to be linked to this Application Group. + +- Required: Yes +- Type: string + +### Parameter: `name` + +Name of the Application Group to create this application in. + +- Required: Yes +- Type: string + ### Parameter: `applications` List of applications to be created in the Application Group. + - Required: No - Type: array - Default: `[]` @@ -468,6 +484,7 @@ List of applications to be created in the Application Group. ### Parameter: `description` The description of the Application Group to be created. + - Required: No - Type: string - Default: `''` @@ -475,94 +492,82 @@ The description of the Application Group to be created. ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -570,6 +575,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -577,19 +583,15 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `friendlyName` The friendly name of the Application Group to be created. + - Required: No - Type: string - Default: `''` -### Parameter: `hostpoolName` - -Name of the Host Pool to be linked to this Application Group. -- Required: Yes -- Type: string - ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -597,107 +599,132 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string -### Parameter: `name` - -Name of the Application Group to create this application in. -- Required: Yes -- Type: string - ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + - Required: No - Type: array +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | +**Optional parameters** -### Parameter: `roleAssignments.condition` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +### Parameter: `roleAssignments.principalId` -- Required: No +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object diff --git a/modules/desktop-virtualization/application-group/application/README.md b/modules/desktop-virtualization/application-group/application/README.md index 61b2562dac..816f676251 100644 --- a/modules/desktop-virtualization/application-group/application/README.md +++ b/modules/desktop-virtualization/application-group/application/README.md @@ -43,15 +43,38 @@ This module deploys an Azure Virtual Desktop (AVD) Application Group Application | [`iconPath`](#parameter-iconpath) | string | Path to icon. | | [`showInPortal`](#parameter-showinportal) | bool | Specifies whether to show the RemoteApp program in the RD Web Access server. | +### Parameter: `filePath` + +Specifies a path for the executable file for the application. + +- Required: Yes +- Type: string + +### Parameter: `friendlyName` + +Friendly name of Application.. + +- Required: Yes +- Type: string + +### Parameter: `name` + +Name of the Application to be created in the Application Group. + +- Required: Yes +- Type: string + ### Parameter: `appGroupName` The name of the parent Application Group to create the application(s) in. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string ### Parameter: `commandLineArguments` Command-Line Arguments for Application. + - Required: No - Type: string - Default: `''` @@ -59,6 +82,7 @@ Command-Line Arguments for Application. ### Parameter: `commandLineSetting` Specifies whether this published application can be launched with command-line arguments provided by the client, command-line arguments specified at publish time, or no command-line arguments at all. + - Required: No - Type: string - Default: `'DoNotAllow'` @@ -74,6 +98,7 @@ Specifies whether this published application can be launched with command-line a ### Parameter: `description` Description of Application.. + - Required: No - Type: string - Default: `''` @@ -81,25 +106,15 @@ Description of Application.. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` -### Parameter: `filePath` - -Specifies a path for the executable file for the application. -- Required: Yes -- Type: string - -### Parameter: `friendlyName` - -Friendly name of Application.. -- Required: Yes -- Type: string - ### Parameter: `iconIndex` Index of the icon. + - Required: No - Type: int - Default: `0` @@ -107,19 +122,15 @@ Index of the icon. ### Parameter: `iconPath` Path to icon. + - Required: No - Type: string - Default: `''` -### Parameter: `name` - -Name of the Application to be created in the Application Group. -- Required: Yes -- Type: string - ### Parameter: `showInPortal` Specifies whether to show the RemoteApp program in the RD Web Access server. + - Required: No - Type: bool - Default: `False` diff --git a/modules/desktop-virtualization/host-pool/README.md b/modules/desktop-virtualization/host-pool/README.md index 5e3c70c4fb..38c5d530d4 100644 --- a/modules/desktop-virtualization/host-pool/README.md +++ b/modules/desktop-virtualization/host-pool/README.md @@ -545,9 +545,17 @@ module hostPool 'br:bicep/modules/desktop-virtualization.host-pool:1.0.0' = { | :-- | :-- | :-- | | [`baseTime`](#parameter-basetime) | string | Do not provide a value! This date value is used to generate a registration token. | +### Parameter: `name` + +Name of the Host Pool. + +- Required: Yes +- Type: string + ### Parameter: `agentUpdate` The session host configuration for updating agent, monitoring agent, and stack component. + - Required: No - Type: object - Default: @@ -563,6 +571,7 @@ The session host configuration for updating agent, monitoring agent, and stack c ### Parameter: `agentUpdateMaintenanceWindowDayOfWeek` Update day for scheduled agent updates. + - Required: No - Type: string - Default: `'Sunday'` @@ -582,6 +591,7 @@ Update day for scheduled agent updates. ### Parameter: `agentUpdateMaintenanceWindowHour` Update hour for scheduled agent updates. + - Required: No - Type: int - Default: `22` @@ -589,6 +599,7 @@ Update hour for scheduled agent updates. ### Parameter: `agentUpdateMaintenanceWindows` List of maintenance windows for scheduled agent updates. + - Required: No - Type: array - Default: @@ -604,6 +615,7 @@ List of maintenance windows for scheduled agent updates. ### Parameter: `agentUpdateMaintenanceWindowTimeZone` Time zone for scheduled agent updates. + - Required: No - Type: string - Default: `'Central Standard Time'` @@ -611,6 +623,7 @@ Time zone for scheduled agent updates. ### Parameter: `agentUpdateType` Enable scheduled agent updates, Default means agent updates will automatically be installed by AVD when they become available. + - Required: No - Type: string - Default: `'Default'` @@ -625,20 +638,15 @@ Enable scheduled agent updates, Default means agent updates will automatically b ### Parameter: `agentUpdateUseSessionHostLocalTime` Whether to use localTime of the virtual machine for scheduled agent updates. + - Required: No - Type: bool - Default: `False` -### Parameter: `baseTime` - -Do not provide a value! This date value is used to generate a registration token. -- Required: No -- Type: string -- Default: `[utcNow('u')]` - ### Parameter: `customRdpProperty` Host Pool RDP properties. + - Required: No - Type: string - Default: `'audiocapturemode:i:1;audiomode:i:0;drivestoredirect:s:;redirectclipboard:i:1;redirectcomports:i:1;redirectprinters:i:1;redirectsmartcards:i:1;screen mode id:i:2;'` @@ -646,6 +654,7 @@ Host Pool RDP properties. ### Parameter: `description` The description of the Host Pool to be created. + - Required: No - Type: string - Default: `''` @@ -653,94 +662,82 @@ The description of the Host Pool to be created. ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -748,6 +745,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -755,6 +753,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `friendlyName` The friendly name of the Host Pool to be created. + - Required: No - Type: string - Default: `''` @@ -762,6 +761,7 @@ The friendly name of the Host Pool to be created. ### Parameter: `loadBalancerType` Type of load balancer algorithm. + - Required: No - Type: string - Default: `'BreadthFirst'` @@ -777,6 +777,7 @@ Type of load balancer algorithm. ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -784,26 +785,35 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -811,19 +821,15 @@ Optional. Specify the name of lock. ### Parameter: `maxSessionLimit` Maximum number of sessions. + - Required: No - Type: int - Default: `99999` -### Parameter: `name` - -Name of the Host Pool. -- Required: Yes -- Type: string - ### Parameter: `personalDesktopAssignmentType` Set the type of assignment for a Personal Host Pool type. + - Required: No - Type: string - Default: `''` @@ -839,6 +845,7 @@ Set the type of assignment for a Personal Host Pool type. ### Parameter: `preferredAppGroupType` The type of preferred application group type, default to Desktop Application Group. + - Required: No - Type: string - Default: `'Desktop'` @@ -854,6 +861,7 @@ The type of preferred application group type, default to Desktop Application Gro ### Parameter: `ring` The ring number of HostPool. + - Required: No - Type: int - Default: `-1` @@ -861,74 +869,96 @@ The ring number of HostPool. ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + - Required: No - Type: array +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | + +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -### Parameter: `roleAssignments.condition` +### Parameter: `roleAssignments.principalId` -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +The principal ID of the principal (user/group/identity) to assign the role to. -- Required: No +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `ssoadfsAuthority` URL to customer ADFS server for signing WVD SSO certificates. + - Required: No - Type: string - Default: `''` @@ -936,6 +966,7 @@ URL to customer ADFS server for signing WVD SSO certificates. ### Parameter: `ssoClientId` ClientId for the registered Relying Party used to issue WVD SSO certificates. + - Required: No - Type: string - Default: `''` @@ -943,6 +974,7 @@ ClientId for the registered Relying Party used to issue WVD SSO certificates. ### Parameter: `ssoClientSecretKeyVaultPath` Path to Azure KeyVault storing the secret used for communication to ADFS. + - Required: No - Type: string - Default: `''` @@ -950,6 +982,7 @@ Path to Azure KeyVault storing the secret used for communication to ADFS. ### Parameter: `ssoSecretType` The type of single sign on Secret Type. + - Required: No - Type: string - Default: `''` @@ -967,6 +1000,7 @@ The type of single sign on Secret Type. ### Parameter: `startVMOnConnect` Enable Start VM on connect to allow users to start the virtual machine from a deallocated state. Important: Custom RBAC role required to power manage VMs. + - Required: No - Type: bool - Default: `False` @@ -974,12 +1008,14 @@ Enable Start VM on connect to allow users to start the virtual machine from a de ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object ### Parameter: `tokenValidityLength` Host Pool token validity length. Usage: 'PT8H' - valid for 8 hours; 'P5D' - valid for 5 days; 'P1Y' - valid for 1 year. When not provided, the token will be valid for 8 hours. + - Required: No - Type: string - Default: `'PT8H'` @@ -987,6 +1023,7 @@ Host Pool token validity length. Usage: 'PT8H' - valid for 8 hours; 'P5D' - vali ### Parameter: `type` Set this parameter to Personal if you would like to enable Persistent Desktop experience. Defaults to Pooled. + - Required: No - Type: string - Default: `'Pooled'` @@ -1001,6 +1038,7 @@ Set this parameter to Personal if you would like to enable Persistent Desktop ex ### Parameter: `validationEnvironment` Validation host pools allows you to test service changes before they are deployed to production. When set to true, the Host Pool will be deployed in a validation 'ring' (environment) that receives all the new features (might be less stable). Defaults to false that stands for the stable, production-ready environment. + - Required: No - Type: bool - Default: `False` @@ -1008,10 +1046,19 @@ Validation host pools allows you to test service changes before they are deploye ### Parameter: `vmTemplate` The necessary information for adding more VMs to this Host Pool. The object is converted to an in-line string when handed over to the resource deployment, since that only takes strings. + - Required: No - Type: object - Default: `{}` +### Parameter: `baseTime` + +Do not provide a value! This date value is used to generate a registration token. + +- Required: No +- Type: string +- Default: `[utcNow('u')]` + ## Outputs diff --git a/modules/desktop-virtualization/scaling-plan/README.md b/modules/desktop-virtualization/scaling-plan/README.md index 6511a66cc7..a9ffd616df 100644 --- a/modules/desktop-virtualization/scaling-plan/README.md +++ b/modules/desktop-virtualization/scaling-plan/README.md @@ -488,9 +488,17 @@ module scalingPlan 'br:bicep/modules/desktop-virtualization.scaling-plan:1.0.0' | [`tags`](#parameter-tags) | object | Tags of the resource. | | [`timeZone`](#parameter-timezone) | string | Timezone to be used for the scaling plan. | +### Parameter: `name` + +Name of the scaling plan. + +- Required: Yes +- Type: string + ### Parameter: `description` Description of the scaling plan. + - Required: No - Type: string - Default: `[parameters('name')]` @@ -498,94 +506,82 @@ Description of the scaling plan. ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -593,6 +589,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -600,6 +597,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `exclusionTag` Provide a tag to be used for hosts that should not be affected by the scaling plan. + - Required: No - Type: string - Default: `''` @@ -607,6 +605,7 @@ Provide a tag to be used for hosts that should not be affected by the scaling pl ### Parameter: `friendlyName` Friendly Name of the scaling plan. + - Required: No - Type: string - Default: `[parameters('name')]` @@ -614,6 +613,7 @@ Friendly Name of the scaling plan. ### Parameter: `hostPoolReferences` An array of references to hostpools. + - Required: No - Type: array - Default: `[]` @@ -621,6 +621,7 @@ An array of references to hostpools. ### Parameter: `hostPoolType` The type of hostpool where this scaling plan should be applied. + - Required: No - Type: string - Default: `'Pooled'` @@ -634,87 +635,104 @@ The type of hostpool where this scaling plan should be applied. ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` -### Parameter: `name` - -Name of the scaling plan. -- Required: Yes -- Type: string - ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `schedules` The schedules related to this scaling plan. If no value is provided a default schedule will be provided. + - Required: No - Type: array - Default: @@ -764,12 +782,14 @@ The schedules related to this scaling plan. If no value is provided a default sc ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object ### Parameter: `timeZone` Timezone to be used for the scaling plan. + - Required: No - Type: string - Default: `'W. Europe Standard Time'` diff --git a/modules/desktop-virtualization/workspace/README.md b/modules/desktop-virtualization/workspace/README.md index f363e71c1c..6e0fe0f8c8 100644 --- a/modules/desktop-virtualization/workspace/README.md +++ b/modules/desktop-virtualization/workspace/README.md @@ -358,9 +358,17 @@ module workspace 'br:bicep/modules/desktop-virtualization.workspace:1.0.0' = { | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`tags`](#parameter-tags) | object | Tags of the resource. | +### Parameter: `name` + +The name of the workspace to be attach to new Application Group. + +- Required: Yes +- Type: string + ### Parameter: `appGroupResourceIds` Resource IDs for the existing Application groups this workspace will group together. + - Required: No - Type: array - Default: `[]` @@ -368,6 +376,7 @@ Resource IDs for the existing Application groups this workspace will group toget ### Parameter: `description` The description of the Workspace to be created. + - Required: No - Type: string - Default: `''` @@ -375,94 +384,82 @@ The description of the Workspace to be created. ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -470,6 +467,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -477,6 +475,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `friendlyName` The friendly name of the Workspace to be created. + - Required: No - Type: string - Default: `''` @@ -484,6 +483,7 @@ The friendly name of the Workspace to be created. ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -491,107 +491,132 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string -### Parameter: `name` - -The name of the workspace to be attach to new Application Group. -- Required: Yes -- Type: string - ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object diff --git a/modules/dev-test-lab/lab/README.md b/modules/dev-test-lab/lab/README.md index b062197091..2735d1bdfc 100644 --- a/modules/dev-test-lab/lab/README.md +++ b/modules/dev-test-lab/lab/README.md @@ -1219,9 +1219,33 @@ module lab 'br:bicep/modules/dev-test-lab.lab:1.0.0' = { | [`virtualnetworks`](#parameter-virtualnetworks) | array | Virtual networks to create for the lab. | | [`vmCreationResourceGroupId`](#parameter-vmcreationresourcegroupid) | string | Resource Group allocation for virtual machines. If left empty, virtual machines will be deployed in their own Resource Groups. Default is the same Resource Group for DevTest Lab. | +### Parameter: `name` + +The name of the lab. + +- Required: Yes +- Type: string + +### Parameter: `encryptionDiskEncryptionSetId` + +The Disk Encryption Set Resource ID used to encrypt OS and data disks created as part of the the lab. Required if encryptionType is set to "EncryptionAtRestWithCustomerKey". + +- Required: No +- Type: string +- Default: `''` + +### Parameter: `notificationchannels` + +Notification Channels to create for the lab. Required if the schedules property "notificationSettingsStatus" is set to "Enabled. + +- Required: No +- Type: array +- Default: `[]` + ### Parameter: `announcement` The properties of any lab announcement associated with this lab. + - Required: No - Type: object - Default: `{}` @@ -1229,6 +1253,7 @@ The properties of any lab announcement associated with this lab. ### Parameter: `artifactsources` Artifact sources to create for the lab. + - Required: No - Type: array - Default: `[]` @@ -1236,6 +1261,7 @@ Artifact sources to create for the lab. ### Parameter: `artifactsStorageAccount` The resource ID of the storage account used to store artifacts and images by the lab. Also used for defaultStorageAccount, defaultPremiumStorageAccount and premiumDataDiskStorageAccount properties. If left empty, a default storage account will be created by the lab and used. + - Required: No - Type: string - Default: `''` @@ -1243,6 +1269,7 @@ The resource ID of the storage account used to store artifacts and images by the ### Parameter: `browserConnect` Enable browser connect on virtual machines if the lab's VNETs have configured Azure Bastion. + - Required: No - Type: string - Default: `'Disabled'` @@ -1257,6 +1284,7 @@ Enable browser connect on virtual machines if the lab's VNETs have configured Az ### Parameter: `costs` Costs to create for the lab. + - Required: No - Type: object - Default: `{}` @@ -1264,6 +1292,7 @@ Costs to create for the lab. ### Parameter: `disableAutoUpgradeCseMinorVersion` Disable auto upgrade custom script extension minor version. + - Required: No - Type: bool - Default: `False` @@ -1271,20 +1300,15 @@ Disable auto upgrade custom script extension minor version. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` -### Parameter: `encryptionDiskEncryptionSetId` - -The Disk Encryption Set Resource ID used to encrypt OS and data disks created as part of the the lab. Required if encryptionType is set to "EncryptionAtRestWithCustomerKey". -- Required: No -- Type: string -- Default: `''` - ### Parameter: `encryptionType` Specify how OS and data disks created as part of the lab are encrypted. + - Required: No - Type: string - Default: `'EncryptionAtRestWithPlatformKey'` @@ -1299,6 +1323,7 @@ Specify how OS and data disks created as part of the lab are encrypted. ### Parameter: `environmentPermission` The access rights to be granted to the user when provisioning an environment. + - Required: No - Type: string - Default: `'Reader'` @@ -1313,6 +1338,7 @@ The access rights to be granted to the user when provisioning an environment. ### Parameter: `extendedProperties` Extended properties of the lab used for experimental features. + - Required: No - Type: object - Default: `{}` @@ -1320,6 +1346,7 @@ Extended properties of the lab used for experimental features. ### Parameter: `isolateLabResources` Enable lab resources isolation from the public internet. + - Required: No - Type: string - Default: `'Enabled'` @@ -1334,6 +1361,7 @@ Enable lab resources isolation from the public internet. ### Parameter: `labStorageType` Type of storage used by the lab. It can be either Premium or Standard. + - Required: No - Type: string - Default: `'Premium'` @@ -1349,6 +1377,7 @@ Type of storage used by the lab. It can be either Premium or Standard. ### Parameter: `location` Location for all Resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -1356,26 +1385,35 @@ Location for all Resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -1383,17 +1421,19 @@ Optional. Specify the name of lock. ### Parameter: `managedIdentities` The managed identity definition for this resource. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | Yes | array | Optional. The resource ID(s) to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. | ### Parameter: `managedIdentities.userAssignedResourceIds` -Optional. The resource ID(s) to assign to the resource. +The resource ID(s) to assign to the resource. - Required: Yes - Type: array @@ -1401,6 +1441,7 @@ Optional. The resource ID(s) to assign to the resource. ### Parameter: `managementIdentitiesResourceIds` The resource ID(s) to assign to the virtual machines associated with this lab. + - Required: No - Type: array - Default: `[]` @@ -1408,6 +1449,7 @@ The resource ID(s) to assign to the virtual machines associated with this lab. ### Parameter: `mandatoryArtifactsResourceIdsLinux` The ordered list of artifact resource IDs that should be applied on all Linux VM creations by default, prior to the artifacts specified by the user. + - Required: No - Type: array - Default: `[]` @@ -1415,19 +1457,7 @@ The ordered list of artifact resource IDs that should be applied on all Linux VM ### Parameter: `mandatoryArtifactsResourceIdsWindows` The ordered list of artifact resource IDs that should be applied on all Windows VM creations by default, prior to the artifacts specified by the user. -- Required: No -- Type: array -- Default: `[]` - -### Parameter: `name` - -The name of the lab. -- Required: Yes -- Type: string -### Parameter: `notificationchannels` - -Notification Channels to create for the lab. Required if the schedules property "notificationSettingsStatus" is set to "Enabled. - Required: No - Type: array - Default: `[]` @@ -1435,6 +1465,7 @@ Notification Channels to create for the lab. Required if the schedules property ### Parameter: `policies` Policies to create for the lab. + - Required: No - Type: array - Default: `[]` @@ -1442,6 +1473,7 @@ Policies to create for the lab. ### Parameter: `premiumDataDisks` The setting to enable usage of premium data disks. When its value is "Enabled", creation of standard or premium data disks is allowed. When its value is "Disabled", only creation of standard data disks is allowed. Default is "Disabled". + - Required: No - Type: string - Default: `'Disabled'` @@ -1456,74 +1488,96 @@ The setting to enable usage of premium data disks. When its value is "Enabled", ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + - Required: No - Type: array +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +**Optional parameters** -### Parameter: `roleAssignments.condition` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +### Parameter: `roleAssignments.principalId` -- Required: No +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `schedules` Schedules to create for the lab. + - Required: No - Type: array - Default: `[]` @@ -1531,6 +1585,7 @@ Schedules to create for the lab. ### Parameter: `support` The properties of any lab support message associated with this lab. + - Required: No - Type: object - Default: `{}` @@ -1538,12 +1593,14 @@ The properties of any lab support message associated with this lab. ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object ### Parameter: `virtualnetworks` Virtual networks to create for the lab. + - Required: No - Type: array - Default: `[]` @@ -1551,6 +1608,7 @@ Virtual networks to create for the lab. ### Parameter: `vmCreationResourceGroupId` Resource Group allocation for virtual machines. If left empty, virtual machines will be deployed in their own Resource Groups. Default is the same Resource Group for DevTest Lab. + - Required: No - Type: string - Default: `[resourceGroup().id]` diff --git a/modules/dev-test-lab/lab/artifactsource/README.md b/modules/dev-test-lab/lab/artifactsource/README.md index 596527ee0d..0a5d74362c 100644 --- a/modules/dev-test-lab/lab/artifactsource/README.md +++ b/modules/dev-test-lab/lab/artifactsource/README.md @@ -46,16 +46,47 @@ An artifact source allows you to create custom artifacts for the VMs in the lab, | [`status`](#parameter-status) | string | Indicates if the artifact source is enabled (values: Enabled, Disabled). Default is "Enabled". | | [`tags`](#parameter-tags) | object | Tags of the resource. | +### Parameter: `name` + +The name of the artifact source. + +- Required: Yes +- Type: string + +### Parameter: `uri` + +The artifact source's URI. + +- Required: Yes +- Type: string + ### Parameter: `armTemplateFolderPath` The folder containing Azure Resource Manager templates. Required if "folderPath" is empty. + - Required: No - Type: string - Default: `''` +### Parameter: `folderPath` + +The folder containing artifacts. At least one folder path is required. Required if "armTemplateFolderPath" is empty. + +- Required: No +- Type: string +- Default: `''` + +### Parameter: `labName` + +The name of the parent lab. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `branchRef` The artifact source's branch reference (e.g. main or master). + - Required: No - Type: string - Default: `''` @@ -63,6 +94,7 @@ The artifact source's branch reference (e.g. main or master). ### Parameter: `displayName` The artifact source's display name. Default is the name of the artifact source. + - Required: No - Type: string - Default: `[parameters('name')]` @@ -70,32 +102,15 @@ The artifact source's display name. Default is the name of the artifact source. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` -### Parameter: `folderPath` - -The folder containing artifacts. At least one folder path is required. Required if "armTemplateFolderPath" is empty. -- Required: No -- Type: string -- Default: `''` - -### Parameter: `labName` - -The name of the parent lab. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - -### Parameter: `name` - -The name of the artifact source. -- Required: Yes -- Type: string - ### Parameter: `securityToken` The security token to authenticate to the artifact source. + - Required: No - Type: securestring - Default: `''` @@ -103,6 +118,7 @@ The security token to authenticate to the artifact source. ### Parameter: `sourceType` The artifact source's type. + - Required: No - Type: string - Default: `''` @@ -119,6 +135,7 @@ The artifact source's type. ### Parameter: `status` Indicates if the artifact source is enabled (values: Enabled, Disabled). Default is "Enabled". + - Required: No - Type: string - Default: `'Enabled'` @@ -133,15 +150,10 @@ Indicates if the artifact source is enabled (values: Enabled, Disabled). Default ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object -### Parameter: `uri` - -The artifact source's URI. -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/dev-test-lab/lab/cost/README.md b/modules/dev-test-lab/lab/cost/README.md index 7d50b0542b..d2950dda2b 100644 --- a/modules/dev-test-lab/lab/cost/README.md +++ b/modules/dev-test-lab/lab/cost/README.md @@ -53,16 +53,24 @@ Manage lab costs by setting a spending target that can be viewed in the Monthly | [`thresholdValue75DisplayOnChart`](#parameter-thresholdvalue75displayonchart) | string | Target Cost threshold at 75% display on chart. Indicates whether this threshold will be displayed on cost charts. | | [`thresholdValue75SendNotificationWhenExceeded`](#parameter-thresholdvalue75sendnotificationwhenexceeded) | string | Target cost threshold at 75% send notification when exceeded. Indicates whether notifications will be sent when this threshold is exceeded. | -### Parameter: `currencyCode` +### Parameter: `cycleType` -The currency code of the cost. -- Required: No +Reporting cycle type. + +- Required: Yes - Type: string -- Default: `'USD'` +- Allowed: + ```Bicep + [ + 'CalendarMonth' + 'Custom' + ] + ``` ### Parameter: `cycleEndDateTime` Reporting cycle end date in the zulu time format (e.g. 2023-12-01T00:00:00.000Z). Required if cycleType is set to "Custom". + - Required: No - Type: string - Default: `''` @@ -70,39 +78,38 @@ Reporting cycle end date in the zulu time format (e.g. 2023-12-01T00:00:00.000Z) ### Parameter: `cycleStartDateTime` Reporting cycle start date in the zulu time format (e.g. 2023-12-01T00:00:00.000Z). Required if cycleType is set to "Custom". + - Required: No - Type: string - Default: `''` -### Parameter: `cycleType` +### Parameter: `labName` + +The name of the parent lab. Required if the template is used in a standalone deployment. -Reporting cycle type. - Required: Yes - Type: string -- Allowed: - ```Bicep - [ - 'CalendarMonth' - 'Custom' - ] - ``` + +### Parameter: `currencyCode` + +The currency code of the cost. + +- Required: No +- Type: string +- Default: `'USD'` ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` -### Parameter: `labName` - -The name of the parent lab. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `status` Target cost status. + - Required: No - Type: string - Default: `'Enabled'` @@ -117,12 +124,14 @@ Target cost status. ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object ### Parameter: `target` Lab target cost (e.g. 100). The target cost will appear in the "Cost trend" chart to allow tracking lab spending relative to the target cost for the current reporting cycleSetting the target cost to 0 will disable all thresholds. + - Required: No - Type: int - Default: `0` @@ -130,6 +139,7 @@ Lab target cost (e.g. 100). The target cost will appear in the "Cost trend" char ### Parameter: `thresholdValue100DisplayOnChart` Target Cost threshold at 100% display on chart. Indicates whether this threshold will be displayed on cost charts. + - Required: No - Type: string - Default: `'Disabled'` @@ -144,6 +154,7 @@ Target Cost threshold at 100% display on chart. Indicates whether this threshold ### Parameter: `thresholdValue100SendNotificationWhenExceeded` Target cost threshold at 100% send notification when exceeded. Indicates whether notifications will be sent when this threshold is exceeded. + - Required: No - Type: string - Default: `'Disabled'` @@ -158,6 +169,7 @@ Target cost threshold at 100% send notification when exceeded. Indicates whether ### Parameter: `thresholdValue125DisplayOnChart` Target Cost threshold at 125% display on chart. Indicates whether this threshold will be displayed on cost charts. + - Required: No - Type: string - Default: `'Disabled'` @@ -172,6 +184,7 @@ Target Cost threshold at 125% display on chart. Indicates whether this threshold ### Parameter: `thresholdValue125SendNotificationWhenExceeded` Target cost threshold at 125% send notification when exceeded. Indicates whether notifications will be sent when this threshold is exceeded. + - Required: No - Type: string - Default: `'Disabled'` @@ -186,6 +199,7 @@ Target cost threshold at 125% send notification when exceeded. Indicates whether ### Parameter: `thresholdValue25DisplayOnChart` Target Cost threshold at 25% display on chart. Indicates whether this threshold will be displayed on cost charts. + - Required: No - Type: string - Default: `'Disabled'` @@ -200,6 +214,7 @@ Target Cost threshold at 25% display on chart. Indicates whether this threshold ### Parameter: `thresholdValue25SendNotificationWhenExceeded` Target cost threshold at 25% send notification when exceeded. Indicates whether notifications will be sent when this threshold is exceeded. + - Required: No - Type: string - Default: `'Disabled'` @@ -214,6 +229,7 @@ Target cost threshold at 25% send notification when exceeded. Indicates whether ### Parameter: `thresholdValue50DisplayOnChart` Target Cost threshold at 50% display on chart. Indicates whether this threshold will be displayed on cost charts. + - Required: No - Type: string - Default: `'Disabled'` @@ -228,6 +244,7 @@ Target Cost threshold at 50% display on chart. Indicates whether this threshold ### Parameter: `thresholdValue50SendNotificationWhenExceeded` Target cost threshold at 50% send notification when exceeded. Indicates whether notifications will be sent when this threshold is exceeded. + - Required: No - Type: string - Default: `'Disabled'` @@ -242,6 +259,7 @@ Target cost threshold at 50% send notification when exceeded. Indicates whether ### Parameter: `thresholdValue75DisplayOnChart` Target Cost threshold at 75% display on chart. Indicates whether this threshold will be displayed on cost charts. + - Required: No - Type: string - Default: `'Disabled'` @@ -256,6 +274,7 @@ Target Cost threshold at 75% display on chart. Indicates whether this threshold ### Parameter: `thresholdValue75SendNotificationWhenExceeded` Target cost threshold at 75% send notification when exceeded. Indicates whether notifications will be sent when this threshold is exceeded. + - Required: No - Type: string - Default: `'Disabled'` diff --git a/modules/dev-test-lab/lab/notificationchannel/README.md b/modules/dev-test-lab/lab/notificationchannel/README.md index 026f51995a..fa378b420e 100644 --- a/modules/dev-test-lab/lab/notificationchannel/README.md +++ b/modules/dev-test-lab/lab/notificationchannel/README.md @@ -43,56 +43,71 @@ Notification channels are used by the schedule resource type in order to send no | [`notificationLocale`](#parameter-notificationlocale) | string | The locale to use when sending a notification (fallback for unsupported languages is EN). | | [`tags`](#parameter-tags) | object | Tags of the resource. | -### Parameter: `description` +### Parameter: `events` + +The list of event for which this notification is enabled. -Description of notification. - Required: No +- Type: array +- Default: `[]` + +### Parameter: `name` + +The name of the notification channel. + +- Required: Yes - Type: string -- Default: `''` +- Allowed: + ```Bicep + [ + 'autoShutdown' + 'costThreshold' + ] + ``` ### Parameter: `emailRecipient` The email recipient to send notifications to (can be a list of semi-colon separated email addresses). Required if "webHookUrl" is empty. + - Required: No - Type: string - Default: `''` -### Parameter: `enableDefaultTelemetry` +### Parameter: `labName` -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` +The name of the parent lab. Required if the template is used in a standalone deployment. -### Parameter: `events` +- Required: Yes +- Type: string -The list of event for which this notification is enabled. -- Required: No -- Type: array -- Default: `[]` +### Parameter: `webHookUrl` -### Parameter: `labName` +The webhook URL to which the notification will be sent. Required if "emailRecipient" is empty. -The name of the parent lab. Required if the template is used in a standalone deployment. -- Required: Yes +- Required: No - Type: string +- Default: `''` -### Parameter: `name` +### Parameter: `description` -The name of the notification channel. -- Required: Yes +Description of notification. + +- Required: No - Type: string -- Allowed: - ```Bicep - [ - 'autoShutdown' - 'costThreshold' - ] - ``` +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` ### Parameter: `notificationLocale` The locale to use when sending a notification (fallback for unsupported languages is EN). + - Required: No - Type: string - Default: `'en'` @@ -100,15 +115,9 @@ The locale to use when sending a notification (fallback for unsupported language ### Parameter: `tags` Tags of the resource. -- Required: No -- Type: object - -### Parameter: `webHookUrl` -The webhook URL to which the notification will be sent. Required if "emailRecipient" is empty. - Required: No -- Type: string -- Default: `''` +- Type: object ## Outputs diff --git a/modules/dev-test-lab/lab/policyset/policy/README.md b/modules/dev-test-lab/lab/policyset/policy/README.md index 21a43a924c..0cc9ece256 100644 --- a/modules/dev-test-lab/lab/policyset/policy/README.md +++ b/modules/dev-test-lab/lab/policyset/policy/README.md @@ -45,23 +45,10 @@ DevTest lab policies are used to modify the lab settings such as only allowing c | [`status`](#parameter-status) | string | The status of the policy. | | [`tags`](#parameter-tags) | object | Tags of the resource. | -### Parameter: `description` - -The description of the policy. -- Required: No -- Type: string -- Default: `''` - -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` - ### Parameter: `evaluatorType` The evaluator type of the policy (i.e. AllowedValuesPolicy, MaxValuePolicy). + - Required: Yes - Type: string - Allowed: @@ -72,16 +59,10 @@ The evaluator type of the policy (i.e. AllowedValuesPolicy, MaxValuePolicy). ] ``` -### Parameter: `factData` - -The fact data of the policy. -- Required: No -- Type: string -- Default: `''` - ### Parameter: `factName` The fact name of the policy. + - Required: Yes - Type: string - Allowed: @@ -100,21 +81,55 @@ The fact name of the policy. ] ``` +### Parameter: `name` + +The name of the policy. + +- Required: Yes +- Type: string + +### Parameter: `threshold` + +The threshold of the policy (i.e. a number for MaxValuePolicy, and a JSON array of values for AllowedValuesPolicy). + +- Required: Yes +- Type: string + ### Parameter: `labName` The name of the parent lab. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string -### Parameter: `name` +### Parameter: `description` -The name of the policy. -- Required: Yes +The description of the policy. + +- Required: No - Type: string +- Default: `''` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `factData` + +The fact data of the policy. + +- Required: No +- Type: string +- Default: `''` ### Parameter: `policySetName` The name of the parent policy set. + - Required: No - Type: string - Default: `'default'` @@ -122,6 +137,7 @@ The name of the parent policy set. ### Parameter: `status` The status of the policy. + - Required: No - Type: string - Default: `'Enabled'` @@ -136,16 +152,11 @@ The status of the policy. ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object - Default: `{}` -### Parameter: `threshold` - -The threshold of the policy (i.e. a number for MaxValuePolicy, and a JSON array of values for AllowedValuesPolicy). -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/dev-test-lab/lab/schedule/README.md b/modules/dev-test-lab/lab/schedule/README.md index 35c6ea868e..ba6b6479ba 100644 --- a/modules/dev-test-lab/lab/schedule/README.md +++ b/modules/dev-test-lab/lab/schedule/README.md @@ -47,9 +47,45 @@ Lab schedules are used to modify the settings for auto-shutdown, auto-start for | [`timeZoneId`](#parameter-timezoneid) | string | The time zone ID (e.g. Pacific Standard time). | | [`weeklyRecurrence`](#parameter-weeklyrecurrence) | object | If the schedule will occur only some days of the week, specify the weekly recurrence. | +### Parameter: `name` + +The name of the schedule. + +- Required: Yes +- Type: string +- Allowed: + ```Bicep + [ + 'LabVmAutoStart' + 'LabVmsShutdown' + ] + ``` + +### Parameter: `taskType` + +The task type of the schedule (e.g. LabVmsShutdownTask, LabVmsStartupTask). + +- Required: Yes +- Type: string +- Allowed: + ```Bicep + [ + 'LabVmsShutdownTask' + 'LabVmsStartupTask' + ] + ``` + +### Parameter: `labName` + +The name of the parent lab. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `dailyRecurrence` If the schedule will occur once each day of the week, specify the daily recurrence. + - Required: No - Type: object - Default: `{}` @@ -57,6 +93,7 @@ If the schedule will occur once each day of the week, specify the daily recurren ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -64,32 +101,15 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `hourlyRecurrence` If the schedule will occur multiple times a day, specify the hourly recurrence. + - Required: No - Type: object - Default: `{}` -### Parameter: `labName` - -The name of the parent lab. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - -### Parameter: `name` - -The name of the schedule. -- Required: Yes -- Type: string -- Allowed: - ```Bicep - [ - 'LabVmAutoStart' - 'LabVmsShutdown' - ] - ``` - ### Parameter: `notificationSettingsStatus` If notifications are enabled for this schedule (i.e. Enabled, Disabled). + - Required: No - Type: string - Default: `'Disabled'` @@ -104,6 +124,7 @@ If notifications are enabled for this schedule (i.e. Enabled, Disabled). ### Parameter: `notificationSettingsTimeInMinutes` Time in minutes before event at which notification will be sent. Optional if "notificationSettingsStatus" is set to "Enabled". Default is 30 minutes. + - Required: No - Type: int - Default: `30` @@ -111,6 +132,7 @@ Time in minutes before event at which notification will be sent. Optional if "no ### Parameter: `status` The status of the schedule (i.e. Enabled, Disabled). + - Required: No - Type: string - Default: `'Enabled'` @@ -125,32 +147,22 @@ The status of the schedule (i.e. Enabled, Disabled). ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object ### Parameter: `targetResourceId` The resource ID to which the schedule belongs. + - Required: No - Type: string - Default: `''` -### Parameter: `taskType` - -The task type of the schedule (e.g. LabVmsShutdownTask, LabVmsStartupTask). -- Required: Yes -- Type: string -- Allowed: - ```Bicep - [ - 'LabVmsShutdownTask' - 'LabVmsStartupTask' - ] - ``` - ### Parameter: `timeZoneId` The time zone ID (e.g. Pacific Standard time). + - Required: No - Type: string - Default: `'Pacific Standard time'` @@ -158,6 +170,7 @@ The time zone ID (e.g. Pacific Standard time). ### Parameter: `weeklyRecurrence` If the schedule will occur only some days of the week, specify the weekly recurrence. + - Required: No - Type: object - Default: `{}` diff --git a/modules/dev-test-lab/lab/virtualnetwork/README.md b/modules/dev-test-lab/lab/virtualnetwork/README.md index 494fe14296..365a071731 100644 --- a/modules/dev-test-lab/lab/virtualnetwork/README.md +++ b/modules/dev-test-lab/lab/virtualnetwork/README.md @@ -42,9 +42,31 @@ Lab virtual machines must be deployed into a virtual network. This resource type | [`subnetOverrides`](#parameter-subnetoverrides) | array | The subnet overrides of the virtual network. | | [`tags`](#parameter-tags) | object | Tags of the resource. | +### Parameter: `externalProviderResourceId` + +The resource ID of the virtual network. + +- Required: Yes +- Type: string + +### Parameter: `name` + +The name of the virtual network. + +- Required: Yes +- Type: string + +### Parameter: `labName` + +The name of the parent lab. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `allowedSubnets` The allowed subnets of the virtual network. + - Required: No - Type: array - Default: `[]` @@ -52,6 +74,7 @@ The allowed subnets of the virtual network. ### Parameter: `description` The description of the virtual network. + - Required: No - Type: string - Default: `''` @@ -59,31 +82,15 @@ The description of the virtual network. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` -### Parameter: `externalProviderResourceId` - -The resource ID of the virtual network. -- Required: Yes -- Type: string - -### Parameter: `labName` - -The name of the parent lab. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - -### Parameter: `name` - -The name of the virtual network. -- Required: Yes -- Type: string - ### Parameter: `subnetOverrides` The subnet overrides of the virtual network. + - Required: No - Type: array - Default: `[]` @@ -91,6 +98,7 @@ The subnet overrides of the virtual network. ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object diff --git a/modules/digital-twins/digital-twins-instance/README.md b/modules/digital-twins/digital-twins-instance/README.md index b17f411ae0..6e6d82d64a 100644 --- a/modules/digital-twins/digital-twins-instance/README.md +++ b/modules/digital-twins/digital-twins-instance/README.md @@ -494,117 +494,100 @@ module digitalTwinsInstance 'br:bicep/modules/digital-twins.digital-twins-instan | [`serviceBusEndpoint`](#parameter-servicebusendpoint) | object | Service Bus Endpoint. | | [`tags`](#parameter-tags) | object | Resource tags. | +### Parameter: `name` + +The name of the Digital Twin Instance. + +- Required: Yes +- Type: string + ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.metricCategories` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | - -### Parameter: `diagnosticSettings.metricCategories.category` - -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. - -- Required: Yes -- Type: string - - ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -612,6 +595,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `enableDefaultTelemetry` Enable telemetry via the Customer Usage Attribution ID (GUID). + - Required: No - Type: bool - Default: `True` @@ -619,6 +603,7 @@ Enable telemetry via the Customer Usage Attribution ID (GUID). ### Parameter: `eventGridEndpoint` Event Grid Endpoint. + - Required: No - Type: object - Default: `{}` @@ -626,6 +611,7 @@ Event Grid Endpoint. ### Parameter: `eventHubEndpoint` Event Hub Endpoint. + - Required: No - Type: object - Default: `{}` @@ -633,6 +619,7 @@ Event Hub Endpoint. ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -640,26 +627,35 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -667,229 +663,275 @@ Optional. Specify the name of lock. ### Parameter: `managedIdentities` The managed identity definition for this resource. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | No | bool | Optional. Enables system assigned managed identity on the resource. | -| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | No | array | Optional. The resource ID(s) to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | bool | Enables system assigned managed identity on the resource. | +| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. | ### Parameter: `managedIdentities.systemAssigned` -Optional. Enables system assigned managed identity on the resource. +Enables system assigned managed identity on the resource. - Required: No - Type: bool ### Parameter: `managedIdentities.userAssignedResourceIds` -Optional. The resource ID(s) to assign to the resource. +The resource ID(s) to assign to the resource. - Required: No - Type: array -### Parameter: `name` - -The name of the Digital Twin Instance. -- Required: Yes -- Type: string - ### Parameter: `privateEndpoints` Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | No | array | Optional. Application security groups in which the private endpoint IP configuration is included. | -| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | No | array | Optional. Custom DNS configurations. | -| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | No | string | Optional. The custom name of the network interface attached to the private endpoint. | -| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | No | bool | Optional. Enable/Disable usage telemetry for module. | -| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | No | array | Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | -| [`location`](#parameter-privateendpointslocation) | No | string | Optional. The location to deploy the private endpoint to. | -| [`lock`](#parameter-privateendpointslock) | No | object | Optional. Specify the type of lock. | -| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | No | array | Optional. Manual PrivateLink Service Connections. | -| [`name`](#parameter-privateendpointsname) | No | string | Optional. The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | No | string | Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | -| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | No | array | Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | -| [`roleAssignments`](#parameter-privateendpointsroleassignments) | No | array | Optional. Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | No | string | Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | -| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | Yes | string | Required. Resource ID of the subnet where the endpoint needs to be created. | -| [`tags`](#parameter-privateendpointstags) | No | object | Optional. Tags to be applied on all resources/resource groups in this deployment. | - -### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` - -Optional. Application security groups in which the private endpoint IP configuration is included. +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | string | Resource ID of the subnet where the endpoint needs to be created. | -- Required: No -- Type: array +**Optional parameters** -### Parameter: `privateEndpoints.customDnsConfigs` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | array | Application security groups in which the private endpoint IP configuration is included. | +| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | array | Custom DNS configurations. | +| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | +| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | +| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | +| [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | +| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | +| [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | +| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | +| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | +| [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | +| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | +| [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | -Optional. Custom DNS configurations. +### Parameter: `privateEndpoints.subnetResourceId` -- Required: No -- Type: array +Resource ID of the subnet where the endpoint needs to be created. -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | No | string | Required. Fqdn that resolves to private endpoint ip address. | -| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | Yes | array | Required. A list of private ip addresses of the private endpoint. | +- Required: Yes +- Type: string -### Parameter: `privateEndpoints.customDnsConfigs.fqdn` +### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` -Required. Fqdn that resolves to private endpoint ip address. +Application security groups in which the private endpoint IP configuration is included. - Required: No -- Type: string +- Type: array -### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` +### Parameter: `privateEndpoints.customDnsConfigs` -Required. A list of private ip addresses of the private endpoint. +Custom DNS configurations. -- Required: Yes +- Required: No - Type: array - ### Parameter: `privateEndpoints.customNetworkInterfaceName` -Optional. The custom name of the network interface attached to the private endpoint. +The custom name of the network interface attached to the private endpoint. - Required: No - Type: string ### Parameter: `privateEndpoints.enableTelemetry` -Optional. Enable/Disable usage telemetry for module. +Enable/Disable usage telemetry for module. - Required: No - Type: bool ### Parameter: `privateEndpoints.ipConfigurations` -Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. +A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`name`](#parameter-privateendpointsipconfigurationsname) | Yes | string | Required. The name of the resource that is unique within a resource group. | -| [`properties`](#parameter-privateendpointsipconfigurationsproperties) | Yes | object | Required. Properties of private endpoint IP configurations. | - -### Parameter: `privateEndpoints.ipConfigurations.name` +### Parameter: `privateEndpoints.location` -Required. The name of the resource that is unique within a resource group. +The location to deploy the private endpoint to. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties` +### Parameter: `privateEndpoints.lock` -Required. Properties of private endpoint IP configurations. +Specify the type of lock. -- Required: Yes +- Required: No - Type: object -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | Yes | string | Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. | -| [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | Yes | string | Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. | -| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | Yes | string | Required. A private ip address obtained from the private endpoint's subnet. | +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-privateendpointslockkind) | string | Specify the type of lock. | +| [`name`](#parameter-privateendpointslockname) | string | Specify the name of lock. | -### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` +### Parameter: `privateEndpoints.lock.kind` -Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. +Specify the type of lock. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` -### Parameter: `privateEndpoints.ipConfigurations.properties.memberName` +### Parameter: `privateEndpoints.lock.name` -Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. +Specify the name of lock. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` +### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` -Required. A private ip address obtained from the private endpoint's subnet. +Manual PrivateLink Service Connections. -- Required: Yes -- Type: string +- Required: No +- Type: array +### Parameter: `privateEndpoints.name` +The name of the private endpoint. -### Parameter: `privateEndpoints.location` +- Required: No +- Type: string + +### Parameter: `privateEndpoints.privateDnsZoneGroupName` -Optional. The location to deploy the private endpoint to. +The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. - Required: No - Type: string -### Parameter: `privateEndpoints.lock` +### Parameter: `privateEndpoints.privateDnsZoneResourceIds` -Optional. Specify the type of lock. +The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. - Required: No -- Type: object +- Type: array -### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` +### Parameter: `privateEndpoints.roleAssignments` -Optional. Manual PrivateLink Service Connections. +Array of role assignments to create. - Required: No - Type: array -### Parameter: `privateEndpoints.name` +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-privateendpointsroleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-privateendpointsroleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-privateendpointsroleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-privateendpointsroleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-privateendpointsroleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-privateendpointsroleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-privateendpointsroleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -Optional. The name of the private endpoint. +### Parameter: `privateEndpoints.roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.roleAssignments.roleDefinitionIdOrName` + +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.roleAssignments.condition` + +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `privateEndpoints.privateDnsZoneGroupName` +### Parameter: `privateEndpoints.roleAssignments.conditionVersion` -Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `privateEndpoints.privateDnsZoneResourceIds` +### Parameter: `privateEndpoints.roleAssignments.delegatedManagedIdentityResourceId` -Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. +The Resource Id of the delegated managed identity resource. - Required: No -- Type: array +- Type: string -### Parameter: `privateEndpoints.roleAssignments` +### Parameter: `privateEndpoints.roleAssignments.description` -Optional. Array of role assignments to create. +The description of the role assignment. - Required: No -- Type: array +- Type: string -### Parameter: `privateEndpoints.service` +### Parameter: `privateEndpoints.roleAssignments.principalType` -Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". +The principal type of the assigned principal ID. - Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` -### Parameter: `privateEndpoints.subnetResourceId` +### Parameter: `privateEndpoints.service` -Required. Resource ID of the subnet where the endpoint needs to be created. +The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". -- Required: Yes +- Required: No - Type: string ### Parameter: `privateEndpoints.tags` -Optional. Tags to be applied on all resources/resource groups in this deployment. +Tags to be applied on all resources/resource groups in this deployment. - Required: No - Type: object @@ -897,6 +939,7 @@ Optional. Tags to be applied on all resources/resource groups in this deployment ### Parameter: `publicNetworkAccess` Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. + - Required: No - Type: string - Default: `''` @@ -912,74 +955,96 @@ Whether or not public network access is allowed for this resource. For security ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `serviceBusEndpoint` Service Bus Endpoint. + - Required: No - Type: object - Default: `{}` @@ -987,6 +1052,7 @@ Service Bus Endpoint. ### Parameter: `tags` Resource tags. + - Required: No - Type: object diff --git a/modules/digital-twins/digital-twins-instance/endpoint--event-grid/README.md b/modules/digital-twins/digital-twins-instance/endpoint--event-grid/README.md index 0b66892ffa..7c0b4fd0a5 100644 --- a/modules/digital-twins/digital-twins-instance/endpoint--event-grid/README.md +++ b/modules/digital-twins/digital-twins-instance/endpoint--event-grid/README.md @@ -39,9 +39,31 @@ This module deploys a Digital Twins Instance Event Grid Endpoint. | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via the Customer Usage Attribution ID (GUID). | | [`name`](#parameter-name) | string | The name of the Digital Twin Endpoint. | +### Parameter: `eventGridDomainResourceId` + +The resource ID of the Event Grid to get access keys from. + +- Required: Yes +- Type: string + +### Parameter: `topicEndpoint` + +EventGrid Topic Endpoint. + +- Required: Yes +- Type: string + +### Parameter: `digitalTwinInstanceName` + +The name of the parent Digital Twin Instance resource. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `deadLetterSecret` Dead letter storage secret for key-based authentication. Will be obfuscated during read. + - Required: No - Type: securestring - Default: `''` @@ -49,42 +71,27 @@ Dead letter storage secret for key-based authentication. Will be obfuscated duri ### Parameter: `deadLetterUri` Dead letter storage URL for identity-based authentication. + - Required: No - Type: string - Default: `''` -### Parameter: `digitalTwinInstanceName` - -The name of the parent Digital Twin Instance resource. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `enableDefaultTelemetry` Enable telemetry via the Customer Usage Attribution ID (GUID). + - Required: No - Type: bool - Default: `True` -### Parameter: `eventGridDomainResourceId` - -The resource ID of the Event Grid to get access keys from. -- Required: Yes -- Type: string - ### Parameter: `name` The name of the Digital Twin Endpoint. + - Required: No - Type: string - Default: `'EventGridEndpoint'` -### Parameter: `topicEndpoint` - -EventGrid Topic Endpoint. -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/digital-twins/digital-twins-instance/endpoint--event-hub/README.md b/modules/digital-twins/digital-twins-instance/endpoint--event-hub/README.md index 1101a6dfdb..ee717d8aa1 100644 --- a/modules/digital-twins/digital-twins-instance/endpoint--event-hub/README.md +++ b/modules/digital-twins/digital-twins-instance/endpoint--event-hub/README.md @@ -38,9 +38,25 @@ This module deploys a Digital Twins Instance EventHub Endpoint. | [`managedIdentities`](#parameter-managedidentities) | object | The managed identity definition for this resource. | | [`name`](#parameter-name) | string | The name of the Digital Twin Endpoint. | +### Parameter: `connectionStringPrimaryKey` + +PrimaryConnectionString of the endpoint for key-based authentication. Will be obfuscated during read. Required if the `authenticationType` is "KeyBased". + +- Required: No +- Type: securestring +- Default: `''` + +### Parameter: `digitalTwinInstanceName` + +The name of the parent Digital Twin Instance resource. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `authenticationType` Specifies the authentication type being used for connecting to the endpoint. If 'KeyBased' is selected, a connection string must be specified (at least the primary connection string). If 'IdentityBased' is selected, the endpointUri and entityPath properties must be specified. + - Required: No - Type: string - Default: `'IdentityBased'` @@ -52,16 +68,10 @@ Specifies the authentication type being used for connecting to the endpoint. If ] ``` -### Parameter: `connectionStringPrimaryKey` - -PrimaryConnectionString of the endpoint for key-based authentication. Will be obfuscated during read. Required if the `authenticationType` is "KeyBased". -- Required: No -- Type: securestring -- Default: `''` - ### Parameter: `connectionStringSecondaryKey` SecondaryConnectionString of the endpoint for key-based authentication. Will be obfuscated during read. Only used if the `authenticationType` is "KeyBased". + - Required: No - Type: securestring - Default: `''` @@ -69,6 +79,7 @@ SecondaryConnectionString of the endpoint for key-based authentication. Will be ### Parameter: `deadLetterSecret` Dead letter storage secret for key-based authentication. Will be obfuscated during read. + - Required: No - Type: securestring - Default: `''` @@ -76,19 +87,15 @@ Dead letter storage secret for key-based authentication. Will be obfuscated duri ### Parameter: `deadLetterUri` Dead letter storage URL for identity-based authentication. + - Required: No - Type: string - Default: `''` -### Parameter: `digitalTwinInstanceName` - -The name of the parent Digital Twin Instance resource. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `enableDefaultTelemetry` Enable telemetry via the Customer Usage Attribution ID (GUID). + - Required: No - Type: bool - Default: `True` @@ -96,6 +103,7 @@ Enable telemetry via the Customer Usage Attribution ID (GUID). ### Parameter: `endpointUri` The URL of the EventHub namespace for identity-based authentication. It must include the protocol 'sb://' (i.e. sb://xyz.servicebus.windows.net). + - Required: No - Type: string - Default: `''` @@ -103,6 +111,7 @@ The URL of the EventHub namespace for identity-based authentication. It must inc ### Parameter: `entityPath` The EventHub name in the EventHub namespace for identity-based authentication. + - Required: No - Type: string - Default: `''` @@ -110,25 +119,27 @@ The EventHub name in the EventHub namespace for identity-based authentication. ### Parameter: `managedIdentities` The managed identity definition for this resource. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | No | bool | Optional. Enables system assigned managed identity on the resource. | -| [`userAssignedResourceId`](#parameter-managedidentitiesuserassignedresourceid) | No | string | Optional. The resource ID to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | bool | Enables system assigned managed identity on the resource. | +| [`userAssignedResourceId`](#parameter-managedidentitiesuserassignedresourceid) | string | The resource ID to assign to the resource. | ### Parameter: `managedIdentities.systemAssigned` -Optional. Enables system assigned managed identity on the resource. +Enables system assigned managed identity on the resource. - Required: No - Type: bool ### Parameter: `managedIdentities.userAssignedResourceId` -Optional. The resource ID to assign to the resource. +The resource ID to assign to the resource. - Required: No - Type: string @@ -136,6 +147,7 @@ Optional. The resource ID to assign to the resource. ### Parameter: `name` The name of the Digital Twin Endpoint. + - Required: No - Type: string - Default: `'EventHubEndpoint'` diff --git a/modules/digital-twins/digital-twins-instance/endpoint--service-bus/README.md b/modules/digital-twins/digital-twins-instance/endpoint--service-bus/README.md index c9e29b7746..040d68825a 100644 --- a/modules/digital-twins/digital-twins-instance/endpoint--service-bus/README.md +++ b/modules/digital-twins/digital-twins-instance/endpoint--service-bus/README.md @@ -38,9 +38,25 @@ This module deploys a Digital Twins Instance ServiceBus Endpoint. | [`name`](#parameter-name) | string | The name of the Digital Twin Endpoint. | | [`secondaryConnectionString`](#parameter-secondaryconnectionstring) | securestring | SecondaryConnectionString of the endpoint for key-based authentication. Will be obfuscated during read. Only used if the `authenticationType` is "KeyBased". | +### Parameter: `digitalTwinInstanceName` + +The name of the parent Digital Twin Instance resource. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + +### Parameter: `primaryConnectionString` + +PrimaryConnectionString of the endpoint for key-based authentication. Will be obfuscated during read. Required if the `authenticationType` is "KeyBased". + +- Required: No +- Type: securestring +- Default: `''` + ### Parameter: `authenticationType` Specifies the authentication type being used for connecting to the endpoint. If 'KeyBased' is selected, a connection string must be specified (at least the primary connection string). If 'IdentityBased' is selected, the endpointUri and entityPath properties must be specified. + - Required: No - Type: string - Default: `'IdentityBased'` @@ -55,6 +71,7 @@ Specifies the authentication type being used for connecting to the endpoint. If ### Parameter: `deadLetterSecret` Dead letter storage secret for key-based authentication. Will be obfuscated during read. + - Required: No - Type: securestring - Default: `''` @@ -62,19 +79,15 @@ Dead letter storage secret for key-based authentication. Will be obfuscated duri ### Parameter: `deadLetterUri` Dead letter storage URL for identity-based authentication. + - Required: No - Type: string - Default: `''` -### Parameter: `digitalTwinInstanceName` - -The name of the parent Digital Twin Instance resource. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `enableDefaultTelemetry` Enable telemetry via the Customer Usage Attribution ID (GUID). + - Required: No - Type: bool - Default: `True` @@ -82,6 +95,7 @@ Enable telemetry via the Customer Usage Attribution ID (GUID). ### Parameter: `endpointUri` The URL of the ServiceBus namespace for identity-based authentication. It must include the protocol 'sb://' (e.g. sb://xyz.servicebus.windows.net). + - Required: No - Type: string - Default: `''` @@ -89,6 +103,7 @@ The URL of the ServiceBus namespace for identity-based authentication. It must i ### Parameter: `entityPath` The ServiceBus Topic name for identity-based authentication. + - Required: No - Type: string - Default: `''` @@ -96,25 +111,27 @@ The ServiceBus Topic name for identity-based authentication. ### Parameter: `managedIdentities` The managed identity definition for this resource. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | No | bool | Optional. Enables system assigned managed identity on the resource. | -| [`userAssignedResourceId`](#parameter-managedidentitiesuserassignedresourceid) | No | string | Optional. The resource ID to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | bool | Enables system assigned managed identity on the resource. | +| [`userAssignedResourceId`](#parameter-managedidentitiesuserassignedresourceid) | string | The resource ID to assign to the resource. | ### Parameter: `managedIdentities.systemAssigned` -Optional. Enables system assigned managed identity on the resource. +Enables system assigned managed identity on the resource. - Required: No - Type: bool ### Parameter: `managedIdentities.userAssignedResourceId` -Optional. The resource ID to assign to the resource. +The resource ID to assign to the resource. - Required: No - Type: string @@ -122,20 +139,15 @@ Optional. The resource ID to assign to the resource. ### Parameter: `name` The name of the Digital Twin Endpoint. + - Required: No - Type: string - Default: `'ServiceBusEndpoint'` -### Parameter: `primaryConnectionString` - -PrimaryConnectionString of the endpoint for key-based authentication. Will be obfuscated during read. Required if the `authenticationType` is "KeyBased". -- Required: No -- Type: securestring -- Default: `''` - ### Parameter: `secondaryConnectionString` SecondaryConnectionString of the endpoint for key-based authentication. Will be obfuscated during read. Only used if the `authenticationType` is "KeyBased". + - Required: No - Type: securestring - Default: `''` diff --git a/modules/document-db/database-account/README.md b/modules/document-db/database-account/README.md index d9167cbc22..e0e87268ce 100644 --- a/modules/document-db/database-account/README.md +++ b/modules/document-db/database-account/README.md @@ -1385,9 +1385,24 @@ module databaseAccount 'br:bicep/modules/document-db.database-account:1.0.0' = { | [`sqlDatabases`](#parameter-sqldatabases) | array | SQL Databases configurations. | | [`tags`](#parameter-tags) | object | Tags of the Database Account resource. | +### Parameter: `locations` + +Locations enabled for the Cosmos DB account. + +- Required: Yes +- Type: array + +### Parameter: `name` + +Name of the Database Account. + +- Required: Yes +- Type: string + ### Parameter: `automaticFailover` Enable automatic failover for regions. + - Required: No - Type: bool - Default: `True` @@ -1395,6 +1410,7 @@ Enable automatic failover for regions. ### Parameter: `backupIntervalInMinutes` An integer representing the interval in minutes between two backups. Only applies to periodic backup type. + - Required: No - Type: int - Default: `240` @@ -1402,6 +1418,7 @@ An integer representing the interval in minutes between two backups. Only applie ### Parameter: `backupPolicyContinuousTier` Configuration values for continuous mode backup. + - Required: No - Type: string - Default: `'Continuous30Days'` @@ -1416,6 +1433,7 @@ Configuration values for continuous mode backup. ### Parameter: `backupPolicyType` Describes the mode of backups. + - Required: No - Type: string - Default: `'Continuous'` @@ -1430,6 +1448,7 @@ Describes the mode of backups. ### Parameter: `backupRetentionIntervalInHours` An integer representing the time (in hours) that each backup is retained. Only applies to periodic backup type. + - Required: No - Type: int - Default: `8` @@ -1437,6 +1456,7 @@ An integer representing the time (in hours) that each backup is retained. Only a ### Parameter: `backupStorageRedundancy` Enum to indicate type of backup residency. Only applies to periodic backup type. + - Required: No - Type: string - Default: `'Local'` @@ -1452,6 +1472,7 @@ Enum to indicate type of backup residency. Only applies to periodic backup type. ### Parameter: `capabilitiesToAdd` List of Cosmos DB capabilities for the account. + - Required: No - Type: array - Default: `[]` @@ -1470,6 +1491,7 @@ List of Cosmos DB capabilities for the account. ### Parameter: `databaseAccountOfferType` The offer type for the Cosmos DB database account. + - Required: No - Type: string - Default: `'Standard'` @@ -1483,6 +1505,7 @@ The offer type for the Cosmos DB database account. ### Parameter: `defaultConsistencyLevel` The default consistency level of the Cosmos DB account. + - Required: No - Type: string - Default: `'Session'` @@ -1500,114 +1523,90 @@ The default consistency level of the Cosmos DB account. ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.metricCategories` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | - -### Parameter: `diagnosticSettings.metricCategories.category` - -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. - -- Required: Yes -- Type: string - - ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -1615,6 +1614,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -1622,6 +1622,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `enableFreeTier` Flag to indicate whether Free Tier is enabled. + - Required: No - Type: bool - Default: `False` @@ -1629,6 +1630,7 @@ Flag to indicate whether Free Tier is enabled. ### Parameter: `gremlinDatabases` Gremlin Databases configurations. + - Required: No - Type: array - Default: `[]` @@ -1636,39 +1638,43 @@ Gremlin Databases configurations. ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` -### Parameter: `locations` - -Locations enabled for the Cosmos DB account. -- Required: Yes -- Type: array - ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -1676,25 +1682,27 @@ Optional. Specify the name of lock. ### Parameter: `managedIdentities` The managed identity definition for this resource. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | No | bool | Optional. Enables system assigned managed identity on the resource. | -| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | No | array | Optional. The resource ID(s) to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | bool | Enables system assigned managed identity on the resource. | +| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. | ### Parameter: `managedIdentities.systemAssigned` -Optional. Enables system assigned managed identity on the resource. +Enables system assigned managed identity on the resource. - Required: No - Type: bool ### Parameter: `managedIdentities.userAssignedResourceIds` -Optional. The resource ID(s) to assign to the resource. +The resource ID(s) to assign to the resource. - Required: No - Type: array @@ -1702,6 +1710,7 @@ Optional. The resource ID(s) to assign to the resource. ### Parameter: `maxIntervalInSeconds` Max lag time (minutes). Required for BoundedStaleness. Valid ranges, Single Region: 5 to 84600. Multi Region: 300 to 86400. + - Required: No - Type: int - Default: `300` @@ -1709,6 +1718,7 @@ Max lag time (minutes). Required for BoundedStaleness. Valid ranges, Single Regi ### Parameter: `maxStalenessPrefix` Max stale requests. Required for BoundedStaleness. Valid ranges, Single Region: 10 to 1000000. Multi Region: 100000 to 1000000. + - Required: No - Type: int - Default: `100000` @@ -1716,210 +1726,255 @@ Max stale requests. Required for BoundedStaleness. Valid ranges, Single Region: ### Parameter: `mongodbDatabases` MongoDB Databases configurations. + - Required: No - Type: array - Default: `[]` -### Parameter: `name` - -Name of the Database Account. -- Required: Yes -- Type: string - ### Parameter: `privateEndpoints` Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. + - Required: No - Type: array +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | +| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | string | Resource ID of the subnet where the endpoint needs to be created. | -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | No | array | Optional. Application security groups in which the private endpoint IP configuration is included. | -| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | No | array | Optional. Custom DNS configurations. | -| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | No | string | Optional. The custom name of the network interface attached to the private endpoint. | -| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | No | bool | Optional. Enable/Disable usage telemetry for module. | -| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | No | array | Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | -| [`location`](#parameter-privateendpointslocation) | No | string | Optional. The location to deploy the private endpoint to. | -| [`lock`](#parameter-privateendpointslock) | No | object | Optional. Specify the type of lock. | -| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | No | array | Optional. Manual PrivateLink Service Connections. | -| [`name`](#parameter-privateendpointsname) | No | string | Optional. The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | No | string | Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | -| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | No | array | Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | -| [`roleAssignments`](#parameter-privateendpointsroleassignments) | No | array | Optional. Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | Yes | string | Required. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | -| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | Yes | string | Required. Resource ID of the subnet where the endpoint needs to be created. | -| [`tags`](#parameter-privateendpointstags) | No | object | Optional. Tags to be applied on all resources/resource groups in this deployment. | +**Optional parameters** -### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | array | Application security groups in which the private endpoint IP configuration is included. | +| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | array | Custom DNS configurations. | +| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | +| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | +| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | +| [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | +| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | +| [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | +| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | +| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | +| [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | +| [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | -Optional. Application security groups in which the private endpoint IP configuration is included. +### Parameter: `privateEndpoints.service` -- Required: No -- Type: array +The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". -### Parameter: `privateEndpoints.customDnsConfigs` +- Required: Yes +- Type: string -Optional. Custom DNS configurations. +### Parameter: `privateEndpoints.subnetResourceId` -- Required: No -- Type: array +Resource ID of the subnet where the endpoint needs to be created. -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | No | string | Required. Fqdn that resolves to private endpoint ip address. | -| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | Yes | array | Required. A list of private ip addresses of the private endpoint. | +- Required: Yes +- Type: string -### Parameter: `privateEndpoints.customDnsConfigs.fqdn` +### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` -Required. Fqdn that resolves to private endpoint ip address. +Application security groups in which the private endpoint IP configuration is included. - Required: No -- Type: string +- Type: array -### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` +### Parameter: `privateEndpoints.customDnsConfigs` -Required. A list of private ip addresses of the private endpoint. +Custom DNS configurations. -- Required: Yes +- Required: No - Type: array - ### Parameter: `privateEndpoints.customNetworkInterfaceName` -Optional. The custom name of the network interface attached to the private endpoint. +The custom name of the network interface attached to the private endpoint. - Required: No - Type: string ### Parameter: `privateEndpoints.enableTelemetry` -Optional. Enable/Disable usage telemetry for module. +Enable/Disable usage telemetry for module. - Required: No - Type: bool ### Parameter: `privateEndpoints.ipConfigurations` -Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. +A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`name`](#parameter-privateendpointsipconfigurationsname) | Yes | string | Required. The name of the resource that is unique within a resource group. | -| [`properties`](#parameter-privateendpointsipconfigurationsproperties) | Yes | object | Required. Properties of private endpoint IP configurations. | - -### Parameter: `privateEndpoints.ipConfigurations.name` +### Parameter: `privateEndpoints.location` -Required. The name of the resource that is unique within a resource group. +The location to deploy the private endpoint to. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties` +### Parameter: `privateEndpoints.lock` -Required. Properties of private endpoint IP configurations. +Specify the type of lock. -- Required: Yes +- Required: No - Type: object -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | Yes | string | Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. | -| [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | Yes | string | Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. | -| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | Yes | string | Required. A private ip address obtained from the private endpoint's subnet. | +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-privateendpointslockkind) | string | Specify the type of lock. | +| [`name`](#parameter-privateendpointslockname) | string | Specify the name of lock. | -### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` +### Parameter: `privateEndpoints.lock.kind` -Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. +Specify the type of lock. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` -### Parameter: `privateEndpoints.ipConfigurations.properties.memberName` +### Parameter: `privateEndpoints.lock.name` -Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. +Specify the name of lock. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` +### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` -Required. A private ip address obtained from the private endpoint's subnet. +Manual PrivateLink Service Connections. -- Required: Yes -- Type: string +- Required: No +- Type: array +### Parameter: `privateEndpoints.name` +The name of the private endpoint. -### Parameter: `privateEndpoints.location` +- Required: No +- Type: string + +### Parameter: `privateEndpoints.privateDnsZoneGroupName` -Optional. The location to deploy the private endpoint to. +The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. - Required: No - Type: string -### Parameter: `privateEndpoints.lock` +### Parameter: `privateEndpoints.privateDnsZoneResourceIds` -Optional. Specify the type of lock. +The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. - Required: No -- Type: object +- Type: array -### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` +### Parameter: `privateEndpoints.roleAssignments` -Optional. Manual PrivateLink Service Connections. +Array of role assignments to create. - Required: No - Type: array -### Parameter: `privateEndpoints.name` +**Required parameters** -Optional. The name of the private endpoint. +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-privateendpointsroleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-privateendpointsroleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -- Required: No +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-privateendpointsroleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-privateendpointsroleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-privateendpointsroleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-privateendpointsroleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-privateendpointsroleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | + +### Parameter: `privateEndpoints.roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `privateEndpoints.privateDnsZoneGroupName` +### Parameter: `privateEndpoints.roleAssignments.roleDefinitionIdOrName` + +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.roleAssignments.condition` + +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `privateEndpoints.privateDnsZoneResourceIds` +### Parameter: `privateEndpoints.roleAssignments.conditionVersion` -Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. +Version of the condition. - Required: No -- Type: array +- Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `privateEndpoints.roleAssignments` +### Parameter: `privateEndpoints.roleAssignments.delegatedManagedIdentityResourceId` -Optional. Array of role assignments to create. +The Resource Id of the delegated managed identity resource. - Required: No -- Type: array +- Type: string -### Parameter: `privateEndpoints.service` +### Parameter: `privateEndpoints.roleAssignments.description` -Required. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". +The description of the role assignment. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.subnetResourceId` +### Parameter: `privateEndpoints.roleAssignments.principalType` -Required. Resource ID of the subnet where the endpoint needs to be created. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `privateEndpoints.tags` -Optional. Tags to be applied on all resources/resource groups in this deployment. +Tags to be applied on all resources/resource groups in this deployment. - Required: No - Type: object @@ -1927,74 +1982,96 @@ Optional. Tags to be applied on all resources/resource groups in this deployment ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalIds' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | + +### Parameter: `roleAssignments.principalId` -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +The principal ID of the principal (user/group/identity) to assign the role to. -- Required: No +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `serverVersion` Specifies the MongoDB server version to use. + - Required: No - Type: string - Default: `'4.2'` @@ -2011,6 +2088,7 @@ Specifies the MongoDB server version to use. ### Parameter: `sqlDatabases` SQL Databases configurations. + - Required: No - Type: array - Default: `[]` @@ -2018,6 +2096,7 @@ SQL Databases configurations. ### Parameter: `tags` Tags of the Database Account resource. + - Required: No - Type: object diff --git a/modules/document-db/database-account/gremlin-database/README.md b/modules/document-db/database-account/gremlin-database/README.md index da1fb97246..df1136e3f0 100644 --- a/modules/document-db/database-account/gremlin-database/README.md +++ b/modules/document-db/database-account/gremlin-database/README.md @@ -41,15 +41,24 @@ This module deploys a Gremlin Database within a CosmosDB Account. | [`tags`](#parameter-tags) | object | Tags of the Gremlin database resource. | | [`throughput`](#parameter-throughput) | int | Request Units per second (for example 10000). Cannot be set together with `maxThroughput`. | +### Parameter: `name` + +Name of the Gremlin database. + +- Required: Yes +- Type: string + ### Parameter: `databaseAccountName` The name of the parent Gremlin database. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -57,6 +66,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `graphs` Array of graphs to deploy in the Gremlin database. + - Required: No - Type: array - Default: `[]` @@ -64,25 +74,22 @@ Array of graphs to deploy in the Gremlin database. ### Parameter: `maxThroughput` Represents maximum throughput, the resource can scale up to. Cannot be set together with `throughput`. If `throughput` is set to something else than -1, this autoscale setting is ignored. + - Required: No - Type: int - Default: `4000` -### Parameter: `name` - -Name of the Gremlin database. -- Required: Yes -- Type: string - ### Parameter: `tags` Tags of the Gremlin database resource. + - Required: No - Type: object ### Parameter: `throughput` Request Units per second (for example 10000). Cannot be set together with `maxThroughput`. + - Required: No - Type: int - Default: `-1` diff --git a/modules/document-db/database-account/gremlin-database/graph/README.md b/modules/document-db/database-account/gremlin-database/graph/README.md index 6e358a9bfe..3127f1d371 100644 --- a/modules/document-db/database-account/gremlin-database/graph/README.md +++ b/modules/document-db/database-account/gremlin-database/graph/README.md @@ -40,41 +40,47 @@ This module deploys a DocumentDB Database Accounts Gremlin Database Graph. | [`partitionKeyPaths`](#parameter-partitionkeypaths) | array | List of paths using which data within the container can be partitioned. | | [`tags`](#parameter-tags) | object | Tags of the Gremlin graph resource. | +### Parameter: `name` + +Name of the graph. + +- Required: Yes +- Type: string + ### Parameter: `databaseAccountName` The name of the parent Database Account. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + +### Parameter: `gremlinDatabaseName` + +The name of the parent Gremlin Database. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` -### Parameter: `gremlinDatabaseName` - -The name of the parent Gremlin Database. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `indexingPolicy` Indexing policy of the graph. + - Required: No - Type: object - Default: `{}` -### Parameter: `name` - -Name of the graph. -- Required: Yes -- Type: string - ### Parameter: `partitionKeyPaths` List of paths using which data within the container can be partitioned. + - Required: No - Type: array - Default: `[]` @@ -82,6 +88,7 @@ List of paths using which data within the container can be partitioned. ### Parameter: `tags` Tags of the Gremlin graph resource. + - Required: No - Type: object diff --git a/modules/document-db/database-account/mongodb-database/README.md b/modules/document-db/database-account/mongodb-database/README.md index 330081f50e..b20e184e59 100644 --- a/modules/document-db/database-account/mongodb-database/README.md +++ b/modules/document-db/database-account/mongodb-database/README.md @@ -39,41 +39,47 @@ This module deploys a MongoDB Database within a CosmosDB Account. | [`tags`](#parameter-tags) | object | Tags of the resource. | | [`throughput`](#parameter-throughput) | int | Name of the mongodb database. | -### Parameter: `collections` +### Parameter: `name` -Collections in the mongodb database. -- Required: No -- Type: array -- Default: `[]` +Name of the mongodb database. + +- Required: Yes +- Type: string ### Parameter: `databaseAccountName` The name of the parent Cosmos DB database account. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string +### Parameter: `collections` + +Collections in the mongodb database. + +- Required: No +- Type: array +- Default: `[]` + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` -### Parameter: `name` - -Name of the mongodb database. -- Required: Yes -- Type: string - ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object ### Parameter: `throughput` Name of the mongodb database. + - Required: No - Type: int - Default: `400` diff --git a/modules/document-db/database-account/mongodb-database/collection/README.md b/modules/document-db/database-account/mongodb-database/collection/README.md index ce98977d82..da1fc38cd2 100644 --- a/modules/document-db/database-account/mongodb-database/collection/README.md +++ b/modules/document-db/database-account/mongodb-database/collection/README.md @@ -40,46 +40,53 @@ This module deploys a MongoDB Database Collection. | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`throughput`](#parameter-throughput) | int | Name of the mongodb database. | -### Parameter: `databaseAccountName` - -The name of the parent Cosmos DB database account. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` - ### Parameter: `indexes` Indexes for the collection. -- Required: Yes -- Type: array -### Parameter: `mongodbDatabaseName` - -The name of the parent mongodb database. Required if the template is used in a standalone deployment. - Required: Yes -- Type: string +- Type: array ### Parameter: `name` Name of the collection. + - Required: Yes - Type: string ### Parameter: `shardKey` ShardKey for the collection. + - Required: Yes - Type: object +### Parameter: `databaseAccountName` + +The name of the parent Cosmos DB database account. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + +### Parameter: `mongodbDatabaseName` + +The name of the parent mongodb database. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` + ### Parameter: `throughput` Name of the mongodb database. + - Required: No - Type: int - Default: `400` diff --git a/modules/document-db/database-account/sql-database/README.md b/modules/document-db/database-account/sql-database/README.md index bb5beed3eb..96ae778d2c 100644 --- a/modules/document-db/database-account/sql-database/README.md +++ b/modules/document-db/database-account/sql-database/README.md @@ -40,9 +40,24 @@ This module deploys a SQL Database in a CosmosDB Account. | [`tags`](#parameter-tags) | object | Tags of the SQL database resource. | | [`throughput`](#parameter-throughput) | int | Request units per second. Will be set to null if autoscaleSettingsMaxThroughput is used. | +### Parameter: `name` + +Name of the SQL database . + +- Required: Yes +- Type: string + +### Parameter: `databaseAccountName` + +The name of the parent Database Account. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `autoscaleSettingsMaxThroughput` Specifies the Autoscale settings and represents maximum throughput, the resource can scale up to. The autoscale throughput should have valid throughput values between 1000 and 1000000 inclusive in increments of 1000. If value is set to -1, then the property will be set to null and autoscale will be disabled. + - Required: No - Type: int - Default: `-1` @@ -50,38 +65,30 @@ Specifies the Autoscale settings and represents maximum throughput, the resource ### Parameter: `containers` Array of containers to deploy in the SQL database. + - Required: No - Type: array - Default: `[]` -### Parameter: `databaseAccountName` - -The name of the parent Database Account. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` -### Parameter: `name` - -Name of the SQL database . -- Required: Yes -- Type: string - ### Parameter: `tags` Tags of the SQL database resource. + - Required: No - Type: object ### Parameter: `throughput` Request units per second. Will be set to null if autoscaleSettingsMaxThroughput is used. + - Required: No - Type: int - Default: `400` diff --git a/modules/document-db/database-account/sql-database/container/README.md b/modules/document-db/database-account/sql-database/container/README.md index cc46af3c67..8876592f85 100644 --- a/modules/document-db/database-account/sql-database/container/README.md +++ b/modules/document-db/database-account/sql-database/container/README.md @@ -47,9 +47,31 @@ This module deploys a SQL Database Container in a CosmosDB Account. | [`throughput`](#parameter-throughput) | int | Request Units per second. Will be set to null if autoscaleSettingsMaxThroughput is used. | | [`uniqueKeyPolicyKeys`](#parameter-uniquekeypolicykeys) | array | The unique key policy configuration containing a list of unique keys that enforces uniqueness constraint on documents in the collection in the Azure Cosmos DB service. | +### Parameter: `name` + +Name of the container. + +- Required: Yes +- Type: string + +### Parameter: `databaseAccountName` + +The name of the parent Database Account. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + +### Parameter: `sqlDatabaseName` + +The name of the parent SQL Database. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `analyticalStorageTtl` Indicates how long data should be retained in the analytical store, for a container. Analytical store is enabled when ATTL is set with a value other than 0. If the value is set to -1, the analytical store retains all historical data, irrespective of the retention of the data in the transactional store. + - Required: No - Type: int - Default: `0` @@ -57,6 +79,7 @@ Indicates how long data should be retained in the analytical store, for a contai ### Parameter: `autoscaleSettingsMaxThroughput` Specifies the Autoscale settings and represents maximum throughput, the resource can scale up to. The autoscale throughput should have valid throughput values between 1000 and 1000000 inclusive in increments of 1000. If value is set to -1, then the property will be set to null and autoscale will be disabled. + - Required: No - Type: int - Default: `-1` @@ -64,19 +87,15 @@ Specifies the Autoscale settings and represents maximum throughput, the resource ### Parameter: `conflictResolutionPolicy` The conflict resolution policy for the container. Conflicts and conflict resolution policies are applicable if the Azure Cosmos DB account is configured with multiple write regions. + - Required: No - Type: object - Default: `{}` -### Parameter: `databaseAccountName` - -The name of the parent Database Account. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `defaultTtl` Default time to live (in seconds). With Time to Live or TTL, Azure Cosmos DB provides the ability to delete items automatically from a container after a certain time period. If the value is set to "-1", it is equal to infinity, and items dont expire by default. + - Required: No - Type: int - Default: `-1` @@ -84,6 +103,7 @@ Default time to live (in seconds). With Time to Live or TTL, Azure Cosmos DB pro ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -91,6 +111,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `indexingPolicy` Indexing policy of the container. + - Required: No - Type: object - Default: `{}` @@ -98,6 +119,7 @@ Indexing policy of the container. ### Parameter: `kind` Indicates the kind of algorithm used for partitioning. + - Required: No - Type: string - Default: `'Hash'` @@ -110,34 +132,25 @@ Indicates the kind of algorithm used for partitioning. ] ``` -### Parameter: `name` - -Name of the container. -- Required: Yes -- Type: string - ### Parameter: `paths` List of paths using which data within the container can be partitioned. + - Required: No - Type: array - Default: `[]` -### Parameter: `sqlDatabaseName` - -The name of the parent SQL Database. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `tags` Tags of the SQL Database resource. + - Required: No - Type: object ### Parameter: `throughput` Request Units per second. Will be set to null if autoscaleSettingsMaxThroughput is used. + - Required: No - Type: int - Default: `400` @@ -145,6 +158,7 @@ Request Units per second. Will be set to null if autoscaleSettingsMaxThroughput ### Parameter: `uniqueKeyPolicyKeys` The unique key policy configuration containing a list of unique keys that enforces uniqueness constraint on documents in the collection in the Azure Cosmos DB service. + - Required: No - Type: array - Default: `[]` diff --git a/modules/event-grid/domain/README.md b/modules/event-grid/domain/README.md index 38f46a6a77..678b989436 100644 --- a/modules/event-grid/domain/README.md +++ b/modules/event-grid/domain/README.md @@ -530,9 +530,17 @@ module domain 'br:bicep/modules/event-grid.domain:1.0.0' = { | [`tags`](#parameter-tags) | object | Tags of the resource. | | [`topics`](#parameter-topics) | array | The topic names which are associated with the domain. | +### Parameter: `name` + +The name of the Event Grid Domain. + +- Required: Yes +- Type: string + ### Parameter: `autoCreateTopicWithFirstSubscription` Location for all Resources. + - Required: No - Type: bool - Default: `True` @@ -540,6 +548,7 @@ Location for all Resources. ### Parameter: `autoDeleteTopicWithLastSubscription` Location for all Resources. + - Required: No - Type: bool - Default: `True` @@ -547,114 +556,90 @@ Location for all Resources. ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.metricCategories` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | - -### Parameter: `diagnosticSettings.metricCategories.category` - -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. - -- Required: Yes -- Type: string - - ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -662,6 +647,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -669,6 +655,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `inboundIpRules` This can be used to restrict traffic from specific IPs instead of all IPs. Note: These are considered only if PublicNetworkAccess is enabled. + - Required: No - Type: array - Default: `[]` @@ -676,6 +663,7 @@ This can be used to restrict traffic from specific IPs instead of all IPs. Note: ### Parameter: `location` Location for all Resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -683,230 +671,283 @@ Location for all Resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string -### Parameter: `name` - -The name of the Event Grid Domain. -- Required: Yes -- Type: string - ### Parameter: `privateEndpoints` Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | No | array | Optional. Application security groups in which the private endpoint IP configuration is included. | -| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | No | array | Optional. Custom DNS configurations. | -| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | No | string | Optional. The custom name of the network interface attached to the private endpoint. | -| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | No | bool | Optional. Enable/Disable usage telemetry for module. | -| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | No | array | Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | -| [`location`](#parameter-privateendpointslocation) | No | string | Optional. The location to deploy the private endpoint to. | -| [`lock`](#parameter-privateendpointslock) | No | object | Optional. Specify the type of lock. | -| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | No | array | Optional. Manual PrivateLink Service Connections. | -| [`name`](#parameter-privateendpointsname) | No | string | Optional. The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | No | string | Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | -| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | No | array | Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | -| [`roleAssignments`](#parameter-privateendpointsroleassignments) | No | array | Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| [`service`](#parameter-privateendpointsservice) | No | string | Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | -| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | Yes | string | Required. Resource ID of the subnet where the endpoint needs to be created. | -| [`tags`](#parameter-privateendpointstags) | No | object | Optional. Tags to be applied on all resources/resource groups in this deployment. | - -### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` - -Optional. Application security groups in which the private endpoint IP configuration is included. +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | string | Resource ID of the subnet where the endpoint needs to be created. | -- Required: No -- Type: array +**Optional parameters** -### Parameter: `privateEndpoints.customDnsConfigs` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | array | Application security groups in which the private endpoint IP configuration is included. | +| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | array | Custom DNS configurations. | +| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | +| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | +| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | +| [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | +| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | +| [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | +| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | +| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | +| [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | +| [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | -Optional. Custom DNS configurations. +### Parameter: `privateEndpoints.subnetResourceId` -- Required: No -- Type: array +Resource ID of the subnet where the endpoint needs to be created. -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | No | string | Required. Fqdn that resolves to private endpoint ip address. | -| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | Yes | array | Required. A list of private ip addresses of the private endpoint. | +- Required: Yes +- Type: string -### Parameter: `privateEndpoints.customDnsConfigs.fqdn` +### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` -Required. Fqdn that resolves to private endpoint ip address. +Application security groups in which the private endpoint IP configuration is included. - Required: No -- Type: string +- Type: array -### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` +### Parameter: `privateEndpoints.customDnsConfigs` -Required. A list of private ip addresses of the private endpoint. +Custom DNS configurations. -- Required: Yes +- Required: No - Type: array - ### Parameter: `privateEndpoints.customNetworkInterfaceName` -Optional. The custom name of the network interface attached to the private endpoint. +The custom name of the network interface attached to the private endpoint. - Required: No - Type: string ### Parameter: `privateEndpoints.enableTelemetry` -Optional. Enable/Disable usage telemetry for module. +Enable/Disable usage telemetry for module. - Required: No - Type: bool ### Parameter: `privateEndpoints.ipConfigurations` -Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. +A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`name`](#parameter-privateendpointsipconfigurationsname) | Yes | string | Required. The name of the resource that is unique within a resource group. | -| [`properties`](#parameter-privateendpointsipconfigurationsproperties) | Yes | object | Required. Properties of private endpoint IP configurations. | - -### Parameter: `privateEndpoints.ipConfigurations.name` +### Parameter: `privateEndpoints.location` -Required. The name of the resource that is unique within a resource group. +The location to deploy the private endpoint to. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties` +### Parameter: `privateEndpoints.lock` -Required. Properties of private endpoint IP configurations. +Specify the type of lock. -- Required: Yes +- Required: No - Type: object -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | Yes | string | Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. | -| [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | Yes | string | Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. | -| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | Yes | string | Required. A private ip address obtained from the private endpoint's subnet. | +**Optional parameters** -### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-privateendpointslockkind) | string | Specify the type of lock. | +| [`name`](#parameter-privateendpointslockname) | string | Specify the name of lock. | -Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. +### Parameter: `privateEndpoints.lock.kind` -- Required: Yes +Specify the type of lock. + +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` -### Parameter: `privateEndpoints.ipConfigurations.properties.memberName` +### Parameter: `privateEndpoints.lock.name` -Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. +Specify the name of lock. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` +### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` -Required. A private ip address obtained from the private endpoint's subnet. +Manual PrivateLink Service Connections. -- Required: Yes -- Type: string +- Required: No +- Type: array +### Parameter: `privateEndpoints.name` +The name of the private endpoint. -### Parameter: `privateEndpoints.location` +- Required: No +- Type: string -Optional. The location to deploy the private endpoint to. +### Parameter: `privateEndpoints.privateDnsZoneGroupName` + +The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. - Required: No - Type: string -### Parameter: `privateEndpoints.lock` +### Parameter: `privateEndpoints.privateDnsZoneResourceIds` -Optional. Specify the type of lock. +The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. - Required: No -- Type: object +- Type: array -### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` +### Parameter: `privateEndpoints.roleAssignments` -Optional. Manual PrivateLink Service Connections. +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. - Required: No - Type: array -### Parameter: `privateEndpoints.name` +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-privateendpointsroleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-privateendpointsroleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-privateendpointsroleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-privateendpointsroleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-privateendpointsroleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-privateendpointsroleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-privateendpointsroleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | + +### Parameter: `privateEndpoints.roleAssignments.principalId` -Optional. The name of the private endpoint. +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.roleAssignments.roleDefinitionIdOrName` + +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.roleAssignments.condition` + +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `privateEndpoints.privateDnsZoneGroupName` +### Parameter: `privateEndpoints.roleAssignments.conditionVersion` -Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `privateEndpoints.privateDnsZoneResourceIds` +### Parameter: `privateEndpoints.roleAssignments.delegatedManagedIdentityResourceId` -Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. +The Resource Id of the delegated managed identity resource. - Required: No -- Type: array +- Type: string -### Parameter: `privateEndpoints.roleAssignments` +### Parameter: `privateEndpoints.roleAssignments.description` -Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The description of the role assignment. - Required: No -- Type: array +- Type: string -### Parameter: `privateEndpoints.service` +### Parameter: `privateEndpoints.roleAssignments.principalType` -Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". +The principal type of the assigned principal ID. - Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` -### Parameter: `privateEndpoints.subnetResourceId` +### Parameter: `privateEndpoints.service` -Required. Resource ID of the subnet where the endpoint needs to be created. +The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". -- Required: Yes +- Required: No - Type: string ### Parameter: `privateEndpoints.tags` -Optional. Tags to be applied on all resources/resource groups in this deployment. +Tags to be applied on all resources/resource groups in this deployment. - Required: No - Type: object @@ -914,6 +955,7 @@ Optional. Tags to be applied on all resources/resource groups in this deployment ### Parameter: `publicNetworkAccess` Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and inboundIpRules are not set. + - Required: No - Type: string - Default: `''` @@ -929,80 +971,103 @@ Whether or not public network access is allowed for this resource. For security ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object ### Parameter: `topics` The topic names which are associated with the domain. + - Required: No - Type: array - Default: `[]` diff --git a/modules/event-grid/domain/topic/README.md b/modules/event-grid/domain/topic/README.md index f4c4b1a733..6dc88f87ef 100644 --- a/modules/event-grid/domain/topic/README.md +++ b/modules/event-grid/domain/topic/README.md @@ -36,15 +36,24 @@ This module deploys an Event Grid Domain Topic. | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`location`](#parameter-location) | string | Location for all Resources. | +### Parameter: `name` + +The name of the Event Grid Domain Topic. + +- Required: Yes +- Type: string + ### Parameter: `domainName` The name of the parent Event Grid Domain. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -52,16 +61,11 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` Location for all Resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` -### Parameter: `name` - -The name of the Event Grid Domain Topic. -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/event-grid/system-topic/README.md b/modules/event-grid/system-topic/README.md index c484cc32a3..b901bdc3de 100644 --- a/modules/event-grid/system-topic/README.md +++ b/modules/event-grid/system-topic/README.md @@ -476,117 +476,114 @@ module systemTopic 'br:bicep/modules/event-grid.system-topic:1.0.0' = { | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`tags`](#parameter-tags) | object | Tags of the resource. | +### Parameter: `name` + +The name of the Event Grid Topic. + +- Required: Yes +- Type: string + +### Parameter: `source` + +Source for the system topic. + +- Required: Yes +- Type: string + +### Parameter: `topicType` + +TopicType for the system topic. + +- Required: Yes +- Type: string + ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.metricCategories` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | - -### Parameter: `diagnosticSettings.metricCategories.category` - -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. - -- Required: Yes -- Type: string - - ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -594,6 +591,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -601,6 +599,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `eventSubscriptions` Event subscriptions to deploy. + - Required: No - Type: array - Default: `[]` @@ -608,6 +607,7 @@ Event subscriptions to deploy. ### Parameter: `location` Location for all Resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -615,26 +615,35 @@ Location for all Resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -642,121 +651,127 @@ Optional. Specify the name of lock. ### Parameter: `managedIdentities` The managed identity definition for this resource. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | No | bool | Optional. Enables system assigned managed identity on the resource. | -| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | No | array | Optional. The resource ID(s) to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | bool | Enables system assigned managed identity on the resource. | +| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. | ### Parameter: `managedIdentities.systemAssigned` -Optional. Enables system assigned managed identity on the resource. +Enables system assigned managed identity on the resource. - Required: No - Type: bool ### Parameter: `managedIdentities.userAssignedResourceIds` -Optional. The resource ID(s) to assign to the resource. +The resource ID(s) to assign to the resource. - Required: No - Type: array -### Parameter: `name` - -The name of the Event Grid Topic. -- Required: Yes -- Type: string - ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | - -### Parameter: `roleAssignments.condition` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +**Optional parameters** -- Required: No -- Type: string +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.principalId` -Optional. Version of the condition. +The principal ID of the principal (user/group/identity) to assign the role to. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. The Resource Id of the delegated managed identity resource. +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. -- Required: No +- Required: Yes - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.condition` -Optional. The description of the role assignment. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.conditionVersion` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +Version of the condition. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Optional. The principal type of the assigned principal ID. +The Resource Id of the delegated managed identity resource. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.description` -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. +The description of the role assignment. -- Required: Yes +- Required: No - Type: string -### Parameter: `source` +### Parameter: `roleAssignments.principalType` -Source for the system topic. -- Required: Yes +The principal type of the assigned principal ID. + +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object -### Parameter: `topicType` - -TopicType for the system topic. -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/event-grid/system-topic/event-subscription/README.md b/modules/event-grid/system-topic/event-subscription/README.md index f8c63e5e22..397b1c50a7 100644 --- a/modules/event-grid/system-topic/event-subscription/README.md +++ b/modules/event-grid/system-topic/event-subscription/README.md @@ -40,9 +40,31 @@ This module deploys an Event Grid System Topic Event Subscription. | [`location`](#parameter-location) | string | Location for all Resources. | | [`retryPolicy`](#parameter-retrypolicy) | object | The retry policy for events. This can be used to configure the TTL and maximum number of delivery attempts and time to live for events. | +### Parameter: `destination` + +The destination for the event subscription. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#eventsubscriptiondestination-objects for more information). + +- Required: Yes +- Type: object + +### Parameter: `name` + +The name of the Event Subscription. + +- Required: Yes +- Type: string + +### Parameter: `systemTopicName` + +Name of the Event Grid System Topic. + +- Required: Yes +- Type: string + ### Parameter: `deadLetterDestination` Dead Letter Destination. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#deadletterdestination-objects for more information). + - Required: No - Type: object - Default: `{}` @@ -50,6 +72,7 @@ Dead Letter Destination. (See https://learn.microsoft.com/en-us/azure/templates/ ### Parameter: `deadLetterWithResourceIdentity` Dead Letter with Resource Identity Configuration. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#deadletterwithresourceidentity-objects for more information). + - Required: No - Type: object - Default: `{}` @@ -57,19 +80,15 @@ Dead Letter with Resource Identity Configuration. (See https://learn.microsoft.c ### Parameter: `deliveryWithResourceIdentity` Delivery with Resource Identity Configuration. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#deliverywithresourceidentity-objects for more information). + - Required: No - Type: object - Default: `{}` -### Parameter: `destination` - -The destination for the event subscription. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#eventsubscriptiondestination-objects for more information). -- Required: Yes -- Type: object - ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -77,6 +96,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `eventDeliverySchema` The event delivery schema for the event subscription. + - Required: No - Type: string - Default: `'EventGridSchema'` @@ -93,6 +113,7 @@ The event delivery schema for the event subscription. ### Parameter: `expirationTimeUtc` The expiration time for the event subscription. Format is ISO-8601 (yyyy-MM-ddTHH:mm:ssZ). + - Required: No - Type: string - Default: `''` @@ -100,6 +121,7 @@ The expiration time for the event subscription. Format is ISO-8601 (yyyy-MM-ddTH ### Parameter: `filter` The filter for the event subscription. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#eventsubscriptionfilter for more information). + - Required: No - Type: object - Default: `{}` @@ -107,6 +129,7 @@ The filter for the event subscription. (See https://learn.microsoft.com/en-us/az ### Parameter: `labels` The list of user defined labels. + - Required: No - Type: array - Default: `[]` @@ -114,29 +137,19 @@ The list of user defined labels. ### Parameter: `location` Location for all Resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` -### Parameter: `name` - -The name of the Event Subscription. -- Required: Yes -- Type: string - ### Parameter: `retryPolicy` The retry policy for events. This can be used to configure the TTL and maximum number of delivery attempts and time to live for events. + - Required: No - Type: object - Default: `{}` -### Parameter: `systemTopicName` - -Name of the Event Grid System Topic. -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/event-grid/topic/README.md b/modules/event-grid/topic/README.md index a00df258c6..2abc6b61c7 100644 --- a/modules/event-grid/topic/README.md +++ b/modules/event-grid/topic/README.md @@ -612,117 +612,100 @@ module topic 'br:bicep/modules/event-grid.topic:1.0.0' = { | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`tags`](#parameter-tags) | object | Tags of the resource. | +### Parameter: `name` + +The name of the Event Grid Topic. + +- Required: Yes +- Type: string + ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.metricCategories` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | - -### Parameter: `diagnosticSettings.metricCategories.category` - -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. - -- Required: Yes -- Type: string - - ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -730,6 +713,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -737,6 +721,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `eventSubscriptions` Event subscriptions to deploy. + - Required: No - Type: array - Default: `[]` @@ -744,6 +729,7 @@ Event subscriptions to deploy. ### Parameter: `inboundIpRules` This can be used to restrict traffic from specific IPs instead of all IPs. Note: These are considered only if PublicNetworkAccess is enabled. + - Required: No - Type: array - Default: `[]` @@ -751,6 +737,7 @@ This can be used to restrict traffic from specific IPs instead of all IPs. Note: ### Parameter: `location` Location for all Resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -758,230 +745,283 @@ Location for all Resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string -### Parameter: `name` - -The name of the Event Grid Topic. -- Required: Yes -- Type: string - ### Parameter: `privateEndpoints` Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | No | array | Optional. Application security groups in which the private endpoint IP configuration is included. | -| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | No | array | Optional. Custom DNS configurations. | -| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | No | string | Optional. The custom name of the network interface attached to the private endpoint. | -| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | No | bool | Optional. Enable/Disable usage telemetry for module. | -| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | No | array | Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | -| [`location`](#parameter-privateendpointslocation) | No | string | Optional. The location to deploy the private endpoint to. | -| [`lock`](#parameter-privateendpointslock) | No | object | Optional. Specify the type of lock. | -| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | No | array | Optional. Manual PrivateLink Service Connections. | -| [`name`](#parameter-privateendpointsname) | No | string | Optional. The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | No | string | Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | -| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | No | array | Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | -| [`roleAssignments`](#parameter-privateendpointsroleassignments) | No | array | Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| [`service`](#parameter-privateendpointsservice) | No | string | Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | -| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | Yes | string | Required. Resource ID of the subnet where the endpoint needs to be created. | -| [`tags`](#parameter-privateendpointstags) | No | object | Optional. Tags to be applied on all resources/resource groups in this deployment. | - -### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` - -Optional. Application security groups in which the private endpoint IP configuration is included. +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | string | Resource ID of the subnet where the endpoint needs to be created. | -- Required: No -- Type: array +**Optional parameters** -### Parameter: `privateEndpoints.customDnsConfigs` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | array | Application security groups in which the private endpoint IP configuration is included. | +| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | array | Custom DNS configurations. | +| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | +| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | +| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | +| [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | +| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | +| [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | +| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | +| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | +| [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | +| [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | -Optional. Custom DNS configurations. +### Parameter: `privateEndpoints.subnetResourceId` -- Required: No -- Type: array +Resource ID of the subnet where the endpoint needs to be created. -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | No | string | Required. Fqdn that resolves to private endpoint ip address. | -| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | Yes | array | Required. A list of private ip addresses of the private endpoint. | +- Required: Yes +- Type: string -### Parameter: `privateEndpoints.customDnsConfigs.fqdn` +### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` -Required. Fqdn that resolves to private endpoint ip address. +Application security groups in which the private endpoint IP configuration is included. - Required: No -- Type: string +- Type: array -### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` +### Parameter: `privateEndpoints.customDnsConfigs` -Required. A list of private ip addresses of the private endpoint. +Custom DNS configurations. -- Required: Yes +- Required: No - Type: array - ### Parameter: `privateEndpoints.customNetworkInterfaceName` -Optional. The custom name of the network interface attached to the private endpoint. +The custom name of the network interface attached to the private endpoint. - Required: No - Type: string ### Parameter: `privateEndpoints.enableTelemetry` -Optional. Enable/Disable usage telemetry for module. +Enable/Disable usage telemetry for module. - Required: No - Type: bool ### Parameter: `privateEndpoints.ipConfigurations` -Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. +A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`name`](#parameter-privateendpointsipconfigurationsname) | Yes | string | Required. The name of the resource that is unique within a resource group. | -| [`properties`](#parameter-privateendpointsipconfigurationsproperties) | Yes | object | Required. Properties of private endpoint IP configurations. | - -### Parameter: `privateEndpoints.ipConfigurations.name` +### Parameter: `privateEndpoints.location` -Required. The name of the resource that is unique within a resource group. +The location to deploy the private endpoint to. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties` +### Parameter: `privateEndpoints.lock` -Required. Properties of private endpoint IP configurations. +Specify the type of lock. -- Required: Yes +- Required: No - Type: object -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | Yes | string | Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. | -| [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | Yes | string | Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. | -| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | Yes | string | Required. A private ip address obtained from the private endpoint's subnet. | +**Optional parameters** -### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-privateendpointslockkind) | string | Specify the type of lock. | +| [`name`](#parameter-privateendpointslockname) | string | Specify the name of lock. | -Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. +### Parameter: `privateEndpoints.lock.kind` -- Required: Yes +Specify the type of lock. + +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` -### Parameter: `privateEndpoints.ipConfigurations.properties.memberName` +### Parameter: `privateEndpoints.lock.name` -Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. +Specify the name of lock. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` +### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` -Required. A private ip address obtained from the private endpoint's subnet. +Manual PrivateLink Service Connections. -- Required: Yes -- Type: string +- Required: No +- Type: array +### Parameter: `privateEndpoints.name` +The name of the private endpoint. -### Parameter: `privateEndpoints.location` +- Required: No +- Type: string -Optional. The location to deploy the private endpoint to. +### Parameter: `privateEndpoints.privateDnsZoneGroupName` + +The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. - Required: No - Type: string -### Parameter: `privateEndpoints.lock` +### Parameter: `privateEndpoints.privateDnsZoneResourceIds` -Optional. Specify the type of lock. +The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. - Required: No -- Type: object +- Type: array -### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` +### Parameter: `privateEndpoints.roleAssignments` -Optional. Manual PrivateLink Service Connections. +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. - Required: No - Type: array -### Parameter: `privateEndpoints.name` +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-privateendpointsroleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-privateendpointsroleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-privateendpointsroleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-privateendpointsroleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-privateendpointsroleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-privateendpointsroleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-privateendpointsroleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | + +### Parameter: `privateEndpoints.roleAssignments.principalId` -Optional. The name of the private endpoint. +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.roleAssignments.roleDefinitionIdOrName` + +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.roleAssignments.condition` + +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `privateEndpoints.privateDnsZoneGroupName` +### Parameter: `privateEndpoints.roleAssignments.conditionVersion` -Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `privateEndpoints.privateDnsZoneResourceIds` +### Parameter: `privateEndpoints.roleAssignments.delegatedManagedIdentityResourceId` -Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. +The Resource Id of the delegated managed identity resource. - Required: No -- Type: array +- Type: string -### Parameter: `privateEndpoints.roleAssignments` +### Parameter: `privateEndpoints.roleAssignments.description` -Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The description of the role assignment. - Required: No -- Type: array +- Type: string -### Parameter: `privateEndpoints.service` +### Parameter: `privateEndpoints.roleAssignments.principalType` -Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". +The principal type of the assigned principal ID. - Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` -### Parameter: `privateEndpoints.subnetResourceId` +### Parameter: `privateEndpoints.service` -Required. Resource ID of the subnet where the endpoint needs to be created. +The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". -- Required: Yes +- Required: No - Type: string ### Parameter: `privateEndpoints.tags` -Optional. Tags to be applied on all resources/resource groups in this deployment. +Tags to be applied on all resources/resource groups in this deployment. - Required: No - Type: object @@ -989,6 +1029,7 @@ Optional. Tags to be applied on all resources/resource groups in this deployment ### Parameter: `publicNetworkAccess` Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and inboundIpRules are not set. + - Required: No - Type: string - Default: `''` @@ -1004,74 +1045,96 @@ Whether or not public network access is allowed for this resource. For security ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | -### Parameter: `roleAssignments.condition` +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +### Parameter: `roleAssignments.principalId` -- Required: No +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object diff --git a/modules/event-grid/topic/event-subscription/README.md b/modules/event-grid/topic/event-subscription/README.md index 5ca0bc97ca..aa6ab314d5 100644 --- a/modules/event-grid/topic/event-subscription/README.md +++ b/modules/event-grid/topic/event-subscription/README.md @@ -40,9 +40,31 @@ This module deploys an Event Grid Topic Event Subscription. | [`location`](#parameter-location) | string | Location for all Resources. | | [`retryPolicy`](#parameter-retrypolicy) | object | The retry policy for events. This can be used to configure the TTL and maximum number of delivery attempts and time to live for events. | +### Parameter: `destination` + +The destination for the event subscription. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#eventsubscriptiondestination-objects for more information). + +- Required: Yes +- Type: object + +### Parameter: `name` + +The name of the Event Subscription. + +- Required: Yes +- Type: string + +### Parameter: `topicName` + +Name of the Event Grid Topic. + +- Required: Yes +- Type: string + ### Parameter: `deadLetterDestination` Dead Letter Destination. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#deadletterdestination-objects for more information). + - Required: No - Type: object - Default: `{}` @@ -50,6 +72,7 @@ Dead Letter Destination. (See https://learn.microsoft.com/en-us/azure/templates/ ### Parameter: `deadLetterWithResourceIdentity` Dead Letter with Resource Identity Configuration. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#deadletterwithresourceidentity-objects for more information). + - Required: No - Type: object - Default: `{}` @@ -57,19 +80,15 @@ Dead Letter with Resource Identity Configuration. (See https://learn.microsoft.c ### Parameter: `deliveryWithResourceIdentity` Delivery with Resource Identity Configuration. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#deliverywithresourceidentity-objects for more information). + - Required: No - Type: object - Default: `{}` -### Parameter: `destination` - -The destination for the event subscription. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#eventsubscriptiondestination-objects for more information). -- Required: Yes -- Type: object - ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -77,6 +96,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `eventDeliverySchema` The event delivery schema for the event subscription. + - Required: No - Type: string - Default: `'EventGridSchema'` @@ -93,6 +113,7 @@ The event delivery schema for the event subscription. ### Parameter: `expirationTimeUtc` The expiration time for the event subscription. Format is ISO-8601 (yyyy-MM-ddTHH:mm:ssZ). + - Required: No - Type: string - Default: `''` @@ -100,6 +121,7 @@ The expiration time for the event subscription. Format is ISO-8601 (yyyy-MM-ddTH ### Parameter: `filter` The filter for the event subscription. (See https://learn.microsoft.com/en-us/azure/templates/microsoft.eventgrid/eventsubscriptions?pivots=deployment-language-bicep#eventsubscriptionfilter for more information). + - Required: No - Type: object - Default: `{}` @@ -107,6 +129,7 @@ The filter for the event subscription. (See https://learn.microsoft.com/en-us/az ### Parameter: `labels` The list of user defined labels. + - Required: No - Type: array - Default: `[]` @@ -114,29 +137,19 @@ The list of user defined labels. ### Parameter: `location` Location for all Resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` -### Parameter: `name` - -The name of the Event Subscription. -- Required: Yes -- Type: string - ### Parameter: `retryPolicy` The retry policy for events. This can be used to configure the TTL and maximum number of delivery attempts and time to live for events. + - Required: No - Type: object - Default: `{}` -### Parameter: `topicName` - -Name of the Event Grid Topic. -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/event-hub/namespace/README.md b/modules/event-hub/namespace/README.md index faca598780..a7afa4ab37 100644 --- a/modules/event-hub/namespace/README.md +++ b/modules/event-hub/namespace/README.md @@ -1114,9 +1114,17 @@ module namespace 'br:bicep/modules/event-hub.namespace:1.0.0' = { | [`tags`](#parameter-tags) | object | Tags of the resource. | | [`zoneRedundant`](#parameter-zoneredundant) | bool | Switch to make the Event Hub Namespace zone redundant. | +### Parameter: `name` + +The name of the event hub namespace. + +- Required: Yes +- Type: string + ### Parameter: `authorizationRules` Authorization Rules for the Event Hub namespace. + - Required: No - Type: array - Default: @@ -1136,41 +1144,48 @@ Authorization Rules for the Event Hub namespace. ### Parameter: `customerManagedKey` The customer managed key definition. + - Required: No - Type: object +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`keyName`](#parameter-customermanagedkeykeyname) | Yes | string | Required. The name of the customer managed key to use for encryption. | -| [`keyVaultResourceId`](#parameter-customermanagedkeykeyvaultresourceid) | Yes | string | Required. The resource ID of a key vault to reference a customer managed key for encryption from. | -| [`keyVersion`](#parameter-customermanagedkeykeyversion) | No | string | Optional. The version of the customer managed key to reference for encryption. If not provided, using 'latest'. | -| [`userAssignedIdentityResourceId`](#parameter-customermanagedkeyuserassignedidentityresourceid) | No | string | Optional. User assigned identity to use when fetching the customer managed key. Required if no system assigned identity is available for use. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`keyName`](#parameter-customermanagedkeykeyname) | string | The name of the customer managed key to use for encryption. | +| [`keyVaultResourceId`](#parameter-customermanagedkeykeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`keyVersion`](#parameter-customermanagedkeykeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, using 'latest'. | +| [`userAssignedIdentityResourceId`](#parameter-customermanagedkeyuserassignedidentityresourceid) | string | User assigned identity to use when fetching the customer managed key. Required if no system assigned identity is available for use. | ### Parameter: `customerManagedKey.keyName` -Required. The name of the customer managed key to use for encryption. +The name of the customer managed key to use for encryption. - Required: Yes - Type: string ### Parameter: `customerManagedKey.keyVaultResourceId` -Required. The resource ID of a key vault to reference a customer managed key for encryption from. +The resource ID of a key vault to reference a customer managed key for encryption from. - Required: Yes - Type: string ### Parameter: `customerManagedKey.keyVersion` -Optional. The version of the customer managed key to reference for encryption. If not provided, using 'latest'. +The version of the customer managed key to reference for encryption. If not provided, using 'latest'. - Required: No - Type: string ### Parameter: `customerManagedKey.userAssignedIdentityResourceId` -Optional. User assigned identity to use when fetching the customer managed key. Required if no system assigned identity is available for use. +User assigned identity to use when fetching the customer managed key. Required if no system assigned identity is available for use. - Required: No - Type: string @@ -1178,114 +1193,90 @@ Optional. User assigned identity to use when fetching the customer managed key. ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.metricCategories` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | - -### Parameter: `diagnosticSettings.metricCategories.category` - -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. - -- Required: Yes -- Type: string - - ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -1293,6 +1284,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `disableLocalAuth` This property disables SAS authentication for the Event Hubs namespace. + - Required: No - Type: bool - Default: `True` @@ -1300,6 +1292,7 @@ This property disables SAS authentication for the Event Hubs namespace. ### Parameter: `disasterRecoveryConfig` The disaster recovery config for this namespace. + - Required: No - Type: object - Default: `{}` @@ -1307,6 +1300,7 @@ The disaster recovery config for this namespace. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -1314,6 +1308,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `eventhubs` The event hubs to deploy into this namespace. + - Required: No - Type: array - Default: `[]` @@ -1321,6 +1316,7 @@ The event hubs to deploy into this namespace. ### Parameter: `isAutoInflateEnabled` Switch to enable the Auto Inflate feature of Event Hub. Auto Inflate is not supported in Premium SKU EventHub. + - Required: No - Type: bool - Default: `False` @@ -1328,6 +1324,7 @@ Switch to enable the Auto Inflate feature of Event Hub. Auto Inflate is not supp ### Parameter: `kafkaEnabled` Value that indicates whether Kafka is enabled for Event Hubs Namespace. + - Required: No - Type: bool - Default: `False` @@ -1335,6 +1332,7 @@ Value that indicates whether Kafka is enabled for Event Hubs Namespace. ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -1342,26 +1340,35 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -1369,25 +1376,27 @@ Optional. Specify the name of lock. ### Parameter: `managedIdentities` The managed identity definition for this resource. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | No | bool | Optional. Enables system assigned managed identity on the resource. | -| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | No | array | Optional. The resource ID(s) to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | bool | Enables system assigned managed identity on the resource. | +| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. | ### Parameter: `managedIdentities.systemAssigned` -Optional. Enables system assigned managed identity on the resource. +Enables system assigned managed identity on the resource. - Required: No - Type: bool ### Parameter: `managedIdentities.userAssignedResourceIds` -Optional. The resource ID(s) to assign to the resource. +The resource ID(s) to assign to the resource. - Required: No - Type: array @@ -1395,6 +1404,7 @@ Optional. The resource ID(s) to assign to the resource. ### Parameter: `maximumThroughputUnits` Upper limit of throughput units when AutoInflate is enabled, value should be within 0 to 20 throughput units. + - Required: No - Type: int - Default: `1` @@ -1402,6 +1412,7 @@ Upper limit of throughput units when AutoInflate is enabled, value should be wit ### Parameter: `minimumTlsVersion` The minimum TLS version for the cluster to support. + - Required: No - Type: string - Default: `'1.2'` @@ -1414,15 +1425,10 @@ The minimum TLS version for the cluster to support. ] ``` -### Parameter: `name` - -The name of the event hub namespace. -- Required: Yes -- Type: string - ### Parameter: `networkRuleSets` Configure networking options. This object contains IPs/Subnets to allow or restrict access to private endpoints only. For security reasons, it is recommended to configure this object on the Namespace. + - Required: No - Type: object - Default: `{}` @@ -1430,197 +1436,247 @@ Configure networking options. This object contains IPs/Subnets to allow or restr ### Parameter: `privateEndpoints` Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | No | array | Optional. Application security groups in which the private endpoint IP configuration is included. | -| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | No | array | Optional. Custom DNS configurations. | -| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | No | string | Optional. The custom name of the network interface attached to the private endpoint. | -| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | No | bool | Optional. Enable/Disable usage telemetry for module. | -| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | No | array | Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | -| [`location`](#parameter-privateendpointslocation) | No | string | Optional. The location to deploy the private endpoint to. | -| [`lock`](#parameter-privateendpointslock) | No | object | Optional. Specify the type of lock. | -| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | No | array | Optional. Manual PrivateLink Service Connections. | -| [`name`](#parameter-privateendpointsname) | No | string | Optional. The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | No | string | Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | -| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | No | array | Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | -| [`roleAssignments`](#parameter-privateendpointsroleassignments) | No | array | Optional. Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | No | string | Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | -| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | Yes | string | Required. Resource ID of the subnet where the endpoint needs to be created. | -| [`tags`](#parameter-privateendpointstags) | No | object | Optional. Tags to be applied on all resources/resource groups in this deployment. | - -### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` - -Optional. Application security groups in which the private endpoint IP configuration is included. +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | string | Resource ID of the subnet where the endpoint needs to be created. | -- Required: No -- Type: array +**Optional parameters** -### Parameter: `privateEndpoints.customDnsConfigs` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | array | Application security groups in which the private endpoint IP configuration is included. | +| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | array | Custom DNS configurations. | +| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | +| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | +| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | +| [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | +| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | +| [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | +| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | +| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | +| [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | +| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | +| [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | -Optional. Custom DNS configurations. +### Parameter: `privateEndpoints.subnetResourceId` -- Required: No -- Type: array +Resource ID of the subnet where the endpoint needs to be created. -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | No | string | Required. Fqdn that resolves to private endpoint ip address. | -| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | Yes | array | Required. A list of private ip addresses of the private endpoint. | +- Required: Yes +- Type: string -### Parameter: `privateEndpoints.customDnsConfigs.fqdn` +### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` -Required. Fqdn that resolves to private endpoint ip address. +Application security groups in which the private endpoint IP configuration is included. - Required: No -- Type: string +- Type: array -### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` +### Parameter: `privateEndpoints.customDnsConfigs` -Required. A list of private ip addresses of the private endpoint. +Custom DNS configurations. -- Required: Yes +- Required: No - Type: array - ### Parameter: `privateEndpoints.customNetworkInterfaceName` -Optional. The custom name of the network interface attached to the private endpoint. +The custom name of the network interface attached to the private endpoint. - Required: No - Type: string ### Parameter: `privateEndpoints.enableTelemetry` -Optional. Enable/Disable usage telemetry for module. +Enable/Disable usage telemetry for module. - Required: No - Type: bool ### Parameter: `privateEndpoints.ipConfigurations` -Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. +A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`name`](#parameter-privateendpointsipconfigurationsname) | Yes | string | Required. The name of the resource that is unique within a resource group. | -| [`properties`](#parameter-privateendpointsipconfigurationsproperties) | Yes | object | Required. Properties of private endpoint IP configurations. | - -### Parameter: `privateEndpoints.ipConfigurations.name` +### Parameter: `privateEndpoints.location` -Required. The name of the resource that is unique within a resource group. +The location to deploy the private endpoint to. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties` +### Parameter: `privateEndpoints.lock` -Required. Properties of private endpoint IP configurations. +Specify the type of lock. -- Required: Yes +- Required: No - Type: object -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | Yes | string | Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. | -| [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | Yes | string | Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. | -| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | Yes | string | Required. A private ip address obtained from the private endpoint's subnet. | +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-privateendpointslockkind) | string | Specify the type of lock. | +| [`name`](#parameter-privateendpointslockname) | string | Specify the name of lock. | -### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` +### Parameter: `privateEndpoints.lock.kind` -Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. +Specify the type of lock. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` -### Parameter: `privateEndpoints.ipConfigurations.properties.memberName` +### Parameter: `privateEndpoints.lock.name` -Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. +Specify the name of lock. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` +### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` -Required. A private ip address obtained from the private endpoint's subnet. +Manual PrivateLink Service Connections. -- Required: Yes -- Type: string +- Required: No +- Type: array +### Parameter: `privateEndpoints.name` +The name of the private endpoint. -### Parameter: `privateEndpoints.location` +- Required: No +- Type: string -Optional. The location to deploy the private endpoint to. +### Parameter: `privateEndpoints.privateDnsZoneGroupName` + +The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. - Required: No - Type: string -### Parameter: `privateEndpoints.lock` +### Parameter: `privateEndpoints.privateDnsZoneResourceIds` -Optional. Specify the type of lock. +The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. - Required: No -- Type: object +- Type: array -### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` +### Parameter: `privateEndpoints.roleAssignments` -Optional. Manual PrivateLink Service Connections. +Array of role assignments to create. - Required: No - Type: array -### Parameter: `privateEndpoints.name` +**Required parameters** -Optional. The name of the private endpoint. +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-privateendpointsroleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-privateendpointsroleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-privateendpointsroleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-privateendpointsroleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-privateendpointsroleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-privateendpointsroleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-privateendpointsroleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | + +### Parameter: `privateEndpoints.roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.roleAssignments.roleDefinitionIdOrName` + +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.roleAssignments.condition` + +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `privateEndpoints.privateDnsZoneGroupName` +### Parameter: `privateEndpoints.roleAssignments.conditionVersion` -Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `privateEndpoints.privateDnsZoneResourceIds` +### Parameter: `privateEndpoints.roleAssignments.delegatedManagedIdentityResourceId` -Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. +The Resource Id of the delegated managed identity resource. - Required: No -- Type: array +- Type: string -### Parameter: `privateEndpoints.roleAssignments` +### Parameter: `privateEndpoints.roleAssignments.description` -Optional. Array of role assignments to create. +The description of the role assignment. - Required: No -- Type: array +- Type: string -### Parameter: `privateEndpoints.service` +### Parameter: `privateEndpoints.roleAssignments.principalType` -Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". +The principal type of the assigned principal ID. - Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` -### Parameter: `privateEndpoints.subnetResourceId` +### Parameter: `privateEndpoints.service` -Required. Resource ID of the subnet where the endpoint needs to be created. +The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". -- Required: Yes +- Required: No - Type: string ### Parameter: `privateEndpoints.tags` -Optional. Tags to be applied on all resources/resource groups in this deployment. +Tags to be applied on all resources/resource groups in this deployment. - Required: No - Type: object @@ -1628,6 +1684,7 @@ Optional. Tags to be applied on all resources/resource groups in this deployment ### Parameter: `publicNetworkAccess` Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. + - Required: No - Type: string - Default: `''` @@ -1644,6 +1701,7 @@ Whether or not public network access is allowed for this resource. For security ### Parameter: `requireInfrastructureEncryption` Enable infrastructure encryption (double encryption). Note, this setting requires the configuration of Customer-Managed-Keys (CMK) via the corresponding module parameters. + - Required: No - Type: bool - Default: `False` @@ -1651,74 +1709,96 @@ Enable infrastructure encryption (double encryption). Note, this setting require ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +**Optional parameters** -### Parameter: `roleAssignments.condition` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | + +### Parameter: `roleAssignments.principalId` -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +The principal ID of the principal (user/group/identity) to assign the role to. -- Required: No +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `skuCapacity` The Event Hub's throughput units for Basic or Standard tiers, where value should be 0 to 20 throughput units. The Event Hubs premium units for Premium tier, where value should be 0 to 10 premium units. + - Required: No - Type: int - Default: `1` @@ -1726,6 +1806,7 @@ The Event Hub's throughput units for Basic or Standard tiers, where value should ### Parameter: `skuName` event hub plan SKU name. + - Required: No - Type: string - Default: `'Standard'` @@ -1741,12 +1822,14 @@ event hub plan SKU name. ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object ### Parameter: `zoneRedundant` Switch to make the Event Hub Namespace zone redundant. + - Required: No - Type: bool - Default: `False` diff --git a/modules/event-hub/namespace/authorization-rule/README.md b/modules/event-hub/namespace/authorization-rule/README.md index dfb4d84591..430a336800 100644 --- a/modules/event-hub/namespace/authorization-rule/README.md +++ b/modules/event-hub/namespace/authorization-rule/README.md @@ -36,28 +36,32 @@ This module deploys an Event Hub Namespace Authorization Rule. | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`rights`](#parameter-rights) | array | The rights associated with the rule. | -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` - ### Parameter: `name` The name of the authorization rule. + - Required: Yes - Type: string ### Parameter: `namespaceName` The name of the parent event hub namespace. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` + ### Parameter: `rights` The rights associated with the rule. + - Required: No - Type: array - Default: `[]` diff --git a/modules/event-hub/namespace/disaster-recovery-config/README.md b/modules/event-hub/namespace/disaster-recovery-config/README.md index d9ccac42a8..5587dbcbd0 100644 --- a/modules/event-hub/namespace/disaster-recovery-config/README.md +++ b/modules/event-hub/namespace/disaster-recovery-config/README.md @@ -36,28 +36,32 @@ This module deploys an Event Hub Namespace Disaster Recovery Config. | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`partnerNamespaceId`](#parameter-partnernamespaceid) | string | Resource ID of the Primary/Secondary event hub namespace name, which is part of GEO DR pairing. | -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` - ### Parameter: `name` The name of the disaster recovery config. + - Required: Yes - Type: string ### Parameter: `namespaceName` The name of the parent event hub namespace. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` + ### Parameter: `partnerNamespaceId` Resource ID of the Primary/Secondary event hub namespace name, which is part of GEO DR pairing. + - Required: No - Type: string - Default: `''` diff --git a/modules/event-hub/namespace/eventhub/README.md b/modules/event-hub/namespace/eventhub/README.md index 2b6f569738..cd1f41f928 100644 --- a/modules/event-hub/namespace/eventhub/README.md +++ b/modules/event-hub/namespace/eventhub/README.md @@ -58,9 +58,24 @@ This module deploys an Event Hub Namespace Event Hub. | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignments to create. | | [`status`](#parameter-status) | string | Enumerates the possible values for the status of the Event Hub. | +### Parameter: `name` + +The name of the event hub. + +- Required: Yes +- Type: string + +### Parameter: `namespaceName` + +The name of the parent event hub namespace. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `authorizationRules` Authorization Rules for the event hub. + - Required: No - Type: array - Default: @@ -80,6 +95,7 @@ Authorization Rules for the event hub. ### Parameter: `captureDescriptionDestinationArchiveNameFormat` Blob naming convention for archive, e.g. {Namespace}/{EventHub}/{PartitionId}/{Year}/{Month}/{Day}/{Hour}/{Minute}/{Second}. Here all the parameters (Namespace,EventHub .. etc) are mandatory irrespective of order. + - Required: No - Type: string - Default: `'{Namespace}/{EventHub}/{PartitionId}/{Year}/{Month}/{Day}/{Hour}/{Minute}/{Second}'` @@ -87,6 +103,7 @@ Blob naming convention for archive, e.g. {Namespace}/{EventHub}/{PartitionId}/{Y ### Parameter: `captureDescriptionDestinationBlobContainer` Blob container Name. + - Required: No - Type: string - Default: `''` @@ -94,6 +111,7 @@ Blob container Name. ### Parameter: `captureDescriptionDestinationName` Name for capture destination. + - Required: No - Type: string - Default: `'EventHubArchive.AzureBlockBlob'` @@ -101,6 +119,7 @@ Name for capture destination. ### Parameter: `captureDescriptionDestinationStorageAccountResourceId` Resource ID of the storage account to be used to create the blobs. + - Required: No - Type: string - Default: `''` @@ -108,6 +127,7 @@ Resource ID of the storage account to be used to create the blobs. ### Parameter: `captureDescriptionEnabled` A value that indicates whether capture description is enabled. + - Required: No - Type: bool - Default: `False` @@ -115,6 +135,7 @@ A value that indicates whether capture description is enabled. ### Parameter: `captureDescriptionEncoding` Enumerates the possible values for the encoding format of capture description. Note: "AvroDeflate" will be deprecated in New API Version. + - Required: No - Type: string - Default: `'Avro'` @@ -129,6 +150,7 @@ Enumerates the possible values for the encoding format of capture description. N ### Parameter: `captureDescriptionIntervalInSeconds` The time window allows you to set the frequency with which the capture to Azure Blobs will happen. + - Required: No - Type: int - Default: `300` @@ -136,6 +158,7 @@ The time window allows you to set the frequency with which the capture to Azure ### Parameter: `captureDescriptionSizeLimitInBytes` The size window defines the amount of data built up in your Event Hub before an capture operation. + - Required: No - Type: int - Default: `314572800` @@ -143,6 +166,7 @@ The size window defines the amount of data built up in your Event Hub before an ### Parameter: `captureDescriptionSkipEmptyArchives` A value that indicates whether to Skip Empty Archives. + - Required: No - Type: bool - Default: `False` @@ -150,6 +174,7 @@ A value that indicates whether to Skip Empty Archives. ### Parameter: `consumergroups` The consumer groups to create in this event hub instance. + - Required: No - Type: array - Default: @@ -164,6 +189,7 @@ The consumer groups to create in this event hub instance. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -171,26 +197,35 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -198,25 +233,15 @@ Optional. Specify the name of lock. ### Parameter: `messageRetentionInDays` Number of days to retain the events for this Event Hub, value should be 1 to 7 days. Will be automatically set to infinite retention if cleanup policy is set to "Compact". + - Required: No - Type: int - Default: `1` -### Parameter: `name` - -The name of the event hub. -- Required: Yes -- Type: string - -### Parameter: `namespaceName` - -The name of the parent event hub namespace. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `partitionCount` Number of partitions created for the Event Hub, allowed values are from 1 to 32 partitions. + - Required: No - Type: int - Default: `2` @@ -224,6 +249,7 @@ Number of partitions created for the Event Hub, allowed values are from 1 to 32 ### Parameter: `retentionDescriptionCleanupPolicy` Retention cleanup policy. Enumerates the possible values for cleanup policy. + - Required: No - Type: string - Default: `'Delete'` @@ -238,6 +264,7 @@ Retention cleanup policy. Enumerates the possible values for cleanup policy. ### Parameter: `retentionDescriptionRetentionTimeInHours` Retention time in hours. Number of hours to retain the events for this Event Hub. This value is only used when cleanupPolicy is Delete. If cleanupPolicy is Compact the returned value of this property is Long.MaxValue. + - Required: No - Type: int - Default: `1` @@ -245,6 +272,7 @@ Retention time in hours. Number of hours to retain the events for this Event Hub ### Parameter: `retentionDescriptionTombstoneRetentionTimeInHours` Retention cleanup policy. Number of hours to retain the tombstone markers of a compacted Event Hub. This value is only used when cleanupPolicy is Compact. Consumer must complete reading the tombstone marker within this specified amount of time if consumer begins from starting offset to ensure they get a valid snapshot for the specific key described by the tombstone marker within the compacted Event Hub. + - Required: No - Type: int - Default: `1` @@ -252,74 +280,96 @@ Retention cleanup policy. Number of hours to retain the tombstone markers of a c ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +**Optional parameters** -### Parameter: `roleAssignments.condition` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | + +### Parameter: `roleAssignments.principalId` -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +The principal ID of the principal (user/group/identity) to assign the role to. -- Required: No +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `status` Enumerates the possible values for the status of the Event Hub. + - Required: No - Type: string - Default: `'Active'` diff --git a/modules/event-hub/namespace/eventhub/authorization-rule/README.md b/modules/event-hub/namespace/eventhub/authorization-rule/README.md index 4880cabcbd..f0679730be 100644 --- a/modules/event-hub/namespace/eventhub/authorization-rule/README.md +++ b/modules/event-hub/namespace/eventhub/authorization-rule/README.md @@ -37,34 +37,39 @@ This module deploys an Event Hub Namespace Event Hub Authorization Rule. | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`rights`](#parameter-rights) | array | The rights associated with the rule. | -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` +### Parameter: `name` -### Parameter: `eventHubName` +The name of the authorization rule. -The name of the parent event hub namespace event hub. Required if the template is used in a standalone deployment. - Required: Yes - Type: string -### Parameter: `name` +### Parameter: `eventHubName` + +The name of the parent event hub namespace event hub. Required if the template is used in a standalone deployment. -The name of the authorization rule. - Required: Yes - Type: string ### Parameter: `namespaceName` The name of the parent event hub namespace. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` + ### Parameter: `rights` The rights associated with the rule. + - Required: No - Type: array - Default: `[]` diff --git a/modules/event-hub/namespace/eventhub/consumergroup/README.md b/modules/event-hub/namespace/eventhub/consumergroup/README.md index 589b4fa044..7a0da60dee 100644 --- a/modules/event-hub/namespace/eventhub/consumergroup/README.md +++ b/modules/event-hub/namespace/eventhub/consumergroup/README.md @@ -37,34 +37,39 @@ This module deploys an Event Hub Namespace Event Hub Consumer Group. | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`userMetadata`](#parameter-usermetadata) | string | User Metadata is a placeholder to store user-defined string data with maximum length 1024. e.g. it can be used to store descriptive data, such as list of teams and their contact information also user-defined configuration settings can be stored. | -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` +### Parameter: `name` -### Parameter: `eventHubName` +The name of the consumer group. -The name of the parent event hub namespace event hub. Required if the template is used in a standalone deployment. - Required: Yes - Type: string -### Parameter: `name` +### Parameter: `eventHubName` + +The name of the parent event hub namespace event hub. Required if the template is used in a standalone deployment. -The name of the consumer group. - Required: Yes - Type: string ### Parameter: `namespaceName` The name of the parent event hub namespace. Required if the template is used in a standalone deployment.s. + - Required: Yes - Type: string +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` + ### Parameter: `userMetadata` User Metadata is a placeholder to store user-defined string data with maximum length 1024. e.g. it can be used to store descriptive data, such as list of teams and their contact information also user-defined configuration settings can be stored. + - Required: No - Type: string - Default: `''` diff --git a/modules/event-hub/namespace/network-rule-set/README.md b/modules/event-hub/namespace/network-rule-set/README.md index ff9c6bb262..55f4143a56 100644 --- a/modules/event-hub/namespace/network-rule-set/README.md +++ b/modules/event-hub/namespace/network-rule-set/README.md @@ -34,9 +34,17 @@ This module deploys an Event Hub Namespace Network Rule Set. | [`trustedServiceAccessEnabled`](#parameter-trustedserviceaccessenabled) | bool | Value that indicates whether Trusted Service Access is enabled or not. Default is "true". It will not be set if publicNetworkAccess is "Disabled". | | [`virtualNetworkRules`](#parameter-virtualnetworkrules) | array | An array of subnet resource ID objects that this Event Hub Namespace is exposed to via Service Endpoints. You can enable the `ignoreMissingVnetServiceEndpoint` if you wish to add this virtual network to Event Hub Namespace but do not have an existing service endpoint. It will not be set if publicNetworkAccess is "Disabled". Otherwise, when used, defaultAction will be set to "Deny". | +### Parameter: `namespaceName` + +The name of the parent event hub namespace. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `defaultAction` Default Action for Network Rule Set. Default is "Allow". It will not be set if publicNetworkAccess is "Disabled". Otherwise, it will be set to "Deny" if ipRules or virtualNetworkRules are being used. + - Required: No - Type: string - Default: `'Allow'` @@ -51,6 +59,7 @@ Default Action for Network Rule Set. Default is "Allow". It will not be set if p ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -58,19 +67,15 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `ipRules` An array of objects for the public IP ranges you want to allow via the Event Hub Namespace firewall. Supports IPv4 address or CIDR. It will not be set if publicNetworkAccess is "Disabled". Otherwise, when used, defaultAction will be set to "Deny". + - Required: No - Type: array - Default: `[]` -### Parameter: `namespaceName` - -The name of the parent event hub namespace. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `publicNetworkAccess` This determines if traffic is allowed over public network. Default is "Enabled". If set to "Disabled", traffic to this namespace will be restricted over Private Endpoints only and network rules will not be applied. + - Required: No - Type: string - Default: `'Enabled'` @@ -85,6 +90,7 @@ This determines if traffic is allowed over public network. Default is "Enabled". ### Parameter: `trustedServiceAccessEnabled` Value that indicates whether Trusted Service Access is enabled or not. Default is "true". It will not be set if publicNetworkAccess is "Disabled". + - Required: No - Type: bool - Default: `True` @@ -92,6 +98,7 @@ Value that indicates whether Trusted Service Access is enabled or not. Default i ### Parameter: `virtualNetworkRules` An array of subnet resource ID objects that this Event Hub Namespace is exposed to via Service Endpoints. You can enable the `ignoreMissingVnetServiceEndpoint` if you wish to add this virtual network to Event Hub Namespace but do not have an existing service endpoint. It will not be set if publicNetworkAccess is "Disabled". Otherwise, when used, defaultAction will be set to "Deny". + - Required: No - Type: array - Default: `[]` diff --git a/modules/health-bot/health-bot/README.md b/modules/health-bot/health-bot/README.md index 6bc9b8f4a7..3b796cfb65 100644 --- a/modules/health-bot/health-bot/README.md +++ b/modules/health-bot/health-bot/README.md @@ -311,9 +311,32 @@ module healthBot 'br:bicep/modules/health-bot.health-bot:1.0.0' = { | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignments to create. | | [`tags`](#parameter-tags) | object | Tags of the resource. | +### Parameter: `name` + +Name of the resource. + +- Required: Yes +- Type: string + +### Parameter: `sku` + +The name of the Azure Health Bot SKU. + +- Required: Yes +- Type: string +- Allowed: + ```Bicep + [ + 'C0' + 'F0' + 'S1' + ] + ``` + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -321,6 +344,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -328,26 +352,35 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -355,112 +388,116 @@ Optional. Specify the name of lock. ### Parameter: `managedIdentities` The managed identity definition for this resource. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | Yes | array | Optional. The resource ID(s) to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. | ### Parameter: `managedIdentities.userAssignedResourceIds` -Optional. The resource ID(s) to assign to the resource. +The resource ID(s) to assign to the resource. - Required: Yes - Type: array -### Parameter: `name` - -Name of the resource. -- Required: Yes -- Type: string - ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | - -### Parameter: `roleAssignments.condition` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +**Optional parameters** -- Required: No -- Type: string +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.principalId` -Optional. Version of the condition. +The principal ID of the principal (user/group/identity) to assign the role to. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. The Resource Id of the delegated managed identity resource. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.condition` -Optional. The description of the role assignment. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.conditionVersion` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +Version of the condition. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Optional. The principal type of the assigned principal ID. +The Resource Id of the delegated managed identity resource. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.description` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The description of the role assignment. -- Required: Yes +- Required: No - Type: string -### Parameter: `sku` +### Parameter: `roleAssignments.principalType` -The name of the Azure Health Bot SKU. -- Required: Yes +The principal type of the assigned principal ID. + +- Required: No - Type: string - Allowed: ```Bicep [ - 'C0' - 'F0' - 'S1' + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' ] ``` ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object diff --git a/modules/healthcare-apis/workspace/README.md b/modules/healthcare-apis/workspace/README.md index c16881ae98..8b7c4da9e7 100644 --- a/modules/healthcare-apis/workspace/README.md +++ b/modules/healthcare-apis/workspace/README.md @@ -683,9 +683,17 @@ module workspace 'br:bicep/modules/healthcare-apis.workspace:1.0.0' = { | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignments to create. | | [`tags`](#parameter-tags) | object | Tags of the resource. | +### Parameter: `name` + +The name of the Health Data Services Workspace service. + +- Required: Yes +- Type: string + ### Parameter: `dicomservices` Deploy DICOM services. + - Required: No - Type: array - Default: `[]` @@ -693,6 +701,7 @@ Deploy DICOM services. ### Parameter: `enableDefaultTelemetry` Enable telemetry via the Customer Usage Attribution ID (GUID). + - Required: No - Type: bool - Default: `True` @@ -700,6 +709,7 @@ Enable telemetry via the Customer Usage Attribution ID (GUID). ### Parameter: `fhirservices` Deploy FHIR services. + - Required: No - Type: array - Default: `[]` @@ -707,6 +717,7 @@ Deploy FHIR services. ### Parameter: `iotconnectors` Deploy IOT connectors. + - Required: No - Type: array - Default: `[]` @@ -714,6 +725,7 @@ Deploy IOT connectors. ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -721,39 +733,43 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string -### Parameter: `name` - -The name of the Health Data Services Workspace service. -- Required: Yes -- Type: string - ### Parameter: `publicNetworkAccess` Control permission for data plane traffic coming from public networks while private endpoint is enabled. + - Required: No - Type: string - Default: `'Disabled'` @@ -768,74 +784,96 @@ Control permission for data plane traffic coming from public networks while priv ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +**Optional parameters** -### Parameter: `roleAssignments.condition` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +### Parameter: `roleAssignments.principalId` -- Required: No +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object diff --git a/modules/healthcare-apis/workspace/dicomservice/README.md b/modules/healthcare-apis/workspace/dicomservice/README.md index c90f58ca21..454ed418e7 100644 --- a/modules/healthcare-apis/workspace/dicomservice/README.md +++ b/modules/healthcare-apis/workspace/dicomservice/README.md @@ -48,9 +48,24 @@ This module deploys a Healthcare API Workspace DICOM Service. | [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | Control permission for data plane traffic coming from public networks while private endpoint is enabled. | | [`tags`](#parameter-tags) | object | Tags of the resource. | +### Parameter: `name` + +The name of the DICOM service. + +- Required: Yes +- Type: string + +### Parameter: `workspaceName` + +The name of the parent health data services workspace. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `corsAllowCredentials` Use this setting to indicate that cookies should be included in CORS requests. + - Required: No - Type: bool - Default: `False` @@ -58,6 +73,7 @@ Use this setting to indicate that cookies should be included in CORS requests. ### Parameter: `corsHeaders` Specify HTTP headers which can be used during the request. Use "*" for any header. + - Required: No - Type: array - Default: `[]` @@ -65,6 +81,7 @@ Specify HTTP headers which can be used during the request. Use "*" for any heade ### Parameter: `corsMaxAge` Specify how long a result from a request can be cached in seconds. Example: 600 means 10 minutes. + - Required: No - Type: int - Default: `-1` @@ -72,6 +89,7 @@ Specify how long a result from a request can be cached in seconds. Example: 600 ### Parameter: `corsMethods` Specify the allowed HTTP methods. + - Required: No - Type: array - Default: `[]` @@ -90,6 +108,7 @@ Specify the allowed HTTP methods. ### Parameter: `corsOrigins` Specify URLs of origin sites that can access this API, or use "*" to allow access from any site. + - Required: No - Type: array - Default: `[]` @@ -97,114 +116,90 @@ Specify URLs of origin sites that can access this API, or use "*" to allow acces ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.metricCategories` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | - -### Parameter: `diagnosticSettings.metricCategories.category` - -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. - -- Required: Yes -- Type: string - - ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -212,6 +207,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `enableDefaultTelemetry` Enable telemetry via the Customer Usage Attribution ID (GUID). + - Required: No - Type: bool - Default: `True` @@ -219,6 +215,7 @@ Enable telemetry via the Customer Usage Attribution ID (GUID). ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -226,26 +223,35 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -253,38 +259,35 @@ Optional. Specify the name of lock. ### Parameter: `managedIdentities` The managed identity definition for this resource. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | No | bool | Optional. Enables system assigned managed identity on the resource. | -| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | No | array | Optional. The resource ID(s) to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | bool | Enables system assigned managed identity on the resource. | +| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. | ### Parameter: `managedIdentities.systemAssigned` -Optional. Enables system assigned managed identity on the resource. +Enables system assigned managed identity on the resource. - Required: No - Type: bool ### Parameter: `managedIdentities.userAssignedResourceIds` -Optional. The resource ID(s) to assign to the resource. +The resource ID(s) to assign to the resource. - Required: No - Type: array -### Parameter: `name` - -The name of the DICOM service. -- Required: Yes -- Type: string - ### Parameter: `publicNetworkAccess` Control permission for data plane traffic coming from public networks while private endpoint is enabled. + - Required: No - Type: string - Default: `'Disabled'` @@ -299,15 +302,10 @@ Control permission for data plane traffic coming from public networks while priv ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object -### Parameter: `workspaceName` - -The name of the parent health data services workspace. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/healthcare-apis/workspace/fhirservice/README.md b/modules/healthcare-apis/workspace/fhirservice/README.md index 958af930d2..a5e3cad81d 100644 --- a/modules/healthcare-apis/workspace/fhirservice/README.md +++ b/modules/healthcare-apis/workspace/fhirservice/README.md @@ -64,9 +64,24 @@ This module deploys a Healthcare API Workspace FHIR Service. | [`smartProxyEnabled`](#parameter-smartproxyenabled) | bool | If the SMART on FHIR proxy is enabled. | | [`tags`](#parameter-tags) | object | Tags of the resource. | +### Parameter: `name` + +The name of the FHIR service. + +- Required: Yes +- Type: string + +### Parameter: `workspaceName` + +The name of the parent health data services workspace. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `accessPolicyObjectIds` List of Azure AD object IDs (User or Apps) that is allowed access to the FHIR service. + - Required: No - Type: array - Default: `[]` @@ -74,6 +89,7 @@ List of Azure AD object IDs (User or Apps) that is allowed access to the FHIR se ### Parameter: `acrLoginServers` The list of the Azure container registry login servers. + - Required: No - Type: array - Default: `[]` @@ -81,6 +97,7 @@ The list of the Azure container registry login servers. ### Parameter: `acrOciArtifacts` The list of Open Container Initiative (OCI) artifacts. + - Required: No - Type: array - Default: `[]` @@ -88,6 +105,7 @@ The list of Open Container Initiative (OCI) artifacts. ### Parameter: `authenticationAudience` The audience url for the service. + - Required: No - Type: string - Default: `[format('https://{0}-{1}.fhir.azurehealthcareapis.com', parameters('workspaceName'), parameters('name'))]` @@ -95,6 +113,7 @@ The audience url for the service. ### Parameter: `authenticationAuthority` The authority url for the service. + - Required: No - Type: string - Default: `[uri(environment().authentication.loginEndpoint, subscription().tenantId)]` @@ -102,6 +121,7 @@ The authority url for the service. ### Parameter: `corsAllowCredentials` Use this setting to indicate that cookies should be included in CORS requests. + - Required: No - Type: bool - Default: `False` @@ -109,6 +129,7 @@ Use this setting to indicate that cookies should be included in CORS requests. ### Parameter: `corsHeaders` Specify HTTP headers which can be used during the request. Use "*" for any header. + - Required: No - Type: array - Default: `[]` @@ -116,6 +137,7 @@ Specify HTTP headers which can be used during the request. Use "*" for any heade ### Parameter: `corsMaxAge` Specify how long a result from a request can be cached in seconds. Example: 600 means 10 minutes. + - Required: No - Type: int - Default: `-1` @@ -123,6 +145,7 @@ Specify how long a result from a request can be cached in seconds. Example: 600 ### Parameter: `corsMethods` Specify the allowed HTTP methods. + - Required: No - Type: array - Default: `[]` @@ -141,6 +164,7 @@ Specify the allowed HTTP methods. ### Parameter: `corsOrigins` Specify URLs of origin sites that can access this API, or use "*" to allow access from any site. + - Required: No - Type: array - Default: `[]` @@ -148,114 +172,90 @@ Specify URLs of origin sites that can access this API, or use "*" to allow acces ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.metricCategories` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | - -### Parameter: `diagnosticSettings.metricCategories.category` - -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. - -- Required: Yes -- Type: string - - ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -263,6 +263,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `enableDefaultTelemetry` Enable telemetry via the Customer Usage Attribution ID (GUID). + - Required: No - Type: bool - Default: `True` @@ -270,6 +271,7 @@ Enable telemetry via the Customer Usage Attribution ID (GUID). ### Parameter: `exportStorageAccountName` The name of the default export storage account. + - Required: No - Type: string - Default: `''` @@ -277,6 +279,7 @@ The name of the default export storage account. ### Parameter: `importEnabled` If the import operation is enabled. + - Required: No - Type: bool - Default: `False` @@ -284,6 +287,7 @@ If the import operation is enabled. ### Parameter: `importStorageAccountName` The name of the default integration storage account. + - Required: No - Type: string - Default: `''` @@ -291,6 +295,7 @@ The name of the default integration storage account. ### Parameter: `initialImportMode` If the FHIR service is in InitialImportMode. + - Required: No - Type: bool - Default: `False` @@ -298,6 +303,7 @@ If the FHIR service is in InitialImportMode. ### Parameter: `kind` The kind of the service. Defaults to R4. + - Required: No - Type: string - Default: `'fhir-R4'` @@ -312,6 +318,7 @@ The kind of the service. Defaults to R4. ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -319,26 +326,35 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -346,38 +362,35 @@ Optional. Specify the name of lock. ### Parameter: `managedIdentities` The managed identity definition for this resource. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | No | bool | Optional. Enables system assigned managed identity on the resource. | -| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | No | array | Optional. The resource ID(s) to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | bool | Enables system assigned managed identity on the resource. | +| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. | ### Parameter: `managedIdentities.systemAssigned` -Optional. Enables system assigned managed identity on the resource. +Enables system assigned managed identity on the resource. - Required: No - Type: bool ### Parameter: `managedIdentities.userAssignedResourceIds` -Optional. The resource ID(s) to assign to the resource. +The resource ID(s) to assign to the resource. - Required: No - Type: array -### Parameter: `name` - -The name of the FHIR service. -- Required: Yes -- Type: string - ### Parameter: `publicNetworkAccess` Control permission for data plane traffic coming from public networks while private endpoint is enabled. + - Required: No - Type: string - Default: `'Disabled'` @@ -392,6 +405,7 @@ Control permission for data plane traffic coming from public networks while priv ### Parameter: `resourceVersionOverrides` A list of FHIR Resources and their version policy overrides. + - Required: No - Type: object - Default: `{}` @@ -399,6 +413,7 @@ A list of FHIR Resources and their version policy overrides. ### Parameter: `resourceVersionPolicy` The default value for tracking history across all resources. + - Required: No - Type: string - Default: `'versioned'` @@ -414,74 +429,96 @@ The default value for tracking history across all resources. ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `smartProxyEnabled` If the SMART on FHIR proxy is enabled. + - Required: No - Type: bool - Default: `False` @@ -489,15 +526,10 @@ If the SMART on FHIR proxy is enabled. ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object -### Parameter: `workspaceName` - -The name of the parent health data services workspace. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/healthcare-apis/workspace/iotconnector/README.md b/modules/healthcare-apis/workspace/iotconnector/README.md index 9b64e6e344..72dff50dec 100644 --- a/modules/healthcare-apis/workspace/iotconnector/README.md +++ b/modules/healthcare-apis/workspace/iotconnector/README.md @@ -49,16 +49,10 @@ This module deploys a Healthcare API Workspace IoT Connector. | [`managedIdentities`](#parameter-managedidentities) | object | The managed identity definition for this resource. | | [`tags`](#parameter-tags) | object | Tags of the resource. | -### Parameter: `consumerGroup` - -Consumer group of the event hub to connected to. -- Required: No -- Type: string -- Default: `[parameters('name')]` - ### Parameter: `deviceMapping` The mapping JSON that determines how incoming device data is normalized. + - Required: No - Type: object - Default: @@ -69,117 +63,129 @@ The mapping JSON that determines how incoming device data is normalized. } ``` -### Parameter: `diagnosticSettings` +### Parameter: `eventHubName` -The diagnostic settings of the service. -- Required: No -- Type: array +Event Hub name to connect to. +- Required: Yes +- Type: string -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +### Parameter: `eventHubNamespaceName` -### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` +Namespace of the Event Hub to connect to. -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +- Required: Yes +- Type: string -- Required: No +### Parameter: `name` + +The name of the MedTech service. + +- Required: Yes - Type: string -### Parameter: `diagnosticSettings.eventHubName` +### Parameter: `workspaceName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +The name of the parent health data services workspace. Required if the template is used in a standalone deployment. -- Required: No +- Required: Yes - Type: string -### Parameter: `diagnosticSettings.logAnalyticsDestinationType` +### Parameter: `consumerGroup` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +Consumer group of the event hub to connected to. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Default: `[parameters('name')]` -### Parameter: `diagnosticSettings.logCategoriesAndGroups` +### Parameter: `diagnosticSettings` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The diagnostic settings of the service. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` +### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` +### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string +### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -### Parameter: `diagnosticSettings.marketplacePartnerResourceId` - -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` -### Parameter: `diagnosticSettings.metricCategories` +### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | - -### Parameter: `diagnosticSettings.metricCategories.category` +### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. -- Required: Yes +- Required: No - Type: string +### Parameter: `diagnosticSettings.metricCategories` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. + +- Required: No +- Type: array ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -187,25 +193,15 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `enableDefaultTelemetry` Enable telemetry via the Customer Usage Attribution ID (GUID). + - Required: No - Type: bool - Default: `True` -### Parameter: `eventHubName` - -Event Hub name to connect to. -- Required: Yes -- Type: string - -### Parameter: `eventHubNamespaceName` - -Namespace of the Event Hub to connect to. -- Required: Yes -- Type: string - ### Parameter: `fhirdestination` FHIR Destination. + - Required: No - Type: object - Default: `{}` @@ -213,6 +209,7 @@ FHIR Destination. ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -220,26 +217,35 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -247,47 +253,38 @@ Optional. Specify the name of lock. ### Parameter: `managedIdentities` The managed identity definition for this resource. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | No | bool | Optional. Enables system assigned managed identity on the resource. | -| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | No | array | Optional. The resource ID(s) to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | bool | Enables system assigned managed identity on the resource. | +| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. | ### Parameter: `managedIdentities.systemAssigned` -Optional. Enables system assigned managed identity on the resource. +Enables system assigned managed identity on the resource. - Required: No - Type: bool ### Parameter: `managedIdentities.userAssignedResourceIds` -Optional. The resource ID(s) to assign to the resource. +The resource ID(s) to assign to the resource. - Required: No - Type: array -### Parameter: `name` - -The name of the MedTech service. -- Required: Yes -- Type: string - ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object -### Parameter: `workspaceName` - -The name of the parent health data services workspace. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/healthcare-apis/workspace/iotconnector/fhirdestination/README.md b/modules/healthcare-apis/workspace/iotconnector/fhirdestination/README.md index 3e561c8be8..2b4f0ee464 100644 --- a/modules/healthcare-apis/workspace/iotconnector/fhirdestination/README.md +++ b/modules/healthcare-apis/workspace/iotconnector/fhirdestination/README.md @@ -44,6 +44,7 @@ This module deploys a Healthcare API Workspace IoT Connector FHIR Destination. ### Parameter: `destinationMapping` The mapping JSON that determines how normalized data is converted to FHIR Observations. + - Required: No - Type: object - Default: @@ -54,41 +55,54 @@ The mapping JSON that determines how normalized data is converted to FHIR Observ } ``` -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via the Customer Usage Attribution ID (GUID). -- Required: No -- Type: bool -- Default: `True` - ### Parameter: `fhirServiceResourceId` The resource identifier of the FHIR Service to connect to. + +- Required: Yes +- Type: string + +### Parameter: `name` + +The name of the FHIR destination. + - Required: Yes - Type: string ### Parameter: `iotConnectorName` The name of the MedTech service to add this destination to. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + +### Parameter: `workspaceName` + +The name of the parent health data services workspace. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via the Customer Usage Attribution ID (GUID). + +- Required: No +- Type: bool +- Default: `True` + ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` -### Parameter: `name` - -The name of the FHIR destination. -- Required: Yes -- Type: string - ### Parameter: `resourceIdentityResolutionType` Determines how resource identity is resolved on the destination. + - Required: No - Type: string - Default: `'Lookup'` @@ -100,12 +114,6 @@ Determines how resource identity is resolved on the destination. ] ``` -### Parameter: `workspaceName` - -The name of the parent health data services workspace. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/insights/action-group/README.md b/modules/insights/action-group/README.md index 36196c3663..c5087c691b 100644 --- a/modules/insights/action-group/README.md +++ b/modules/insights/action-group/README.md @@ -358,9 +358,24 @@ module actionGroup 'br:bicep/modules/insights.action-group:1.0.0' = { | [`voiceReceivers`](#parameter-voicereceivers) | array | The list of voice receivers that are part of this action group. | | [`webhookReceivers`](#parameter-webhookreceivers) | array | The list of webhook receivers that are part of this action group. | +### Parameter: `groupShortName` + +The short name of the action group. + +- Required: Yes +- Type: string + +### Parameter: `name` + +The name of the action group. + +- Required: Yes +- Type: string + ### Parameter: `armRoleReceivers` The list of ARM role receivers that are part of this action group. Roles are Azure RBAC roles and only built-in roles are supported. + - Required: No - Type: array - Default: `[]` @@ -368,6 +383,7 @@ The list of ARM role receivers that are part of this action group. Roles are Azu ### Parameter: `automationRunbookReceivers` The list of AutomationRunbook receivers that are part of this action group. + - Required: No - Type: array - Default: `[]` @@ -375,6 +391,7 @@ The list of AutomationRunbook receivers that are part of this action group. ### Parameter: `azureAppPushReceivers` The list of AzureAppPush receivers that are part of this action group. + - Required: No - Type: array - Default: `[]` @@ -382,6 +399,7 @@ The list of AzureAppPush receivers that are part of this action group. ### Parameter: `azureFunctionReceivers` The list of function receivers that are part of this action group. + - Required: No - Type: array - Default: `[]` @@ -389,6 +407,7 @@ The list of function receivers that are part of this action group. ### Parameter: `emailReceivers` The list of email receivers that are part of this action group. + - Required: No - Type: array - Default: `[]` @@ -396,6 +415,7 @@ The list of email receivers that are part of this action group. ### Parameter: `enabled` Indicates whether this action group is enabled. If an action group is not enabled, then none of its receivers will receive communications. + - Required: No - Type: bool - Default: `True` @@ -403,19 +423,15 @@ Indicates whether this action group is enabled. If an action group is not enable ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` -### Parameter: `groupShortName` - -The short name of the action group. -- Required: Yes -- Type: string - ### Parameter: `itsmReceivers` The list of ITSM receivers that are part of this action group. + - Required: No - Type: array - Default: `[]` @@ -423,6 +439,7 @@ The list of ITSM receivers that are part of this action group. ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `'global'` @@ -430,87 +447,104 @@ Location for all resources. ### Parameter: `logicAppReceivers` The list of logic app receivers that are part of this action group. + - Required: No - Type: array - Default: `[]` -### Parameter: `name` - -The name of the action group. -- Required: Yes -- Type: string - ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `smsReceivers` The list of SMS receivers that are part of this action group. + - Required: No - Type: array - Default: `[]` @@ -518,12 +552,14 @@ The list of SMS receivers that are part of this action group. ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object ### Parameter: `voiceReceivers` The list of voice receivers that are part of this action group. + - Required: No - Type: array - Default: `[]` @@ -531,6 +567,7 @@ The list of voice receivers that are part of this action group. ### Parameter: `webhookReceivers` The list of webhook receivers that are part of this action group. + - Required: No - Type: array - Default: `[]` diff --git a/modules/insights/activity-log-alert/README.md b/modules/insights/activity-log-alert/README.md index d6bec73204..b7efef2649 100644 --- a/modules/insights/activity-log-alert/README.md +++ b/modules/insights/activity-log-alert/README.md @@ -379,9 +379,24 @@ module activityLogAlert 'br:bicep/modules/insights.activity-log-alert:1.0.0' = { | [`scopes`](#parameter-scopes) | array | The list of resource IDs that this Activity Log Alert is scoped to. | | [`tags`](#parameter-tags) | object | Tags of the resource. | +### Parameter: `conditions` + +An Array of objects containing conditions that will cause this alert to activate. Conditions can also be combined with logical operators `allOf` and `anyOf`. Each condition can specify only one field between `equals` and `containsAny`. An alert rule condition must have exactly one category (Administrative, ServiceHealth, ResourceHealth, Alert, Autoscale, Recommendation, Security, or Policy). + +- Required: Yes +- Type: array + +### Parameter: `name` + +The name of the alert. + +- Required: Yes +- Type: string + ### Parameter: `actions` The list of actions to take when alert triggers. + - Required: No - Type: array - Default: `[]` @@ -389,19 +404,15 @@ The list of actions to take when alert triggers. ### Parameter: `alertDescription` Description of the alert. + - Required: No - Type: string - Default: `''` -### Parameter: `conditions` - -An Array of objects containing conditions that will cause this alert to activate. Conditions can also be combined with logical operators `allOf` and `anyOf`. Each condition can specify only one field between `equals` and `containsAny`. An alert rule condition must have exactly one category (Administrative, ServiceHealth, ResourceHealth, Alert, Autoscale, Recommendation, Security, or Policy). -- Required: Yes -- Type: array - ### Parameter: `enabled` Indicates whether this alert is enabled. + - Required: No - Type: bool - Default: `True` @@ -409,6 +420,7 @@ Indicates whether this alert is enabled. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -416,87 +428,104 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `'global'` -### Parameter: `name` - -The name of the alert. -- Required: Yes -- Type: string - ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `scopes` The list of resource IDs that this Activity Log Alert is scoped to. + - Required: No - Type: array - Default: @@ -509,6 +538,7 @@ The list of resource IDs that this Activity Log Alert is scoped to. ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object diff --git a/modules/insights/component/README.md b/modules/insights/component/README.md index 49d3a6a122..71509c45e5 100644 --- a/modules/insights/component/README.md +++ b/modules/insights/component/README.md @@ -330,9 +330,24 @@ module component 'br:bicep/modules/insights.component:1.0.0' = { | [`samplingPercentage`](#parameter-samplingpercentage) | int | Percentage of the data produced by the application being monitored that is being sampled for Application Insights telemetry. | | [`tags`](#parameter-tags) | object | Tags of the resource. | +### Parameter: `name` + +Name of the Application Insights. + +- Required: Yes +- Type: string + +### Parameter: `workspaceResourceId` + +Resource ID of the log analytics workspace which the data will be ingested to. This property is required to create an application with this API version. Applications from older versions will not have this property. + +- Required: Yes +- Type: string + ### Parameter: `applicationType` Application type. + - Required: No - Type: string - Default: `'web'` @@ -347,114 +362,90 @@ Application type. ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.metricCategories` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | - -### Parameter: `diagnosticSettings.metricCategories.category` - -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. - -- Required: Yes -- Type: string - - ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -462,6 +453,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -469,6 +461,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `kind` The kind of application that this component refers to, used to customize UI. This value is a freeform string, values should typically be one of the following: web, ios, other, store, java, phone. + - Required: No - Type: string - Default: `''` @@ -476,19 +469,15 @@ The kind of application that this component refers to, used to customize UI. Thi ### Parameter: `location` Location for all Resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` -### Parameter: `name` - -Name of the Application Insights. -- Required: Yes -- Type: string - ### Parameter: `publicNetworkAccessForIngestion` The network access type for accessing Application Insights ingestion. - Enabled or Disabled. + - Required: No - Type: string - Default: `'Enabled'` @@ -503,6 +492,7 @@ The network access type for accessing Application Insights ingestion. - Enabled ### Parameter: `publicNetworkAccessForQuery` The network access type for accessing Application Insights query. - Enabled or Disabled. + - Required: No - Type: string - Default: `'Enabled'` @@ -517,6 +507,7 @@ The network access type for accessing Application Insights query. - Enabled or D ### Parameter: `retentionInDays` Retention period in days. + - Required: No - Type: int - Default: `365` @@ -538,74 +529,96 @@ Retention period in days. ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `samplingPercentage` Percentage of the data produced by the application being monitored that is being sampled for Application Insights telemetry. + - Required: No - Type: int - Default: `100` @@ -613,15 +626,10 @@ Percentage of the data produced by the application being monitored that is being ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object -### Parameter: `workspaceResourceId` - -Resource ID of the log analytics workspace which the data will be ingested to. This property is required to create an application with this API version. Applications from older versions will not have this property. -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/insights/data-collection-endpoint/README.md b/modules/insights/data-collection-endpoint/README.md index 4f94650da2..f37af6c9f6 100644 --- a/modules/insights/data-collection-endpoint/README.md +++ b/modules/insights/data-collection-endpoint/README.md @@ -287,9 +287,17 @@ module dataCollectionEndpoint 'br:bicep/modules/insights.data-collection-endpoin | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignments to create. | | [`tags`](#parameter-tags) | object | Resource tags. | +### Parameter: `name` + +The name of the data collection endpoint. The name is case insensitive. + +- Required: Yes +- Type: string + ### Parameter: `enableDefaultTelemetry` Enable telemetry via the Customer Usage Attribution ID (GUID). + - Required: No - Type: bool - Default: `True` @@ -297,6 +305,7 @@ Enable telemetry via the Customer Usage Attribution ID (GUID). ### Parameter: `kind` The kind of the resource. + - Required: No - Type: string - Default: `'Linux'` @@ -311,6 +320,7 @@ The kind of the resource. ### Parameter: `location` Location for all Resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -318,39 +328,43 @@ Location for all Resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string -### Parameter: `name` - -The name of the data collection endpoint. The name is case insensitive. -- Required: Yes -- Type: string - ### Parameter: `publicNetworkAccess` The configuration to set whether network access from public internet to the endpoints are allowed. + - Required: No - Type: string - Default: `'Disabled'` @@ -365,74 +379,96 @@ The configuration to set whether network access from public internet to the endp ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +**Optional parameters** -### Parameter: `roleAssignments.condition` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +### Parameter: `roleAssignments.principalId` -- Required: No +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `tags` Resource tags. + - Required: No - Type: object diff --git a/modules/insights/data-collection-rule/README.md b/modules/insights/data-collection-rule/README.md index 176e51eab6..ea8e8c8b8b 100644 --- a/modules/insights/data-collection-rule/README.md +++ b/modules/insights/data-collection-rule/README.md @@ -1504,41 +1504,54 @@ module dataCollectionRule 'br:bicep/modules/insights.data-collection-rule:1.0.0' | [`streamDeclarations`](#parameter-streamdeclarations) | object | Declaration of custom streams used in this rule. | | [`tags`](#parameter-tags) | object | Resource tags. | -### Parameter: `dataCollectionEndpointId` - -The resource ID of the data collection endpoint that this rule can be used with. -- Required: No -- Type: string -- Default: `''` - ### Parameter: `dataFlows` The specification of data flows. + - Required: Yes - Type: array ### Parameter: `dataSources` Specification of data sources that will be collected. + - Required: Yes - Type: object -### Parameter: `description` +### Parameter: `destinations` + +Specification of destinations that can be used in data flows. + +- Required: Yes +- Type: object + +### Parameter: `name` + +The name of the data collection rule. The name is case insensitive. + +- Required: Yes +- Type: string + +### Parameter: `dataCollectionEndpointId` + +The resource ID of the data collection endpoint that this rule can be used with. -Description of the data collection rule. - Required: No - Type: string - Default: `''` -### Parameter: `destinations` +### Parameter: `description` -Specification of destinations that can be used in data flows. -- Required: Yes -- Type: object +Description of the data collection rule. + +- Required: No +- Type: string +- Default: `''` ### Parameter: `enableDefaultTelemetry` Enable telemetry via the Customer Usage Attribution ID (GUID). + - Required: No - Type: bool - Default: `True` @@ -1546,6 +1559,7 @@ Enable telemetry via the Customer Usage Attribution ID (GUID). ### Parameter: `kind` The kind of the resource. + - Required: No - Type: string - Default: `'Linux'` @@ -1560,6 +1574,7 @@ The kind of the resource. ### Parameter: `location` Location for all Resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -1567,107 +1582,132 @@ Location for all Resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string -### Parameter: `name` - -The name of the data collection rule. The name is case insensitive. -- Required: Yes -- Type: string - ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `streamDeclarations` Declaration of custom streams used in this rule. + - Required: No - Type: object - Default: `{}` @@ -1675,6 +1715,7 @@ Declaration of custom streams used in this rule. ### Parameter: `tags` Resource tags. + - Required: No - Type: object diff --git a/modules/insights/diagnostic-setting/README.md b/modules/insights/diagnostic-setting/README.md index db7021624f..35e68f7f10 100644 --- a/modules/insights/diagnostic-setting/README.md +++ b/modules/insights/diagnostic-setting/README.md @@ -195,6 +195,7 @@ module diagnosticSetting 'br:bicep/modules/insights.diagnostic-setting:1.0.0' = ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -202,18 +203,21 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `eventHubAuthorizationRuleResourceId` Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. + - Required: No - Type: string ### Parameter: `eventHubName` Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. + - Required: No - Type: string ### Parameter: `location` Location deployment metadata. + - Required: No - Type: string - Default: `[deployment().location]` @@ -221,6 +225,7 @@ Location deployment metadata. ### Parameter: `logAnalyticsDestinationType` A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. + - Required: No - Type: string - Default: `''` @@ -236,25 +241,27 @@ A string indicating whether the export to Log Analytics should use the default d ### Parameter: `logCategoriesAndGroups` The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-logcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-logcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`category`](#parameter-logcategoriesandgroupscategory) | string | Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | +| [`categoryGroup`](#parameter-logcategoriesandgroupscategorygroup) | string | Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | ### Parameter: `logCategoriesAndGroups.category` -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. +Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - Required: No - Type: string ### Parameter: `logCategoriesAndGroups.categoryGroup` -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. +Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - Required: No - Type: string @@ -262,23 +269,26 @@ Optional. Name of a Diagnostic Log category group for a resource type this setti ### Parameter: `marketplacePartnerResourceId` The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. + - Required: No - Type: string ### Parameter: `metricCategories` The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-metriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`category`](#parameter-metriccategoriescategory) | string | Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | ### Parameter: `metricCategories.category` -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. +Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. - Required: Yes - Type: string @@ -286,6 +296,7 @@ Required. Name of a Diagnostic Metric category for a resource type this setting ### Parameter: `name` Name of the Diagnostic settings. + - Required: No - Type: string - Default: `[format('{0}-diagnosticSettings', uniqueString(subscription().id))]` @@ -293,12 +304,14 @@ Name of the Diagnostic settings. ### Parameter: `storageAccountResourceId` Resource ID of the diagnostic storage account. + - Required: No - Type: string ### Parameter: `workspaceResourceId` Resource ID of the diagnostic log analytics workspace. + - Required: No - Type: string diff --git a/modules/insights/metric-alert/README.md b/modules/insights/metric-alert/README.md index 73bea47720..4a80c79593 100644 --- a/modules/insights/metric-alert/README.md +++ b/modules/insights/metric-alert/README.md @@ -315,9 +315,40 @@ module metricAlert 'br:bicep/modules/insights.metric-alert:1.0.0' = { | [`tags`](#parameter-tags) | object | Tags of the resource. | | [`windowSize`](#parameter-windowsize) | string | the period of time (in ISO 8601 duration format) that is used to monitor alert activity based on the threshold. | +### Parameter: `criterias` + +Criterias to trigger the alert. Array of 'Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria' or 'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria' objects. When using MultipleResourceMultipleMetricCriteria criteria type, some parameters becomes mandatory. It is not possible to convert from SingleResourceMultipleMetricCriteria to MultipleResourceMultipleMetricCriteria. The alert must be deleted and recreated. + +- Required: Yes +- Type: array + +### Parameter: `name` + +The name of the alert. + +- Required: Yes +- Type: string + +### Parameter: `targetResourceRegion` + +The region of the target resource(s) on which the alert is created/updated. Required if alertCriteriaType is MultipleResourceMultipleMetricCriteria. + +- Required: No +- Type: string +- Default: `''` + +### Parameter: `targetResourceType` + +The resource type of the target resource(s) on which the alert is created/updated. Required if alertCriteriaType is MultipleResourceMultipleMetricCriteria. + +- Required: No +- Type: string +- Default: `''` + ### Parameter: `actions` The list of actions to take when alert triggers. + - Required: No - Type: array - Default: `[]` @@ -325,6 +356,7 @@ The list of actions to take when alert triggers. ### Parameter: `alertCriteriaType` Maps to the 'odata.type' field. Specifies the type of the alert criteria. + - Required: No - Type: string - Default: `'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria'` @@ -340,6 +372,7 @@ Maps to the 'odata.type' field. Specifies the type of the alert criteria. ### Parameter: `alertDescription` Description of the alert. + - Required: No - Type: string - Default: `''` @@ -347,19 +380,15 @@ Description of the alert. ### Parameter: `autoMitigate` The flag that indicates whether the alert should be auto resolved or not. + - Required: No - Type: bool - Default: `True` -### Parameter: `criterias` - -Criterias to trigger the alert. Array of 'Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria' or 'Microsoft.Azure.Monitor.MultipleResourceMultipleMetricCriteria' objects. When using MultipleResourceMultipleMetricCriteria criteria type, some parameters becomes mandatory. It is not possible to convert from SingleResourceMultipleMetricCriteria to MultipleResourceMultipleMetricCriteria. The alert must be deleted and recreated. -- Required: Yes -- Type: array - ### Parameter: `enabled` Indicates whether this alert is enabled. + - Required: No - Type: bool - Default: `True` @@ -367,6 +396,7 @@ Indicates whether this alert is enabled. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -374,6 +404,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `evaluationFrequency` how often the metric alert is evaluated represented in ISO 8601 duration format. + - Required: No - Type: string - Default: `'PT5M'` @@ -391,87 +422,104 @@ how often the metric alert is evaluated represented in ISO 8601 duration format. ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `'global'` -### Parameter: `name` - -The name of the alert. -- Required: Yes -- Type: string - ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `scopes` the list of resource IDs that this metric alert is scoped to. + - Required: No - Type: array - Default: @@ -484,6 +532,7 @@ the list of resource IDs that this metric alert is scoped to. ### Parameter: `severity` The severity of the alert. + - Required: No - Type: int - Default: `3` @@ -501,26 +550,14 @@ The severity of the alert. ### Parameter: `tags` Tags of the resource. -- Required: No -- Type: object -### Parameter: `targetResourceRegion` - -The region of the target resource(s) on which the alert is created/updated. Required if alertCriteriaType is MultipleResourceMultipleMetricCriteria. - Required: No -- Type: string -- Default: `''` - -### Parameter: `targetResourceType` - -The resource type of the target resource(s) on which the alert is created/updated. Required if alertCriteriaType is MultipleResourceMultipleMetricCriteria. -- Required: No -- Type: string -- Default: `''` +- Type: object ### Parameter: `windowSize` the period of time (in ISO 8601 duration format) that is used to monitor alert activity based on the threshold. + - Required: No - Type: string - Default: `'PT15M'` diff --git a/modules/insights/private-link-scope/README.md b/modules/insights/private-link-scope/README.md index dbe63cc67b..4470ffb40d 100644 --- a/modules/insights/private-link-scope/README.md +++ b/modules/insights/private-link-scope/README.md @@ -339,9 +339,17 @@ This instance deploys the module in alignment with the best-practices of the Azu | [`scopedResources`](#parameter-scopedresources) | array | Configuration details for Azure Monitor Resources. | | [`tags`](#parameter-tags) | object | Resource tags. | +### Parameter: `name` + +Name of the private link scope. + +- Required: Yes +- Type: string + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -349,6 +357,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` The location of the private link scope. Should be global. + - Required: No - Type: string - Default: `'global'` @@ -356,230 +365,283 @@ The location of the private link scope. Should be global. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string -### Parameter: `name` - -Name of the private link scope. -- Required: Yes -- Type: string - ### Parameter: `privateEndpoints` Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | No | array | Optional. Application security groups in which the private endpoint IP configuration is included. | -| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | No | array | Optional. Custom DNS configurations. | -| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | No | string | Optional. The custom name of the network interface attached to the private endpoint. | -| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | No | bool | Optional. Enable/Disable usage telemetry for module. | -| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | No | array | Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | -| [`location`](#parameter-privateendpointslocation) | No | string | Optional. The location to deploy the private endpoint to. | -| [`lock`](#parameter-privateendpointslock) | No | object | Optional. Specify the type of lock. | -| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | No | array | Optional. Manual PrivateLink Service Connections. | -| [`name`](#parameter-privateendpointsname) | No | string | Optional. The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | No | string | Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | -| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | No | array | Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | -| [`roleAssignments`](#parameter-privateendpointsroleassignments) | No | array | Optional. Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | No | string | Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | -| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | Yes | string | Required. Resource ID of the subnet where the endpoint needs to be created. | -| [`tags`](#parameter-privateendpointstags) | No | object | Optional. Tags to be applied on all resources/resource groups in this deployment. | - -### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` - -Optional. Application security groups in which the private endpoint IP configuration is included. +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | string | Resource ID of the subnet where the endpoint needs to be created. | -- Required: No -- Type: array +**Optional parameters** -### Parameter: `privateEndpoints.customDnsConfigs` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | array | Application security groups in which the private endpoint IP configuration is included. | +| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | array | Custom DNS configurations. | +| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | +| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | +| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | +| [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | +| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | +| [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | +| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | +| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | +| [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | +| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | +| [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | -Optional. Custom DNS configurations. +### Parameter: `privateEndpoints.subnetResourceId` -- Required: No -- Type: array +Resource ID of the subnet where the endpoint needs to be created. -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | No | string | Required. Fqdn that resolves to private endpoint ip address. | -| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | Yes | array | Required. A list of private ip addresses of the private endpoint. | +- Required: Yes +- Type: string -### Parameter: `privateEndpoints.customDnsConfigs.fqdn` +### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` -Required. Fqdn that resolves to private endpoint ip address. +Application security groups in which the private endpoint IP configuration is included. - Required: No -- Type: string +- Type: array -### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` +### Parameter: `privateEndpoints.customDnsConfigs` -Required. A list of private ip addresses of the private endpoint. +Custom DNS configurations. -- Required: Yes +- Required: No - Type: array - ### Parameter: `privateEndpoints.customNetworkInterfaceName` -Optional. The custom name of the network interface attached to the private endpoint. +The custom name of the network interface attached to the private endpoint. - Required: No - Type: string ### Parameter: `privateEndpoints.enableTelemetry` -Optional. Enable/Disable usage telemetry for module. +Enable/Disable usage telemetry for module. - Required: No - Type: bool ### Parameter: `privateEndpoints.ipConfigurations` -Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. +A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`name`](#parameter-privateendpointsipconfigurationsname) | Yes | string | Required. The name of the resource that is unique within a resource group. | -| [`properties`](#parameter-privateendpointsipconfigurationsproperties) | Yes | object | Required. Properties of private endpoint IP configurations. | - -### Parameter: `privateEndpoints.ipConfigurations.name` +### Parameter: `privateEndpoints.location` -Required. The name of the resource that is unique within a resource group. +The location to deploy the private endpoint to. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties` +### Parameter: `privateEndpoints.lock` -Required. Properties of private endpoint IP configurations. +Specify the type of lock. -- Required: Yes +- Required: No - Type: object -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | Yes | string | Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. | -| [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | Yes | string | Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. | -| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | Yes | string | Required. A private ip address obtained from the private endpoint's subnet. | +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-privateendpointslockkind) | string | Specify the type of lock. | +| [`name`](#parameter-privateendpointslockname) | string | Specify the name of lock. | -### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` +### Parameter: `privateEndpoints.lock.kind` -Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. +Specify the type of lock. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` -### Parameter: `privateEndpoints.ipConfigurations.properties.memberName` +### Parameter: `privateEndpoints.lock.name` -Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. +Specify the name of lock. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` +### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` -Required. A private ip address obtained from the private endpoint's subnet. +Manual PrivateLink Service Connections. -- Required: Yes -- Type: string +- Required: No +- Type: array +### Parameter: `privateEndpoints.name` +The name of the private endpoint. -### Parameter: `privateEndpoints.location` +- Required: No +- Type: string -Optional. The location to deploy the private endpoint to. +### Parameter: `privateEndpoints.privateDnsZoneGroupName` + +The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. - Required: No - Type: string -### Parameter: `privateEndpoints.lock` +### Parameter: `privateEndpoints.privateDnsZoneResourceIds` -Optional. Specify the type of lock. +The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. - Required: No -- Type: object +- Type: array -### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` +### Parameter: `privateEndpoints.roleAssignments` -Optional. Manual PrivateLink Service Connections. +Array of role assignments to create. - Required: No - Type: array -### Parameter: `privateEndpoints.name` +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-privateendpointsroleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-privateendpointsroleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-privateendpointsroleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-privateendpointsroleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-privateendpointsroleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-privateendpointsroleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-privateendpointsroleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | + +### Parameter: `privateEndpoints.roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.roleAssignments.roleDefinitionIdOrName` -Optional. The name of the private endpoint. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.roleAssignments.condition` + +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `privateEndpoints.privateDnsZoneGroupName` +### Parameter: `privateEndpoints.roleAssignments.conditionVersion` -Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `privateEndpoints.privateDnsZoneResourceIds` +### Parameter: `privateEndpoints.roleAssignments.delegatedManagedIdentityResourceId` -Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. +The Resource Id of the delegated managed identity resource. - Required: No -- Type: array +- Type: string -### Parameter: `privateEndpoints.roleAssignments` +### Parameter: `privateEndpoints.roleAssignments.description` -Optional. Array of role assignments to create. +The description of the role assignment. - Required: No -- Type: array +- Type: string -### Parameter: `privateEndpoints.service` +### Parameter: `privateEndpoints.roleAssignments.principalType` -Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". +The principal type of the assigned principal ID. - Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` -### Parameter: `privateEndpoints.subnetResourceId` +### Parameter: `privateEndpoints.service` -Required. Resource ID of the subnet where the endpoint needs to be created. +The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". -- Required: Yes +- Required: No - Type: string ### Parameter: `privateEndpoints.tags` -Optional. Tags to be applied on all resources/resource groups in this deployment. +Tags to be applied on all resources/resource groups in this deployment. - Required: No - Type: object @@ -587,74 +649,96 @@ Optional. Tags to be applied on all resources/resource groups in this deployment ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +### Parameter: `roleAssignments.principalId` -- Required: No +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `scopedResources` Configuration details for Azure Monitor Resources. + - Required: No - Type: array - Default: `[]` @@ -662,6 +746,7 @@ Configuration details for Azure Monitor Resources. ### Parameter: `tags` Resource tags. + - Required: No - Type: object diff --git a/modules/insights/private-link-scope/scoped-resource/README.md b/modules/insights/private-link-scope/scoped-resource/README.md index 77b61ba102..5946a32116 100644 --- a/modules/insights/private-link-scope/scoped-resource/README.md +++ b/modules/insights/private-link-scope/scoped-resource/README.md @@ -36,31 +36,35 @@ This module deploys a Private Link Scope Scoped Resource. | :-- | :-- | :-- | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` - ### Parameter: `linkedResourceId` The resource ID of the scoped Azure monitor resource. + - Required: Yes - Type: string ### Parameter: `name` Name of the private link scoped resource. + - Required: Yes - Type: string ### Parameter: `privateLinkScopeName` The name of the parent private link scope. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` + ## Outputs diff --git a/modules/insights/scheduled-query-rule/README.md b/modules/insights/scheduled-query-rule/README.md index ea540474e8..4b925dc11d 100644 --- a/modules/insights/scheduled-query-rule/README.md +++ b/modules/insights/scheduled-query-rule/README.md @@ -392,9 +392,31 @@ module scheduledQueryRule 'br:bicep/modules/insights.scheduled-query-rule:1.0.0' | [`targetResourceTypes`](#parameter-targetresourcetypes) | array | List of resource type of the target resource(s) on which the alert is created/updated. For example if the scope is a resource group and targetResourceTypes is Microsoft.Compute/virtualMachines, then a different alert will be fired for each virtual machine in the resource group which meet the alert criteria. Relevant only for rules of the kind LogAlert. | | [`windowSize`](#parameter-windowsize) | string | The period of time (in ISO 8601 duration format) on which the Alert query will be executed (bin size). Relevant and required only for rules of the kind LogAlert. | +### Parameter: `criterias` + +The rule criteria that defines the conditions of the scheduled query rule. + +- Required: Yes +- Type: object + +### Parameter: `name` + +The name of the Alert. + +- Required: Yes +- Type: string + +### Parameter: `scopes` + +The list of resource IDs that this scheduled query rule is scoped to. + +- Required: Yes +- Type: array + ### Parameter: `actions` Actions to invoke when the alert fires. + - Required: No - Type: array - Default: `[]` @@ -402,6 +424,7 @@ Actions to invoke when the alert fires. ### Parameter: `alertDescription` The description of the scheduled query rule. + - Required: No - Type: string - Default: `''` @@ -409,19 +432,15 @@ The description of the scheduled query rule. ### Parameter: `autoMitigate` The flag that indicates whether the alert should be automatically resolved or not. Relevant only for rules of the kind LogAlert. + - Required: No - Type: bool - Default: `True` -### Parameter: `criterias` - -The rule criteria that defines the conditions of the scheduled query rule. -- Required: Yes -- Type: object - ### Parameter: `enabled` The flag which indicates whether this scheduled query rule is enabled. + - Required: No - Type: bool - Default: `True` @@ -429,6 +448,7 @@ The flag which indicates whether this scheduled query rule is enabled. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -436,6 +456,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `evaluationFrequency` How often the scheduled query rule is evaluated represented in ISO 8601 duration format. Relevant and required only for rules of the kind LogAlert. + - Required: No - Type: string - Default: `''` @@ -443,6 +464,7 @@ How often the scheduled query rule is evaluated represented in ISO 8601 duration ### Parameter: `kind` Indicates the type of scheduled query rule. + - Required: No - Type: string - Default: `'LogAlert'` @@ -457,19 +479,15 @@ Indicates the type of scheduled query rule. ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` -### Parameter: `name` - -The name of the Alert. -- Required: Yes -- Type: string - ### Parameter: `queryTimeRange` If specified (in ISO 8601 duration format) then overrides the query time range. Relevant only for rules of the kind LogAlert. + - Required: No - Type: string - Default: `''` @@ -477,80 +495,96 @@ If specified (in ISO 8601 duration format) then overrides the query time range. ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string - -### Parameter: `scopes` - -The list of resource IDs that this scheduled query rule is scoped to. -- Required: Yes -- Type: array +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `severity` Severity of the alert. Should be an integer between [0-4]. Value of 0 is severest. Relevant and required only for rules of the kind LogAlert. + - Required: No - Type: int - Default: `3` @@ -568,6 +602,7 @@ Severity of the alert. Should be an integer between [0-4]. Value of 0 is severes ### Parameter: `skipQueryValidation` The flag which indicates whether the provided query should be validated or not. Relevant only for rules of the kind LogAlert. + - Required: No - Type: bool - Default: `False` @@ -575,6 +610,7 @@ The flag which indicates whether the provided query should be validated or not. ### Parameter: `suppressForMinutes` Mute actions for the chosen period of time (in ISO 8601 duration format) after the alert is fired. If set, autoMitigate must be disabled.Relevant only for rules of the kind LogAlert. + - Required: No - Type: string - Default: `''` @@ -582,12 +618,14 @@ Mute actions for the chosen period of time (in ISO 8601 duration format) after t ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object ### Parameter: `targetResourceTypes` List of resource type of the target resource(s) on which the alert is created/updated. For example if the scope is a resource group and targetResourceTypes is Microsoft.Compute/virtualMachines, then a different alert will be fired for each virtual machine in the resource group which meet the alert criteria. Relevant only for rules of the kind LogAlert. + - Required: No - Type: array - Default: `[]` @@ -595,6 +633,7 @@ List of resource type of the target resource(s) on which the alert is created/up ### Parameter: `windowSize` The period of time (in ISO 8601 duration format) on which the Alert query will be executed (bin size). Relevant and required only for rules of the kind LogAlert. + - Required: No - Type: string - Default: `''` diff --git a/modules/insights/webtest/README.md b/modules/insights/webtest/README.md index 3f532543ca..e08756c1d1 100644 --- a/modules/insights/webtest/README.md +++ b/modules/insights/webtest/README.md @@ -329,9 +329,38 @@ module webtest 'br:bicep/modules/insights.webtest:1.0.0' = { | [`timeout`](#parameter-timeout) | int | Seconds until this WebTest will timeout and fail. | | [`validationRules`](#parameter-validationrules) | object | The collection of validation rule properties. | +### Parameter: `name` + +Name of the webtest. + +- Required: Yes +- Type: string + +### Parameter: `request` + +The collection of request properties. + +- Required: Yes +- Type: object + +### Parameter: `tags` + +A single hidden-link tag pointing to an existing AI component is required. + +- Required: Yes +- Type: object + +### Parameter: `webTestName` + +User defined name if this WebTest. + +- Required: Yes +- Type: string + ### Parameter: `configuration` An XML configuration specification for a WebTest. + - Required: No - Type: object - Default: `{}` @@ -339,6 +368,7 @@ An XML configuration specification for a WebTest. ### Parameter: `description` User defined description for this WebTest. + - Required: No - Type: string - Default: `''` @@ -346,6 +376,7 @@ User defined description for this WebTest. ### Parameter: `enabled` Is the test actively being monitored. + - Required: No - Type: bool - Default: `True` @@ -353,6 +384,7 @@ Is the test actively being monitored. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -360,6 +392,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `frequency` Interval in seconds between test runs for this WebTest. + - Required: No - Type: int - Default: `300` @@ -367,6 +400,7 @@ Interval in seconds between test runs for this WebTest. ### Parameter: `kind` The kind of WebTest that this web test watches. + - Required: No - Type: string - Default: `'standard'` @@ -382,6 +416,7 @@ The kind of WebTest that this web test watches. ### Parameter: `location` Location for all Resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -389,6 +424,7 @@ Location for all Resources. ### Parameter: `locations` List of where to physically run the tests from to give global coverage for accessibility of your application. + - Required: No - Type: array - Default: @@ -415,45 +451,43 @@ List of where to physically run the tests from to give global coverage for acces ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string -### Parameter: `name` - -Name of the webtest. -- Required: Yes -- Type: string - -### Parameter: `request` - -The collection of request properties. -- Required: Yes -- Type: object - ### Parameter: `retryEnabled` Allow for retries should this WebTest fail. + - Required: No - Type: bool - Default: `True` @@ -461,87 +495,104 @@ Allow for retries should this WebTest fail. ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `syntheticMonitorId` Unique ID of this WebTest. + - Required: No - Type: string - Default: `[parameters('name')]` -### Parameter: `tags` - -A single hidden-link tag pointing to an existing AI component is required. -- Required: Yes -- Type: object - ### Parameter: `timeout` Seconds until this WebTest will timeout and fail. + - Required: No - Type: int - Default: `30` @@ -549,16 +600,11 @@ Seconds until this WebTest will timeout and fail. ### Parameter: `validationRules` The collection of validation rule properties. + - Required: No - Type: object - Default: `{}` -### Parameter: `webTestName` - -User defined name if this WebTest. -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/key-vault/vault/README.md b/modules/key-vault/vault/README.md index 155324660e..d78189962a 100644 --- a/modules/key-vault/vault/README.md +++ b/modules/key-vault/vault/README.md @@ -1113,9 +1113,17 @@ module vault 'br:bicep/modules/key-vault.vault:1.0.0' = { | [`tags`](#parameter-tags) | object | Resource tags. | | [`vaultSku`](#parameter-vaultsku) | string | Specifies the SKU for the vault. | +### Parameter: `name` + +Name of the Key Vault. Must be globally unique. + +- Required: Yes +- Type: string + ### Parameter: `accessPolicies` All access policies to create. + - Required: No - Type: array - Default: `[]` @@ -1123,6 +1131,7 @@ All access policies to create. ### Parameter: `createMode` The vault's create mode to indicate whether the vault need to be recovered or not. - recover or default. + - Required: No - Type: string - Default: `'default'` @@ -1130,114 +1139,90 @@ The vault's create mode to indicate whether the vault need to be recovered or no ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.metricCategories` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | - -### Parameter: `diagnosticSettings.metricCategories.category` - -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. - -- Required: Yes -- Type: string - - ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -1245,6 +1230,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -1252,6 +1238,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `enablePurgeProtection` Provide 'true' to enable Key Vault's purge protection feature. + - Required: No - Type: bool - Default: `True` @@ -1259,6 +1246,7 @@ Provide 'true' to enable Key Vault's purge protection feature. ### Parameter: `enableRbacAuthorization` Property that controls how data actions are authorized. When true, the key vault will use Role Based Access Control (RBAC) for authorization of data actions, and the access policies specified in vault properties will be ignored. When false, the key vault will use the access policies specified in vault properties, and any policy stored on Azure Resource Manager will be ignored. Note that management actions are always authorized with RBAC. + - Required: No - Type: bool - Default: `True` @@ -1266,6 +1254,7 @@ Property that controls how data actions are authorized. When true, the key vault ### Parameter: `enableSoftDelete` Switch to enable/disable Key Vault's soft delete feature. + - Required: No - Type: bool - Default: `True` @@ -1273,6 +1262,7 @@ Switch to enable/disable Key Vault's soft delete feature. ### Parameter: `enableVaultForDeployment` Specifies if the vault is enabled for deployment by script or compute. + - Required: No - Type: bool - Default: `True` @@ -1280,6 +1270,7 @@ Specifies if the vault is enabled for deployment by script or compute. ### Parameter: `enableVaultForDiskEncryption` Specifies if the azure platform has access to the vault for enabling disk encryption scenarios. + - Required: No - Type: bool - Default: `True` @@ -1287,6 +1278,7 @@ Specifies if the azure platform has access to the vault for enabling disk encryp ### Parameter: `enableVaultForTemplateDeployment` Specifies if the vault is enabled for a template deployment. + - Required: No - Type: bool - Default: `True` @@ -1294,6 +1286,7 @@ Specifies if the vault is enabled for a template deployment. ### Parameter: `keys` All keys to create. + - Required: No - Type: array - Default: `[]` @@ -1301,6 +1294,7 @@ All keys to create. ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -1308,39 +1302,43 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string -### Parameter: `name` - -Name of the Key Vault. Must be globally unique. -- Required: Yes -- Type: string - ### Parameter: `networkAcls` Service endpoint object information. For security reasons, it is recommended to set the DefaultAction Deny. + - Required: No - Type: object - Default: `{}` @@ -1348,197 +1346,247 @@ Service endpoint object information. For security reasons, it is recommended to ### Parameter: `privateEndpoints` Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | No | array | Optional. Application security groups in which the private endpoint IP configuration is included. | -| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | No | array | Optional. Custom DNS configurations. | -| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | No | string | Optional. The custom name of the network interface attached to the private endpoint. | -| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | No | bool | Optional. Enable/Disable usage telemetry for module. | -| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | No | array | Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | -| [`location`](#parameter-privateendpointslocation) | No | string | Optional. The location to deploy the private endpoint to. | -| [`lock`](#parameter-privateendpointslock) | No | object | Optional. Specify the type of lock. | -| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | No | array | Optional. Manual PrivateLink Service Connections. | -| [`name`](#parameter-privateendpointsname) | No | string | Optional. The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | No | string | Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | -| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | No | array | Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | -| [`roleAssignments`](#parameter-privateendpointsroleassignments) | No | array | Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| [`service`](#parameter-privateendpointsservice) | No | string | Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | -| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | Yes | string | Required. Resource ID of the subnet where the endpoint needs to be created. | -| [`tags`](#parameter-privateendpointstags) | No | object | Optional. Tags to be applied on all resources/resource groups in this deployment. | - -### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` - -Optional. Application security groups in which the private endpoint IP configuration is included. +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | string | Resource ID of the subnet where the endpoint needs to be created. | -- Required: No -- Type: array +**Optional parameters** -### Parameter: `privateEndpoints.customDnsConfigs` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | array | Application security groups in which the private endpoint IP configuration is included. | +| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | array | Custom DNS configurations. | +| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | +| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | +| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | +| [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | +| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | +| [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | +| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | +| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | +| [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | +| [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | -Optional. Custom DNS configurations. +### Parameter: `privateEndpoints.subnetResourceId` -- Required: No -- Type: array +Resource ID of the subnet where the endpoint needs to be created. -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | No | string | Required. Fqdn that resolves to private endpoint ip address. | -| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | Yes | array | Required. A list of private ip addresses of the private endpoint. | +- Required: Yes +- Type: string -### Parameter: `privateEndpoints.customDnsConfigs.fqdn` +### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` -Required. Fqdn that resolves to private endpoint ip address. +Application security groups in which the private endpoint IP configuration is included. - Required: No -- Type: string +- Type: array -### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` +### Parameter: `privateEndpoints.customDnsConfigs` -Required. A list of private ip addresses of the private endpoint. +Custom DNS configurations. -- Required: Yes +- Required: No - Type: array - ### Parameter: `privateEndpoints.customNetworkInterfaceName` -Optional. The custom name of the network interface attached to the private endpoint. +The custom name of the network interface attached to the private endpoint. - Required: No - Type: string ### Parameter: `privateEndpoints.enableTelemetry` -Optional. Enable/Disable usage telemetry for module. +Enable/Disable usage telemetry for module. - Required: No - Type: bool ### Parameter: `privateEndpoints.ipConfigurations` -Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. +A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`name`](#parameter-privateendpointsipconfigurationsname) | Yes | string | Required. The name of the resource that is unique within a resource group. | -| [`properties`](#parameter-privateendpointsipconfigurationsproperties) | Yes | object | Required. Properties of private endpoint IP configurations. | - -### Parameter: `privateEndpoints.ipConfigurations.name` +### Parameter: `privateEndpoints.location` -Required. The name of the resource that is unique within a resource group. +The location to deploy the private endpoint to. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties` +### Parameter: `privateEndpoints.lock` -Required. Properties of private endpoint IP configurations. +Specify the type of lock. -- Required: Yes +- Required: No - Type: object -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | Yes | string | Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. | -| [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | Yes | string | Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. | -| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | Yes | string | Required. A private ip address obtained from the private endpoint's subnet. | +**Optional parameters** -### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-privateendpointslockkind) | string | Specify the type of lock. | +| [`name`](#parameter-privateendpointslockname) | string | Specify the name of lock. | -Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. +### Parameter: `privateEndpoints.lock.kind` -- Required: Yes +Specify the type of lock. + +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` -### Parameter: `privateEndpoints.ipConfigurations.properties.memberName` +### Parameter: `privateEndpoints.lock.name` -Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. +Specify the name of lock. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` +### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` -Required. A private ip address obtained from the private endpoint's subnet. +Manual PrivateLink Service Connections. -- Required: Yes -- Type: string +- Required: No +- Type: array +### Parameter: `privateEndpoints.name` +The name of the private endpoint. -### Parameter: `privateEndpoints.location` +- Required: No +- Type: string + +### Parameter: `privateEndpoints.privateDnsZoneGroupName` -Optional. The location to deploy the private endpoint to. +The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. - Required: No - Type: string -### Parameter: `privateEndpoints.lock` +### Parameter: `privateEndpoints.privateDnsZoneResourceIds` -Optional. Specify the type of lock. +The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. - Required: No -- Type: object +- Type: array -### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` +### Parameter: `privateEndpoints.roleAssignments` -Optional. Manual PrivateLink Service Connections. +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. - Required: No - Type: array -### Parameter: `privateEndpoints.name` +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-privateendpointsroleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-privateendpointsroleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-privateendpointsroleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-privateendpointsroleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-privateendpointsroleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-privateendpointsroleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-privateendpointsroleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | + +### Parameter: `privateEndpoints.roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.roleAssignments.roleDefinitionIdOrName` -Optional. The name of the private endpoint. +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.roleAssignments.condition` + +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `privateEndpoints.privateDnsZoneGroupName` +### Parameter: `privateEndpoints.roleAssignments.conditionVersion` -Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `privateEndpoints.privateDnsZoneResourceIds` +### Parameter: `privateEndpoints.roleAssignments.delegatedManagedIdentityResourceId` -Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. +The Resource Id of the delegated managed identity resource. - Required: No -- Type: array +- Type: string -### Parameter: `privateEndpoints.roleAssignments` +### Parameter: `privateEndpoints.roleAssignments.description` -Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The description of the role assignment. - Required: No -- Type: array +- Type: string -### Parameter: `privateEndpoints.service` +### Parameter: `privateEndpoints.roleAssignments.principalType` -Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". +The principal type of the assigned principal ID. - Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` -### Parameter: `privateEndpoints.subnetResourceId` +### Parameter: `privateEndpoints.service` -Required. Resource ID of the subnet where the endpoint needs to be created. +The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". -- Required: Yes +- Required: No - Type: string ### Parameter: `privateEndpoints.tags` -Optional. Tags to be applied on all resources/resource groups in this deployment. +Tags to be applied on all resources/resource groups in this deployment. - Required: No - Type: object @@ -1546,6 +1594,7 @@ Optional. Tags to be applied on all resources/resource groups in this deployment ### Parameter: `publicNetworkAccess` Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and networkAcls are not set. + - Required: No - Type: string - Default: `''` @@ -1561,74 +1610,96 @@ Whether or not public network access is allowed for this resource. For security ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `secrets` All secrets to create. + - Required: No - Type: secureObject - Default: `{}` @@ -1636,6 +1707,7 @@ All secrets to create. ### Parameter: `softDeleteRetentionInDays` softDelete data retention days. It accepts >=7 and <=90. + - Required: No - Type: int - Default: `90` @@ -1643,12 +1715,14 @@ softDelete data retention days. It accepts >=7 and <=90. ### Parameter: `tags` Resource tags. + - Required: No - Type: object ### Parameter: `vaultSku` Specifies the SKU for the vault. + - Required: No - Type: string - Default: `'premium'` diff --git a/modules/key-vault/vault/access-policy/README.md b/modules/key-vault/vault/access-policy/README.md index 3cd899cab1..4e417d6857 100644 --- a/modules/key-vault/vault/access-policy/README.md +++ b/modules/key-vault/vault/access-policy/README.md @@ -30,9 +30,17 @@ This module deploys a Key Vault Access Policy. | [`accessPolicies`](#parameter-accesspolicies) | array | An array of 0 to 16 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | +### Parameter: `keyVaultName` + +The name of the parent key vault. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `accessPolicies` An array of 0 to 16 identities that have access to the key vault. All identities in the array must use the same tenant ID as the key vault's tenant ID. + - Required: No - Type: array - Default: `[]` @@ -40,16 +48,11 @@ An array of 0 to 16 identities that have access to the key vault. All identities ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` -### Parameter: `keyVaultName` - -The name of the parent key vault. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/key-vault/vault/key/README.md b/modules/key-vault/vault/key/README.md index 9a4617afd2..56a60ada8c 100644 --- a/modules/key-vault/vault/key/README.md +++ b/modules/key-vault/vault/key/README.md @@ -47,9 +47,24 @@ This module deploys a Key Vault Key. | [`rotationPolicy`](#parameter-rotationpolicy) | object | Key rotation policy properties object. | | [`tags`](#parameter-tags) | object | Resource tags. | +### Parameter: `name` + +The name of the key. + +- Required: Yes +- Type: string + +### Parameter: `keyVaultName` + +The name of the parent key vault. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `attributesEnabled` Determines whether the object is enabled. + - Required: No - Type: bool - Default: `True` @@ -57,6 +72,7 @@ Determines whether the object is enabled. ### Parameter: `attributesExp` Expiry date in seconds since 1970-01-01T00:00:00Z. For security reasons, it is recommended to set an expiration date whenever possible. + - Required: No - Type: int - Default: `-1` @@ -64,6 +80,7 @@ Expiry date in seconds since 1970-01-01T00:00:00Z. For security reasons, it is r ### Parameter: `attributesNbf` Not before date in seconds since 1970-01-01T00:00:00Z. + - Required: No - Type: int - Default: `-1` @@ -71,6 +88,7 @@ Not before date in seconds since 1970-01-01T00:00:00Z. ### Parameter: `curveName` The elliptic curve name. + - Required: No - Type: string - Default: `'P-256'` @@ -87,6 +105,7 @@ The elliptic curve name. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -94,6 +113,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `keyOps` Array of JsonWebKeyOperation. + - Required: No - Type: array - Default: `[]` @@ -113,19 +133,15 @@ Array of JsonWebKeyOperation. ### Parameter: `keySize` The key size in bits. For example: 2048, 3072, or 4096 for RSA. + - Required: No - Type: int - Default: `-1` -### Parameter: `keyVaultName` - -The name of the parent key vault. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `kty` The type of the key. + - Required: No - Type: string - Default: `'EC'` @@ -139,83 +155,99 @@ The type of the key. ] ``` -### Parameter: `name` - -The name of the key. -- Required: Yes -- Type: string - ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `rotationPolicy` Key rotation policy properties object. + - Required: No - Type: object - Default: `{}` @@ -223,6 +255,7 @@ Key rotation policy properties object. ### Parameter: `tags` Resource tags. + - Required: No - Type: object diff --git a/modules/key-vault/vault/secret/README.md b/modules/key-vault/vault/secret/README.md index 93ae0de35b..781351c2d8 100644 --- a/modules/key-vault/vault/secret/README.md +++ b/modules/key-vault/vault/secret/README.md @@ -43,9 +43,31 @@ This module deploys a Key Vault Secret. | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`tags`](#parameter-tags) | object | Resource tags. | +### Parameter: `name` + +The name of the secret. + +- Required: Yes +- Type: string + +### Parameter: `value` + +The value of the secret. NOTE: "value" will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets. + +- Required: Yes +- Type: securestring + +### Parameter: `keyVaultName` + +The name of the parent key vault. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `attributesEnabled` Determines whether the object is enabled. + - Required: No - Type: bool - Default: `True` @@ -53,6 +75,7 @@ Determines whether the object is enabled. ### Parameter: `attributesExp` Expiry date in seconds since 1970-01-01T00:00:00Z. For security reasons, it is recommended to set an expiration date whenever possible. + - Required: No - Type: int - Default: `-1` @@ -60,6 +83,7 @@ Expiry date in seconds since 1970-01-01T00:00:00Z. For security reasons, it is r ### Parameter: `attributesNbf` Not before date in seconds since 1970-01-01T00:00:00Z. + - Required: No - Type: int - Default: `-1` @@ -67,6 +91,7 @@ Not before date in seconds since 1970-01-01T00:00:00Z. ### Parameter: `contentType` The content type of the secret. + - Required: No - Type: securestring - Default: `''` @@ -74,102 +99,107 @@ The content type of the secret. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` -### Parameter: `keyVaultName` - -The name of the parent key vault. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - -### Parameter: `name` - -The name of the secret. -- Required: Yes -- Type: string - ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `tags` Resource tags. + - Required: No - Type: object -### Parameter: `value` - -The value of the secret. NOTE: "value" will never be returned from the service, as APIs using this model are is intended for internal use in ARM deployments. Users should use the data-plane REST service for interaction with vault secrets. -- Required: Yes -- Type: securestring - ## Outputs diff --git a/modules/kubernetes-configuration/extension/README.md b/modules/kubernetes-configuration/extension/README.md index 9019bb4998..638d8bb08c 100644 --- a/modules/kubernetes-configuration/extension/README.md +++ b/modules/kubernetes-configuration/extension/README.md @@ -17,7 +17,7 @@ This module deploys a Kubernetes Configuration Extension. | Resource Type | API Version | | :-- | :-- | | `Microsoft.KubernetesConfiguration/extensions` | [2022-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.KubernetesConfiguration/2022-03-01/extensions) | -| `Microsoft.KubernetesConfiguration/fluxConfigurations` | [2022-03-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.KubernetesConfiguration/2022-03-01/fluxConfigurations) | +| `Microsoft.KubernetesConfiguration/fluxConfigurations` | [2023-05-01](https://learn.microsoft.com/en-us/azure/templates/Microsoft.KubernetesConfiguration/fluxConfigurations) | ## Usage examples @@ -132,6 +132,16 @@ module extension 'br:bicep/modules/kubernetes-configuration.extension:1.0.0' = { timeoutInSeconds: 180 url: 'https://github.com/mspnp/aks-baseline' } + kustomizations: { + unified: { + dependsOn: [] + force: false + path: './cluster-manifests' + prune: true + syncIntervalInSeconds: 300 + timeoutInSeconds: 300 + } + } namespace: 'flux-system' } ] @@ -189,6 +199,16 @@ module extension 'br:bicep/modules/kubernetes-configuration.extension:1.0.0' = { "timeoutInSeconds": 180, "url": "https://github.com/mspnp/aks-baseline" }, + "kustomizations": { + "unified": { + "dependsOn": [], + "force": false, + "path": "./cluster-manifests", + "prune": true, + "syncIntervalInSeconds": 300, + "timeoutInSeconds": 300 + } + }, "namespace": "flux-system" } ] @@ -246,6 +266,16 @@ module extension 'br:bicep/modules/kubernetes-configuration.extension:1.0.0' = { timeoutInSeconds: 180 url: 'https://github.com/mspnp/aks-baseline' } + kustomizations: { + unified: { + dependsOn: [] + force: false + path: './cluster-manifests' + prune: true + syncIntervalInSeconds: 300 + timeoutInSeconds: 300 + } + } namespace: 'flux-system' } ] @@ -303,6 +333,16 @@ module extension 'br:bicep/modules/kubernetes-configuration.extension:1.0.0' = { "timeoutInSeconds": 180, "url": "https://github.com/mspnp/aks-baseline" }, + "kustomizations": { + "unified": { + "dependsOn": [], + "force": false, + "path": "./cluster-manifests", + "prune": true, + "syncIntervalInSeconds": 300, + "timeoutInSeconds": 300 + } + }, "namespace": "flux-system" } ] @@ -351,12 +391,28 @@ module extension 'br:bicep/modules/kubernetes-configuration.extension:1.0.0' = { ### Parameter: `clusterName` The name of the AKS cluster that should be configured. + +- Required: Yes +- Type: string + +### Parameter: `extensionType` + +Type of the Extension, of which this resource is an instance of. It must be one of the Extension Types registered with Microsoft.KubernetesConfiguration by the Extension publisher. + +- Required: Yes +- Type: string + +### Parameter: `name` + +The name of the Flux Configuration. + - Required: Yes - Type: string ### Parameter: `configurationProtectedSettings` Configuration settings that are sensitive, as name-value pairs for configuring this extension. + - Required: No - Type: secureObject - Default: `{}` @@ -364,6 +420,7 @@ Configuration settings that are sensitive, as name-value pairs for configuring t ### Parameter: `configurationSettings` Configuration settings, as name-value pairs for configuring this extension. + - Required: No - Type: object - Default: `{}` @@ -371,19 +428,15 @@ Configuration settings, as name-value pairs for configuring this extension. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` -### Parameter: `extensionType` - -Type of the Extension, of which this resource is an instance of. It must be one of the Extension Types registered with Microsoft.KubernetesConfiguration by the Extension publisher. -- Required: Yes -- Type: string - ### Parameter: `fluxConfigurations` A list of flux configuraitons. + - Required: No - Type: array - Default: `[]` @@ -391,19 +444,15 @@ A list of flux configuraitons. ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` -### Parameter: `name` - -The name of the Flux Configuration. -- Required: Yes -- Type: string - ### Parameter: `releaseNamespace` Namespace where the extension Release must be placed, for a Cluster scoped extension. If this namespace does not exist, it will be created. + - Required: No - Type: string - Default: `''` @@ -411,6 +460,7 @@ Namespace where the extension Release must be placed, for a Cluster scoped exten ### Parameter: `releaseTrain` ReleaseTrain this extension participates in for auto-upgrade (e.g. Stable, Preview, etc.) - only if autoUpgradeMinorVersion is "true". + - Required: No - Type: string - Default: `'Stable'` @@ -418,6 +468,7 @@ ReleaseTrain this extension participates in for auto-upgrade (e.g. Stable, Previ ### Parameter: `targetNamespace` Namespace where the extension will be created for an Namespace scoped extension. If this namespace does not exist, it will be created. + - Required: No - Type: string - Default: `''` @@ -425,6 +476,7 @@ Namespace where the extension will be created for an Namespace scoped extension. ### Parameter: `version` Version of the extension for this extension, if it is "pinned" to a specific version. + - Required: No - Type: string - Default: `''` diff --git a/modules/kubernetes-configuration/flux-configuration/README.md b/modules/kubernetes-configuration/flux-configuration/README.md index 2da23ceb45..8f11c31731 100644 --- a/modules/kubernetes-configuration/flux-configuration/README.md +++ b/modules/kubernetes-configuration/flux-configuration/README.md @@ -374,68 +374,38 @@ module fluxConfiguration 'br:bicep/modules/kubernetes-configuration.flux-configu | [`location`](#parameter-location) | string | Location for all resources. | | [`suspend`](#parameter-suspend) | bool | Whether this configuration should suspend its reconciliation of its kustomizations and sources. | -### Parameter: `bucket` - -Parameters to reconcile to the GitRepository source kind type. -- Required: No -- Type: object -- Default: `{}` - ### Parameter: `clusterName` The name of the AKS cluster that should be configured. + - Required: Yes - Type: string -### Parameter: `configurationProtectedSettings` - -Key-value pairs of protected configuration settings for the configuration. -- Required: No -- Type: secureObject -- Default: `{}` - -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` - -### Parameter: `gitRepository` - -Parameters to reconcile to the GitRepository source kind type. -- Required: No -- Type: object -- Default: `{}` - ### Parameter: `kustomizations` Array of kustomizations used to reconcile the artifact pulled by the source type on the cluster. + - Required: Yes - Type: object -### Parameter: `location` - -Location for all resources. -- Required: No -- Type: string -- Default: `[resourceGroup().location]` - ### Parameter: `name` The name of the Flux Configuration. + - Required: Yes - Type: string ### Parameter: `namespace` The namespace to which this configuration is installed to. Maximum of 253 lower case alphanumeric characters, hyphen and period only. + - Required: Yes - Type: string ### Parameter: `scope` Scope at which the configuration will be installed. + - Required: Yes - Type: string - Allowed: @@ -449,6 +419,7 @@ Scope at which the configuration will be installed. ### Parameter: `sourceKind` Source Kind to pull the configuration data from. + - Required: Yes - Type: string - Allowed: @@ -459,9 +430,50 @@ Source Kind to pull the configuration data from. ] ``` +### Parameter: `bucket` + +Parameters to reconcile to the GitRepository source kind type. + +- Required: No +- Type: object +- Default: `{}` + +### Parameter: `configurationProtectedSettings` + +Key-value pairs of protected configuration settings for the configuration. + +- Required: No +- Type: secureObject +- Default: `{}` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `gitRepository` + +Parameters to reconcile to the GitRepository source kind type. + +- Required: No +- Type: object +- Default: `{}` + +### Parameter: `location` + +Location for all resources. + +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + ### Parameter: `suspend` Whether this configuration should suspend its reconciliation of its kustomizations and sources. + - Required: No - Type: bool - Default: `False` diff --git a/modules/logic/workflow/README.md b/modules/logic/workflow/README.md index a8dec6b147..a078f14601 100644 --- a/modules/logic/workflow/README.md +++ b/modules/logic/workflow/README.md @@ -457,9 +457,17 @@ module workflow 'br:bicep/modules/logic.workflow:1.0.0' = { | [`workflowStaticResults`](#parameter-workflowstaticresults) | object | The definitions for one or more static results returned by actions as mock outputs when static results are enabled on those actions. In each action definition, the runtimeConfiguration.staticResult.name attribute references the corresponding definition inside staticResults. | | [`workflowTriggers`](#parameter-workflowtriggers) | object | The definitions for one or more triggers that instantiate your workflow. You can define more than one trigger, but only with the Workflow Definition Language, not visually through the Logic Apps Designer. | +### Parameter: `name` + +The logic app workflow name. + +- Required: Yes +- Type: string + ### Parameter: `actionsAccessControlConfiguration` The access control configuration for workflow actions. + - Required: No - Type: object - Default: `{}` @@ -467,6 +475,7 @@ The access control configuration for workflow actions. ### Parameter: `connectorEndpointsConfiguration` The endpoints configuration: Access endpoint and outgoing IP addresses for the connector. + - Required: No - Type: object - Default: `{}` @@ -474,6 +483,7 @@ The endpoints configuration: Access endpoint and outgoing IP addresses for the ### Parameter: `contentsAccessControlConfiguration` The access control configuration for accessing workflow run contents. + - Required: No - Type: object - Default: `{}` @@ -481,6 +491,7 @@ The access control configuration for accessing workflow run contents. ### Parameter: `definitionParameters` Parameters for the definition template. + - Required: No - Type: object - Default: `{}` @@ -488,114 +499,90 @@ Parameters for the definition template. ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.metricCategories` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | - -### Parameter: `diagnosticSettings.metricCategories.category` - -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. - -- Required: Yes -- Type: string - - ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -603,6 +590,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -610,6 +598,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `integrationAccount` The integration account. + - Required: No - Type: object - Default: `{}` @@ -617,6 +606,7 @@ The integration account. ### Parameter: `integrationServiceEnvironmentResourceId` The integration service environment Id. + - Required: No - Type: string - Default: `''` @@ -624,6 +614,7 @@ The integration service environment Id. ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -631,26 +622,35 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -658,106 +658,124 @@ Optional. Specify the name of lock. ### Parameter: `managedIdentities` The managed identity definition for this resource. Only one type of identity is supported: system-assigned or user-assigned, but not both. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | No | bool | Optional. Enables system assigned managed identity on the resource. | -| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | No | array | Optional. The resource ID(s) to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | bool | Enables system assigned managed identity on the resource. | +| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. | ### Parameter: `managedIdentities.systemAssigned` -Optional. Enables system assigned managed identity on the resource. +Enables system assigned managed identity on the resource. - Required: No - Type: bool ### Parameter: `managedIdentities.userAssignedResourceIds` -Optional. The resource ID(s) to assign to the resource. +The resource ID(s) to assign to the resource. - Required: No - Type: array -### Parameter: `name` - -The logic app workflow name. -- Required: Yes -- Type: string - ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `state` The state. - NotSpecified, Completed, Enabled, Disabled, Deleted, Suspended. + - Required: No - Type: string - Default: `'Enabled'` @@ -776,12 +794,14 @@ The state. - NotSpecified, Completed, Enabled, Disabled, Deleted, Suspended. ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object ### Parameter: `triggersAccessControlConfiguration` The access control configuration for invoking workflow triggers. + - Required: No - Type: object - Default: `{}` @@ -789,6 +809,7 @@ The access control configuration for invoking workflow triggers. ### Parameter: `workflowActions` The definitions for one or more actions to execute at workflow runtime. + - Required: No - Type: object - Default: `{}` @@ -796,6 +817,7 @@ The definitions for one or more actions to execute at workflow runtime. ### Parameter: `workflowEndpointsConfiguration` The endpoints configuration: Access endpoint and outgoing IP addresses for the workflow. + - Required: No - Type: object - Default: `{}` @@ -803,6 +825,7 @@ The endpoints configuration: Access endpoint and outgoing IP addresses for the ### Parameter: `workflowManagementAccessControlConfiguration` The access control configuration for workflow management. + - Required: No - Type: object - Default: `{}` @@ -810,6 +833,7 @@ The access control configuration for workflow management. ### Parameter: `workflowOutputs` The definitions for the outputs to return from a workflow run. + - Required: No - Type: object - Default: `{}` @@ -817,6 +841,7 @@ The definitions for the outputs to return from a workflow run. ### Parameter: `workflowParameters` The definitions for one or more parameters that pass the values to use at your logic app's runtime. + - Required: No - Type: object - Default: `{}` @@ -824,6 +849,7 @@ The definitions for one or more parameters that pass the values to use at your l ### Parameter: `workflowStaticResults` The definitions for one or more static results returned by actions as mock outputs when static results are enabled on those actions. In each action definition, the runtimeConfiguration.staticResult.name attribute references the corresponding definition inside staticResults. + - Required: No - Type: object - Default: `{}` @@ -831,6 +857,7 @@ The definitions for one or more static results returned by actions as mock outpu ### Parameter: `workflowTriggers` The definitions for one or more triggers that instantiate your workflow. You can define more than one trigger, but only with the Workflow Definition Language, not visually through the Logic Apps Designer. + - Required: No - Type: object - Default: `{}` diff --git a/modules/machine-learning-services/workspace/README.md b/modules/machine-learning-services/workspace/README.md index cb7a86c358..b056b265b6 100644 --- a/modules/machine-learning-services/workspace/README.md +++ b/modules/machine-learning-services/workspace/README.md @@ -792,41 +792,78 @@ module workspace 'br:bicep/modules/machine-learning-services.workspace:1.0.0' = | [`sharedPrivateLinkResources`](#parameter-sharedprivatelinkresources) | array | The list of shared private link resources in this workspace. | | [`tags`](#parameter-tags) | object | Resource tags. | -### Parameter: `allowPublicAccessWhenBehindVnet` - -The flag to indicate whether to allow public access when behind VNet. -- Required: No -- Type: bool -- Default: `False` - ### Parameter: `associatedApplicationInsightsResourceId` The resource ID of the associated Application Insights. -- Required: Yes -- Type: string -### Parameter: `associatedContainerRegistryResourceId` - -The resource ID of the associated Container Registry. -- Required: No +- Required: Yes - Type: string -- Default: `''` ### Parameter: `associatedKeyVaultResourceId` The resource ID of the associated Key Vault. + - Required: Yes - Type: string ### Parameter: `associatedStorageAccountResourceId` The resource ID of the associated Storage Account. + +- Required: Yes +- Type: string + +### Parameter: `name` + +The name of the machine learning workspace. + - Required: Yes - Type: string +### Parameter: `sku` + +Specifies the SKU, also referred as 'edition' of the Azure Machine Learning workspace. + +- Required: Yes +- Type: string +- Allowed: + ```Bicep + [ + 'Basic' + 'Free' + 'Premium' + 'Standard' + ] + ``` + +### Parameter: `primaryUserAssignedIdentity` + +The user assigned identity resource ID that represents the workspace identity. Required if 'userAssignedIdentities' is not empty and may not be used if 'systemAssignedIdentity' is enabled. + +- Required: No +- Type: string +- Default: `''` + +### Parameter: `allowPublicAccessWhenBehindVnet` + +The flag to indicate whether to allow public access when behind VNet. + +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `associatedContainerRegistryResourceId` + +The resource ID of the associated Container Registry. + +- Required: No +- Type: string +- Default: `''` + ### Parameter: `computes` Computes to create respectively attach to the workspace. + - Required: No - Type: array - Default: `[]` @@ -834,41 +871,48 @@ Computes to create respectively attach to the workspace. ### Parameter: `customerManagedKey` The customer managed key definition. + - Required: No - Type: object +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`keyName`](#parameter-customermanagedkeykeyname) | Yes | string | Required. The name of the customer managed key to use for encryption. | -| [`keyVaultResourceId`](#parameter-customermanagedkeykeyvaultresourceid) | Yes | string | Required. The resource ID of a key vault to reference a customer managed key for encryption from. | -| [`keyVersion`](#parameter-customermanagedkeykeyversion) | No | string | Optional. The version of the customer managed key to reference for encryption. If not provided, using 'latest'. | -| [`userAssignedIdentityResourceId`](#parameter-customermanagedkeyuserassignedidentityresourceid) | No | string | Optional. User assigned identity to use when fetching the customer managed key. Required if no system assigned identity is available for use. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`keyName`](#parameter-customermanagedkeykeyname) | string | The name of the customer managed key to use for encryption. | +| [`keyVaultResourceId`](#parameter-customermanagedkeykeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`keyVersion`](#parameter-customermanagedkeykeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, using 'latest'. | +| [`userAssignedIdentityResourceId`](#parameter-customermanagedkeyuserassignedidentityresourceid) | string | User assigned identity to use when fetching the customer managed key. Required if no system assigned identity is available for use. | ### Parameter: `customerManagedKey.keyName` -Required. The name of the customer managed key to use for encryption. +The name of the customer managed key to use for encryption. - Required: Yes - Type: string ### Parameter: `customerManagedKey.keyVaultResourceId` -Required. The resource ID of a key vault to reference a customer managed key for encryption from. +The resource ID of a key vault to reference a customer managed key for encryption from. - Required: Yes - Type: string ### Parameter: `customerManagedKey.keyVersion` -Optional. The version of the customer managed key to reference for encryption. If not provided, using 'latest'. +The version of the customer managed key to reference for encryption. If not provided, using 'latest'. - Required: No - Type: string ### Parameter: `customerManagedKey.userAssignedIdentityResourceId` -Optional. User assigned identity to use when fetching the customer managed key. Required if no system assigned identity is available for use. +User assigned identity to use when fetching the customer managed key. Required if no system assigned identity is available for use. - Required: No - Type: string @@ -876,6 +920,7 @@ Optional. User assigned identity to use when fetching the customer managed key. ### Parameter: `description` The description of this workspace. + - Required: No - Type: string - Default: `''` @@ -883,114 +928,90 @@ The description of this workspace. ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.metricCategories` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | - -### Parameter: `diagnosticSettings.metricCategories.category` - -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. - -- Required: Yes -- Type: string - - ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -998,6 +1019,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `discoveryUrl` URL for the discovery service to identify regional endpoints for machine learning experimentation services. + - Required: No - Type: string - Default: `''` @@ -1005,6 +1027,7 @@ URL for the discovery service to identify regional endpoints for machine learnin ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -1012,6 +1035,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `hbiWorkspace` The flag to signal HBI data in the workspace and reduce diagnostic data collected by the service. + - Required: No - Type: bool - Default: `False` @@ -1019,6 +1043,7 @@ The flag to signal HBI data in the workspace and reduce diagnostic data collecte ### Parameter: `imageBuildCompute` The compute name for image build. + - Required: No - Type: string - Default: `''` @@ -1026,6 +1051,7 @@ The compute name for image build. ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -1033,26 +1059,35 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -1060,6 +1095,7 @@ Optional. Specify the name of lock. ### Parameter: `managedIdentities` The managed identity definition for this resource. At least one identity type is required. + - Required: No - Type: object - Default: @@ -1069,212 +1105,271 @@ The managed identity definition for this resource. At least one identity type is } ``` +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | No | bool | Optional. Enables system assigned managed identity on the resource. | -| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | No | array | Optional. The resource ID(s) to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | bool | Enables system assigned managed identity on the resource. | +| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. | ### Parameter: `managedIdentities.systemAssigned` -Optional. Enables system assigned managed identity on the resource. +Enables system assigned managed identity on the resource. - Required: No - Type: bool ### Parameter: `managedIdentities.userAssignedResourceIds` -Optional. The resource ID(s) to assign to the resource. +The resource ID(s) to assign to the resource. - Required: No - Type: array -### Parameter: `name` - -The name of the machine learning workspace. -- Required: Yes -- Type: string - -### Parameter: `primaryUserAssignedIdentity` - -The user assigned identity resource ID that represents the workspace identity. Required if 'userAssignedIdentities' is not empty and may not be used if 'systemAssignedIdentity' is enabled. -- Required: No -- Type: string -- Default: `''` - ### Parameter: `privateEndpoints` Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | No | array | Optional. Application security groups in which the private endpoint IP configuration is included. | -| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | No | array | Optional. Custom DNS configurations. | -| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | No | string | Optional. The custom name of the network interface attached to the private endpoint. | -| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | No | bool | Optional. Enable/Disable usage telemetry for module. | -| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | No | array | Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | -| [`location`](#parameter-privateendpointslocation) | No | string | Optional. The location to deploy the private endpoint to. | -| [`lock`](#parameter-privateendpointslock) | No | object | Optional. Specify the type of lock. | -| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | No | array | Optional. Manual PrivateLink Service Connections. | -| [`name`](#parameter-privateendpointsname) | No | string | Optional. The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | No | string | Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | -| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | No | array | Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | -| [`roleAssignments`](#parameter-privateendpointsroleassignments) | No | array | Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| [`service`](#parameter-privateendpointsservice) | No | string | Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | -| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | Yes | string | Required. Resource ID of the subnet where the endpoint needs to be created. | -| [`tags`](#parameter-privateendpointstags) | No | object | Optional. Tags to be applied on all resources/resource groups in this deployment. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | string | Resource ID of the subnet where the endpoint needs to be created. | -### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | array | Application security groups in which the private endpoint IP configuration is included. | +| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | array | Custom DNS configurations. | +| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | +| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | +| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | +| [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | +| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | +| [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | +| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | +| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | +| [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | +| [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | -Optional. Application security groups in which the private endpoint IP configuration is included. +### Parameter: `privateEndpoints.subnetResourceId` -- Required: No -- Type: array +Resource ID of the subnet where the endpoint needs to be created. -### Parameter: `privateEndpoints.customDnsConfigs` +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` -Optional. Custom DNS configurations. +Application security groups in which the private endpoint IP configuration is included. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | No | string | | -| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | Yes | array | | +### Parameter: `privateEndpoints.customDnsConfigs` -### Parameter: `privateEndpoints.customDnsConfigs.fqdn` -- Required: No -- Type: string +Custom DNS configurations. -### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` -- Required: Yes +- Required: No - Type: array - ### Parameter: `privateEndpoints.customNetworkInterfaceName` -Optional. The custom name of the network interface attached to the private endpoint. +The custom name of the network interface attached to the private endpoint. - Required: No - Type: string ### Parameter: `privateEndpoints.enableTelemetry` -Optional. Enable/Disable usage telemetry for module. +Enable/Disable usage telemetry for module. - Required: No - Type: bool ### Parameter: `privateEndpoints.ipConfigurations` -Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. +A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`name`](#parameter-privateendpointsipconfigurationsname) | Yes | string | | -| [`properties`](#parameter-privateendpointsipconfigurationsproperties) | Yes | object | | - -### Parameter: `privateEndpoints.ipConfigurations.name` -- Required: Yes -- Type: string - -### Parameter: `privateEndpoints.ipConfigurations.properties` -- Required: Yes -- Type: object +### Parameter: `privateEndpoints.location` -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | Yes | string | | -| [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | Yes | string | | -| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | Yes | string | | +The location to deploy the private endpoint to. -### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties.memberName` -- Required: Yes -- Type: string +### Parameter: `privateEndpoints.lock` -### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` -- Required: Yes -- Type: string +Specify the type of lock. +- Required: No +- Type: object +**Optional parameters** -### Parameter: `privateEndpoints.location` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-privateendpointslockkind) | string | Specify the type of lock. | +| [`name`](#parameter-privateendpointslockname) | string | Specify the name of lock. | + +### Parameter: `privateEndpoints.lock.kind` -Optional. The location to deploy the private endpoint to. +Specify the type of lock. - Required: No - Type: string +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` -### Parameter: `privateEndpoints.lock` +### Parameter: `privateEndpoints.lock.name` -Optional. Specify the type of lock. +Specify the name of lock. - Required: No -- Type: object +- Type: string ### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` -Optional. Manual PrivateLink Service Connections. +Manual PrivateLink Service Connections. - Required: No - Type: array ### Parameter: `privateEndpoints.name` -Optional. The name of the private endpoint. +The name of the private endpoint. - Required: No - Type: string ### Parameter: `privateEndpoints.privateDnsZoneGroupName` -Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. +The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. - Required: No - Type: string ### Parameter: `privateEndpoints.privateDnsZoneResourceIds` -Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. +The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. - Required: No - Type: array ### Parameter: `privateEndpoints.roleAssignments` -Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. - Required: No - Type: array -### Parameter: `privateEndpoints.service` +**Required parameters** -Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-privateendpointsroleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-privateendpointsroleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | -- Required: No +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-privateendpointsroleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-privateendpointsroleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-privateendpointsroleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-privateendpointsroleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-privateendpointsroleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | + +### Parameter: `privateEndpoints.roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `privateEndpoints.subnetResourceId` +### Parameter: `privateEndpoints.roleAssignments.roleDefinitionIdOrName` -Required. Resource ID of the subnet where the endpoint needs to be created. +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. - Required: Yes - Type: string +### Parameter: `privateEndpoints.roleAssignments.condition` + +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" + +- Required: No +- Type: string + +### Parameter: `privateEndpoints.roleAssignments.conditionVersion` + +Version of the condition. + +- Required: No +- Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` + +### Parameter: `privateEndpoints.roleAssignments.delegatedManagedIdentityResourceId` + +The Resource Id of the delegated managed identity resource. + +- Required: No +- Type: string + +### Parameter: `privateEndpoints.roleAssignments.description` + +The description of the role assignment. + +- Required: No +- Type: string + +### Parameter: `privateEndpoints.roleAssignments.principalType` + +The principal type of the assigned principal ID. + +- Required: No +- Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` + +### Parameter: `privateEndpoints.service` + +The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". + +- Required: No +- Type: string + ### Parameter: `privateEndpoints.tags` -Optional. Tags to be applied on all resources/resource groups in this deployment. +Tags to be applied on all resources/resource groups in this deployment. - Required: No - Type: object @@ -1282,6 +1377,7 @@ Optional. Tags to be applied on all resources/resource groups in this deployment ### Parameter: `publicNetworkAccess` Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. + - Required: No - Type: string - Default: `''` @@ -1297,74 +1393,96 @@ Whether or not public network access is allowed for this resource. For security ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + - Required: No - Type: array +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | +**Optional parameters** -### Parameter: `roleAssignments.condition` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +### Parameter: `roleAssignments.principalId` -- Required: No +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `serviceManagedResourcesSettings` The service managed resource settings. + - Required: No - Type: object - Default: `{}` @@ -1372,28 +1490,15 @@ The service managed resource settings. ### Parameter: `sharedPrivateLinkResources` The list of shared private link resources in this workspace. + - Required: No - Type: array - Default: `[]` -### Parameter: `sku` - -Specifies the SKU, also referred as 'edition' of the Azure Machine Learning workspace. -- Required: Yes -- Type: string -- Allowed: - ```Bicep - [ - 'Basic' - 'Free' - 'Premium' - 'Standard' - ] - ``` - ### Parameter: `tags` Resource tags. + - Required: No - Type: object diff --git a/modules/machine-learning-services/workspace/compute/README.md b/modules/machine-learning-services/workspace/compute/README.md index 4f7dd172eb..1eb2928cd4 100644 --- a/modules/machine-learning-services/workspace/compute/README.md +++ b/modules/machine-learning-services/workspace/compute/README.md @@ -48,16 +48,10 @@ Attaching a compute is not idempotent and will fail in case you try to redeploy | [`sku`](#parameter-sku) | string | Specifies the sku, also referred as "edition". Required for creating a compute resource. | | [`tags`](#parameter-tags) | object | Contains resource tags defined as key-value pairs. Ignored when attaching a compute resource, i.e. when you provide a resource ID. | -### Parameter: `computeLocation` - -Location for the underlying compute. Ignored when attaching a compute resource, i.e. when you provide a resource ID. -- Required: No -- Type: string -- Default: `[resourceGroup().location]` - ### Parameter: `computeType` Set the object type. + - Required: Yes - Type: string - Allowed: @@ -76,9 +70,32 @@ Set the object type. ] ``` +### Parameter: `name` + +Name of the compute. + +- Required: Yes +- Type: string + +### Parameter: `machineLearningWorkspaceName` + +The name of the parent Machine Learning Workspace. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + +### Parameter: `computeLocation` + +Location for the underlying compute. Ignored when attaching a compute resource, i.e. when you provide a resource ID. + +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + ### Parameter: `deployCompute` Flag to specify whether to deploy the compute. Required only for attach (i.e. providing a resource ID), as in this case the operation is not idempotent, i.e. a second deployment will fail. Therefore, this flag needs to be set to "false" as long as the compute resource exists. + - Required: No - Type: bool - Default: `True` @@ -86,6 +103,7 @@ Flag to specify whether to deploy the compute. Required only for attach (i.e. pr ### Parameter: `description` The description of the Machine Learning compute. + - Required: No - Type: string - Default: `''` @@ -93,6 +111,7 @@ The description of the Machine Learning compute. ### Parameter: `disableLocalAuth` Opt-out of local authentication and ensure customers can use only MSI and AAD exclusively for authentication. + - Required: No - Type: bool - Default: `False` @@ -100,6 +119,7 @@ Opt-out of local authentication and ensure customers can use only MSI and AAD ex ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -107,51 +127,43 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` Specifies the location of the resource. + - Required: No - Type: string - Default: `[resourceGroup().location]` -### Parameter: `machineLearningWorkspaceName` - -The name of the parent Machine Learning Workspace. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `managedIdentities` The managed identity definition for this resource. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | No | bool | Optional. Enables system assigned managed identity on the resource. | -| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | No | array | Optional. The resource ID(s) to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | bool | Enables system assigned managed identity on the resource. | +| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. | ### Parameter: `managedIdentities.systemAssigned` -Optional. Enables system assigned managed identity on the resource. +Enables system assigned managed identity on the resource. - Required: No - Type: bool ### Parameter: `managedIdentities.userAssignedResourceIds` -Optional. The resource ID(s) to assign to the resource. +The resource ID(s) to assign to the resource. - Required: No - Type: array -### Parameter: `name` - -Name of the compute. -- Required: Yes -- Type: string - ### Parameter: `properties` The properties of the compute. Will be ignored in case "resourceId" is set. + - Required: No - Type: object - Default: `{}` @@ -159,6 +171,7 @@ The properties of the compute. Will be ignored in case "resourceId" is set. ### Parameter: `resourceId` ARM resource ID of the underlying compute. + - Required: No - Type: string - Default: `''` @@ -166,6 +179,7 @@ ARM resource ID of the underlying compute. ### Parameter: `sku` Specifies the sku, also referred as "edition". Required for creating a compute resource. + - Required: No - Type: string - Default: `''` @@ -183,6 +197,7 @@ Specifies the sku, also referred as "edition". Required for creating a compute r ### Parameter: `tags` Contains resource tags defined as key-value pairs. Ignored when attaching a compute resource, i.e. when you provide a resource ID. + - Required: No - Type: object diff --git a/modules/maintenance/maintenance-configuration/README.md b/modules/maintenance/maintenance-configuration/README.md index 52d305a61f..e26f1b8299 100644 --- a/modules/maintenance/maintenance-configuration/README.md +++ b/modules/maintenance/maintenance-configuration/README.md @@ -411,9 +411,17 @@ module maintenanceConfiguration 'br:bicep/modules/maintenance.maintenance-config | [`tags`](#parameter-tags) | object | Gets or sets tags of the resource. | | [`visibility`](#parameter-visibility) | string | Gets or sets the visibility of the configuration. The default value is 'Custom'. | +### Parameter: `name` + +Maintenance Configuration Name. + +- Required: Yes +- Type: string + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -421,6 +429,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `extensionProperties` Gets or sets extensionProperties of the maintenanceConfiguration. + - Required: No - Type: object - Default: `{}` @@ -428,6 +437,7 @@ Gets or sets extensionProperties of the maintenanceConfiguration. ### Parameter: `installPatches` Configuration settings for VM guest patching with Azure Update Manager. + - Required: No - Type: object - Default: `{}` @@ -435,6 +445,7 @@ Configuration settings for VM guest patching with Azure Update Manager. ### Parameter: `location` Location for all Resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -442,26 +453,35 @@ Location for all Resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -469,6 +489,7 @@ Optional. Specify the name of lock. ### Parameter: `maintenanceScope` Gets or sets maintenanceScope of the configuration. + - Required: No - Type: string - Default: `'Host'` @@ -487,19 +508,15 @@ Gets or sets maintenanceScope of the configuration. ### Parameter: `maintenanceWindow` Definition of a MaintenanceWindow. + - Required: No - Type: object - Default: `{}` -### Parameter: `name` - -Maintenance Configuration Name. -- Required: Yes -- Type: string - ### Parameter: `namespace` Gets or sets namespace of the resource. + - Required: No - Type: string - Default: `''` @@ -507,80 +524,103 @@ Gets or sets namespace of the resource. ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +### Parameter: `roleAssignments.principalId` -- Required: No +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `tags` Gets or sets tags of the resource. + - Required: No - Type: object ### Parameter: `visibility` Gets or sets the visibility of the configuration. The default value is 'Custom'. + - Required: No - Type: string - Default: `''` diff --git a/modules/managed-identity/user-assigned-identity/README.md b/modules/managed-identity/user-assigned-identity/README.md index 5cf66b9f42..cb4ec31501 100644 --- a/modules/managed-identity/user-assigned-identity/README.md +++ b/modules/managed-identity/user-assigned-identity/README.md @@ -301,6 +301,7 @@ module userAssignedIdentity 'br:bicep/modules/managed-identity.user-assigned-ide ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -308,6 +309,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `federatedIdentityCredentials` The federated identity credentials list to indicate which token from the external IdP should be trusted by your application. Federated identity credentials are supported on applications only. A maximum of 20 federated identity credentials can be added per application object. + - Required: No - Type: array - Default: `[]` @@ -315,6 +317,7 @@ The federated identity credentials list to indicate which token from the externa ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -322,26 +325,35 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -349,6 +361,7 @@ Optional. Specify the name of lock. ### Parameter: `name` Name of the User Assigned Identity. + - Required: No - Type: string - Default: `[guid(resourceGroup().id)]` @@ -356,74 +369,96 @@ Name of the User Assigned Identity. ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +**Optional parameters** -### Parameter: `roleAssignments.condition` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +### Parameter: `roleAssignments.principalId` -- Required: No +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object diff --git a/modules/managed-identity/user-assigned-identity/federated-identity-credential/README.md b/modules/managed-identity/user-assigned-identity/federated-identity-credential/README.md index ab9e7a346f..a9483eb2d7 100644 --- a/modules/managed-identity/user-assigned-identity/federated-identity-credential/README.md +++ b/modules/managed-identity/user-assigned-identity/federated-identity-credential/README.md @@ -41,40 +41,46 @@ This module deploys a User Assigned Identity Federated Identity Credential. ### Parameter: `audiences` The list of audiences that can appear in the issued token. Should be set to api://AzureADTokenExchange for Azure AD. It says what Microsoft identity platform should accept in the aud claim in the incoming token. This value represents Azure AD in your external identity provider and has no fixed value across identity providers - you might need to create a new application registration in your IdP to serve as the audience of this token. + - Required: Yes - Type: array -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` - ### Parameter: `issuer` The URL of the issuer to be trusted. Must match the issuer claim of the external token being exchanged. + - Required: Yes - Type: string ### Parameter: `name` The name of the secret. + - Required: Yes - Type: string ### Parameter: `subject` The identifier of the external software workload within the external identity provider. Like the audience value, it has no fixed format, as each IdP uses their own - sometimes a GUID, sometimes a colon delimited identifier, sometimes arbitrary strings. The value here must match the sub claim within the token presented to Azure AD. + - Required: Yes - Type: string ### Parameter: `userAssignedIdentityName` The name of the parent user assigned identity. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` + ## Outputs diff --git a/modules/managed-services/registration-definition/README.md b/modules/managed-services/registration-definition/README.md index 759632f268..c60cb76100 100644 --- a/modules/managed-services/registration-definition/README.md +++ b/modules/managed-services/registration-definition/README.md @@ -334,44 +334,51 @@ module registrationDefinition 'br:bicep/modules/managed-services.registration-de ### Parameter: `authorizations` Specify an array of objects, containing object of Azure Active Directory principalId, a Azure roleDefinitionId, and an optional principalIdDisplayName. The roleDefinition specified is granted to the principalId in the provider's Active Directory and the principalIdDisplayName is visible to customers. + - Required: Yes - Type: array -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` - -### Parameter: `location` - -Location deployment metadata. -- Required: No -- Type: string -- Default: `[deployment().location]` - ### Parameter: `managedByTenantId` Specify the tenant ID of the tenant which homes the principals you are delegating permissions to. + - Required: Yes - Type: string ### Parameter: `name` Specify a unique name for your offer/registration. i.e ' - - '. + - Required: Yes - Type: string ### Parameter: `registrationDescription` Description of the offer/registration. i.e. 'Managed by '. + - Required: Yes - Type: string +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location deployment metadata. + +- Required: No +- Type: string +- Default: `[deployment().location]` + ### Parameter: `resourceGroupName` Specify the name of the Resource Group to delegate access to. If not provided, delegation will be done on the targeted subscription. + - Required: No - Type: string - Default: `''` diff --git a/modules/management/management-group/README.md b/modules/management/management-group/README.md index d5e7a66097..9749a8155e 100644 --- a/modules/management/management-group/README.md +++ b/modules/management/management-group/README.md @@ -211,9 +211,17 @@ module managementGroup 'br:bicep/modules/management.management-group:1.0.0' = { | [`location`](#parameter-location) | string | Location deployment metadata. | | [`parentId`](#parameter-parentid) | string | The management group parent ID. Defaults to current scope. | +### Parameter: `name` + +The group ID of the Management group. + +- Required: Yes +- Type: string + ### Parameter: `displayName` The friendly name of the management group. If no value is passed then this field will be set to the group ID. + - Required: No - Type: string - Default: `''` @@ -221,6 +229,7 @@ The friendly name of the management group. If no value is passed then this field ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -228,19 +237,15 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` Location deployment metadata. + - Required: No - Type: string - Default: `[deployment().location]` -### Parameter: `name` - -The group ID of the Management group. -- Required: Yes -- Type: string - ### Parameter: `parentId` The management group parent ID. Defaults to current scope. + - Required: No - Type: string - Default: `[last(split(managementGroup().id, '/'))]` diff --git a/modules/net-app/net-app-account/README.md b/modules/net-app/net-app-account/README.md index 934610d17a..c0fdd19a6e 100644 --- a/modules/net-app/net-app-account/README.md +++ b/modules/net-app/net-app-account/README.md @@ -603,9 +603,17 @@ module netAppAccount 'br:bicep/modules/net-app.net-app-account:1.0.0' = { | [`smbServerNamePrefix`](#parameter-smbservernameprefix) | string | Required if domainName is specified. NetBIOS name of the SMB server. A computer account with this prefix will be registered in the AD and used to mount volumes. | | [`tags`](#parameter-tags) | object | Tags for all resources. | +### Parameter: `name` + +The name of the NetApp account. + +- Required: Yes +- Type: string + ### Parameter: `capacityPools` Capacity pools to create. + - Required: No - Type: array - Default: `[]` @@ -613,6 +621,7 @@ Capacity pools to create. ### Parameter: `dnsServers` Required if domainName is specified. Comma separated list of DNS server IP addresses (IPv4 only) required for the Active Directory (AD) domain join and SMB authentication operations to succeed. + - Required: No - Type: string - Default: `''` @@ -620,6 +629,7 @@ Required if domainName is specified. Comma separated list of DNS server IP addre ### Parameter: `domainJoinOU` Used only if domainName is specified. LDAP Path for the Organization Unit (OU) where SMB Server machine accounts will be created (i.e. 'OU=SecondLevel,OU=FirstLevel'). + - Required: No - Type: string - Default: `''` @@ -627,6 +637,7 @@ Used only if domainName is specified. LDAP Path for the Organization Unit (OU) w ### Parameter: `domainJoinPassword` Required if domainName is specified. Password of the user specified in domainJoinUser parameter. + - Required: No - Type: securestring - Default: `''` @@ -634,6 +645,7 @@ Required if domainName is specified. Password of the user specified in domainJoi ### Parameter: `domainJoinUser` Required if domainName is specified. Username of Active Directory domain administrator, with permissions to create SMB server machine account in the AD domain. + - Required: No - Type: string - Default: `''` @@ -641,6 +653,7 @@ Required if domainName is specified. Username of Active Directory domain adminis ### Parameter: `domainName` Fully Qualified Active Directory DNS Domain Name (e.g. 'contoso.com'). + - Required: No - Type: string - Default: `''` @@ -648,6 +661,7 @@ Fully Qualified Active Directory DNS Domain Name (e.g. 'contoso.com'). ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -655,6 +669,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -662,26 +677,35 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -689,98 +713,116 @@ Optional. Specify the name of lock. ### Parameter: `managedIdentities` The managed identity definition for this resource. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | Yes | array | Optional. The resource ID(s) to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. | ### Parameter: `managedIdentities.userAssignedResourceIds` -Optional. The resource ID(s) to assign to the resource. +The resource ID(s) to assign to the resource. - Required: Yes - Type: array -### Parameter: `name` - -The name of the NetApp account. -- Required: Yes -- Type: string - ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | + +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -### Parameter: `roleAssignments.condition` +### Parameter: `roleAssignments.principalId` -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +The principal ID of the principal (user/group/identity) to assign the role to. -- Required: No +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `smbServerNamePrefix` Required if domainName is specified. NetBIOS name of the SMB server. A computer account with this prefix will be registered in the AD and used to mount volumes. + - Required: No - Type: string - Default: `''` @@ -788,6 +830,7 @@ Required if domainName is specified. NetBIOS name of the SMB server. A computer ### Parameter: `tags` Tags for all resources. + - Required: No - Type: object diff --git a/modules/net-app/net-app-account/capacity-pool/README.md b/modules/net-app/net-app-account/capacity-pool/README.md index 5b2c659aec..381674df79 100644 --- a/modules/net-app/net-app-account/capacity-pool/README.md +++ b/modules/net-app/net-app-account/capacity-pool/README.md @@ -46,9 +46,31 @@ This module deploys an Azure NetApp Files Capacity Pool. | [`tags`](#parameter-tags) | object | Tags for all resources. | | [`volumes`](#parameter-volumes) | array | List of volumnes to create in the capacity pool. | +### Parameter: `name` + +The name of the capacity pool. + +- Required: Yes +- Type: string + +### Parameter: `size` + +Provisioned size of the pool (in bytes). Allowed values are in 4TiB chunks (value must be multiply of 4398046511104). + +- Required: Yes +- Type: int + +### Parameter: `netAppAccountName` + +The name of the parent NetApp account. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `coolAccess` If enabled (true) the pool can contain cool Access enabled volumes. + - Required: No - Type: bool - Default: `False` @@ -56,6 +78,7 @@ If enabled (true) the pool can contain cool Access enabled volumes. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -63,6 +86,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `encryptionType` Encryption type of the capacity pool, set encryption type for data at rest for this pool and all volumes in it. This value can only be set when creating new pool. + - Required: No - Type: string - Default: `'Single'` @@ -77,25 +101,15 @@ Encryption type of the capacity pool, set encryption type for data at rest for t ### Parameter: `location` Location of the pool volume. + - Required: No - Type: string - Default: `[resourceGroup().location]` -### Parameter: `name` - -The name of the capacity pool. -- Required: Yes -- Type: string - -### Parameter: `netAppAccountName` - -The name of the parent NetApp account. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `qosType` The qos type of the pool. + - Required: No - Type: string - Default: `'Auto'` @@ -110,74 +124,96 @@ The qos type of the pool. ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `serviceLevel` The pool service level. + - Required: No - Type: string - Default: `'Standard'` @@ -191,21 +227,17 @@ The pool service level. ] ``` -### Parameter: `size` - -Provisioned size of the pool (in bytes). Allowed values are in 4TiB chunks (value must be multiply of 4398046511104). -- Required: Yes -- Type: int - ### Parameter: `tags` Tags for all resources. + - Required: No - Type: object ### Parameter: `volumes` List of volumnes to create in the capacity pool. + - Required: No - Type: array - Default: `[]` diff --git a/modules/net-app/net-app-account/capacity-pool/volume/README.md b/modules/net-app/net-app-account/capacity-pool/volume/README.md index fd898c8faf..bf17feb0a2 100644 --- a/modules/net-app/net-app-account/capacity-pool/volume/README.md +++ b/modules/net-app/net-app-account/capacity-pool/volume/README.md @@ -45,15 +45,45 @@ This module deploys an Azure NetApp Files Capacity Pool Volume. | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignments to create. | | [`serviceLevel`](#parameter-servicelevel) | string | The pool service level. Must match the one of the parent capacity pool. | +### Parameter: `name` + +The name of the pool volume. + +- Required: Yes +- Type: string + +### Parameter: `subnetResourceId` + +The Azure Resource URI for a delegated subnet. Must have the delegation Microsoft.NetApp/volumes. + +- Required: Yes +- Type: string + +### Parameter: `usageThreshold` + +Maximum storage quota allowed for a file system in bytes. + +- Required: Yes +- Type: int + ### Parameter: `capacityPoolName` The name of the parent capacity pool. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + +### Parameter: `netAppAccountName` + +The name of the parent NetApp account. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string ### Parameter: `creationToken` A unique file path for the volume. This is the name of the volume export. A volume is mounted using the export path. File path must start with an alphabetical character and be unique within the subscription. + - Required: No - Type: string - Default: `[parameters('name')]` @@ -61,6 +91,7 @@ A unique file path for the volume. This is the name of the volume export. A volu ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -68,6 +99,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `exportPolicyRules` Export policy rules. + - Required: No - Type: array - Default: `[]` @@ -75,25 +107,15 @@ Export policy rules. ### Parameter: `location` Location of the pool volume. + - Required: No - Type: string - Default: `[resourceGroup().location]` -### Parameter: `name` - -The name of the pool volume. -- Required: Yes -- Type: string - -### Parameter: `netAppAccountName` - -The name of the parent NetApp account. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `protocolTypes` Set of protocol types. + - Required: No - Type: array - Default: `[]` @@ -101,74 +123,96 @@ Set of protocol types. ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | + +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -### Parameter: `roleAssignments.condition` +### Parameter: `roleAssignments.principalId` -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +The principal ID of the principal (user/group/identity) to assign the role to. -- Required: No +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `serviceLevel` The pool service level. Must match the one of the parent capacity pool. + - Required: No - Type: string - Default: `'Standard'` @@ -182,18 +226,6 @@ The pool service level. Must match the one of the parent capacity pool. ] ``` -### Parameter: `subnetResourceId` - -The Azure Resource URI for a delegated subnet. Must have the delegation Microsoft.NetApp/volumes. -- Required: Yes -- Type: string - -### Parameter: `usageThreshold` - -Maximum storage quota allowed for a file system in bytes. -- Required: Yes -- Type: int - ## Outputs diff --git a/modules/network/application-gateway-web-application-firewall-policy/README.md b/modules/network/application-gateway-web-application-firewall-policy/README.md index 9b9ea51250..096047b5f3 100644 --- a/modules/network/application-gateway-web-application-firewall-policy/README.md +++ b/modules/network/application-gateway-web-application-firewall-policy/README.md @@ -251,9 +251,17 @@ module applicationGatewayWebApplicationFirewallPolicy 'br:bicep/modules/network. | [`policySettings`](#parameter-policysettings) | object | The PolicySettings for policy. | | [`tags`](#parameter-tags) | object | Resource tags. | +### Parameter: `name` + +Name of the Application Gateway WAF policy. + +- Required: Yes +- Type: string + ### Parameter: `customRules` The custom rules inside the policy. + - Required: No - Type: array - Default: `[]` @@ -261,6 +269,7 @@ The custom rules inside the policy. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -268,6 +277,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -275,19 +285,15 @@ Location for all resources. ### Parameter: `managedRules` Describes the managedRules structure. + - Required: No - Type: object - Default: `{}` -### Parameter: `name` - -Name of the Application Gateway WAF policy. -- Required: Yes -- Type: string - ### Parameter: `policySettings` The PolicySettings for policy. + - Required: No - Type: object - Default: `{}` @@ -295,6 +301,7 @@ The PolicySettings for policy. ### Parameter: `tags` Resource tags. + - Required: No - Type: object diff --git a/modules/network/application-gateway/README.md b/modules/network/application-gateway/README.md index 3f9491ef5b..8848ba6a2e 100644 --- a/modules/network/application-gateway/README.md +++ b/modules/network/application-gateway/README.md @@ -1963,9 +1963,17 @@ module applicationGateway 'br:bicep/modules/network.application-gateway:1.0.0' = | [`webApplicationFirewallConfiguration`](#parameter-webapplicationfirewallconfiguration) | object | Application gateway web application firewall configuration. Should be configured for security reasons. | | [`zones`](#parameter-zones) | array | A list of availability zones denoting where the resource needs to come from. | +### Parameter: `name` + +Name of the Application Gateway. + +- Required: Yes +- Type: string + ### Parameter: `authenticationCertificates` Authentication certificates of the application gateway resource. + - Required: No - Type: array - Default: `[]` @@ -1973,6 +1981,7 @@ Authentication certificates of the application gateway resource. ### Parameter: `autoscaleMaxCapacity` Upper bound on number of Application Gateway capacity. + - Required: No - Type: int - Default: `-1` @@ -1980,6 +1989,7 @@ Upper bound on number of Application Gateway capacity. ### Parameter: `autoscaleMinCapacity` Lower bound on number of Application Gateway capacity. + - Required: No - Type: int - Default: `-1` @@ -1987,6 +1997,7 @@ Lower bound on number of Application Gateway capacity. ### Parameter: `backendAddressPools` Backend address pool of the application gateway resource. + - Required: No - Type: array - Default: `[]` @@ -1994,6 +2005,7 @@ Backend address pool of the application gateway resource. ### Parameter: `backendHttpSettingsCollection` Backend http settings of the application gateway resource. + - Required: No - Type: array - Default: `[]` @@ -2001,6 +2013,7 @@ Backend http settings of the application gateway resource. ### Parameter: `backendSettingsCollection` Backend settings of the application gateway resource. For default limits, see [Application Gateway limits](https://learn.microsoft.com/en-us/azure/azure-subscription-service-limits#application-gateway-limits). + - Required: No - Type: array - Default: `[]` @@ -2008,6 +2021,7 @@ Backend settings of the application gateway resource. For default limits, see [A ### Parameter: `capacity` The number of Application instances to be configured. + - Required: No - Type: int - Default: `2` @@ -2015,6 +2029,7 @@ The number of Application instances to be configured. ### Parameter: `customErrorConfigurations` Custom error configurations of the application gateway resource. + - Required: No - Type: array - Default: `[]` @@ -2022,114 +2037,90 @@ Custom error configurations of the application gateway resource. ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.metricCategories` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | - -### Parameter: `diagnosticSettings.metricCategories.category` - -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. - -- Required: Yes -- Type: string - - ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -2137,6 +2128,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -2144,6 +2136,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `enableFips` Whether FIPS is enabled on the application gateway resource. + - Required: No - Type: bool - Default: `False` @@ -2151,6 +2144,7 @@ Whether FIPS is enabled on the application gateway resource. ### Parameter: `enableHttp2` Whether HTTP2 is enabled on the application gateway resource. + - Required: No - Type: bool - Default: `False` @@ -2158,6 +2152,7 @@ Whether HTTP2 is enabled on the application gateway resource. ### Parameter: `enableRequestBuffering` Enable request buffering. + - Required: No - Type: bool - Default: `False` @@ -2165,6 +2160,7 @@ Enable request buffering. ### Parameter: `enableResponseBuffering` Enable response buffering. + - Required: No - Type: bool - Default: `False` @@ -2172,6 +2168,7 @@ Enable response buffering. ### Parameter: `firewallPolicyId` The resource ID of an associated firewall policy. Should be configured for security reasons. + - Required: No - Type: string - Default: `''` @@ -2179,6 +2176,7 @@ The resource ID of an associated firewall policy. Should be configured for secur ### Parameter: `frontendIPConfigurations` Frontend IP addresses of the application gateway resource. + - Required: No - Type: array - Default: `[]` @@ -2186,6 +2184,7 @@ Frontend IP addresses of the application gateway resource. ### Parameter: `frontendPorts` Frontend ports of the application gateway resource. + - Required: No - Type: array - Default: `[]` @@ -2193,6 +2192,7 @@ Frontend ports of the application gateway resource. ### Parameter: `gatewayIPConfigurations` Subnets of the application gateway resource. + - Required: No - Type: array - Default: `[]` @@ -2200,6 +2200,7 @@ Subnets of the application gateway resource. ### Parameter: `httpListeners` Http listeners of the application gateway resource. + - Required: No - Type: array - Default: `[]` @@ -2207,6 +2208,7 @@ Http listeners of the application gateway resource. ### Parameter: `listeners` Listeners of the application gateway resource. For default limits, see [Application Gateway limits](https://learn.microsoft.com/en-us/azure/azure-subscription-service-limits#application-gateway-limits). + - Required: No - Type: array - Default: `[]` @@ -2214,6 +2216,7 @@ Listeners of the application gateway resource. For default limits, see [Applicat ### Parameter: `loadDistributionPolicies` Load distribution policies of the application gateway resource. + - Required: No - Type: array - Default: `[]` @@ -2221,6 +2224,7 @@ Load distribution policies of the application gateway resource. ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -2228,26 +2232,35 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -2255,221 +2268,267 @@ Optional. Specify the name of lock. ### Parameter: `managedIdentities` The managed identity definition for this resource. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | Yes | array | Optional. The resource ID(s) to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. | ### Parameter: `managedIdentities.userAssignedResourceIds` -Optional. The resource ID(s) to assign to the resource. +The resource ID(s) to assign to the resource. - Required: Yes - Type: array -### Parameter: `name` - -Name of the Application Gateway. -- Required: Yes -- Type: string - ### Parameter: `privateEndpoints` Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | No | array | Optional. Application security groups in which the private endpoint IP configuration is included. | -| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | No | array | Optional. Custom DNS configurations. | -| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | No | string | Optional. The custom name of the network interface attached to the private endpoint. | -| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | No | bool | Optional. Enable/Disable usage telemetry for module. | -| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | No | array | Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | -| [`location`](#parameter-privateendpointslocation) | No | string | Optional. The location to deploy the private endpoint to. | -| [`lock`](#parameter-privateendpointslock) | No | object | Optional. Specify the type of lock. | -| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | No | array | Optional. Manual PrivateLink Service Connections. | -| [`name`](#parameter-privateendpointsname) | No | string | Optional. The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | No | string | Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | -| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | No | array | Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | -| [`roleAssignments`](#parameter-privateendpointsroleassignments) | No | array | Optional. Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | Yes | string | Required. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | -| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | Yes | string | Required. Resource ID of the subnet where the endpoint needs to be created. | -| [`tags`](#parameter-privateendpointstags) | No | object | Optional. Tags to be applied on all resources/resource groups in this deployment. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | +| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | string | Resource ID of the subnet where the endpoint needs to be created. | -### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` +**Optional parameters** -Optional. Application security groups in which the private endpoint IP configuration is included. +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | array | Application security groups in which the private endpoint IP configuration is included. | +| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | array | Custom DNS configurations. | +| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | +| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | +| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | +| [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | +| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | +| [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | +| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | +| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | +| [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | +| [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | -- Required: No -- Type: array +### Parameter: `privateEndpoints.service` -### Parameter: `privateEndpoints.customDnsConfigs` +The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". -Optional. Custom DNS configurations. +- Required: Yes +- Type: string -- Required: No -- Type: array +### Parameter: `privateEndpoints.subnetResourceId` + +Resource ID of the subnet where the endpoint needs to be created. -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | No | string | Required. Fqdn that resolves to private endpoint ip address. | -| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | Yes | array | Required. A list of private ip addresses of the private endpoint. | +- Required: Yes +- Type: string -### Parameter: `privateEndpoints.customDnsConfigs.fqdn` +### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` -Required. Fqdn that resolves to private endpoint ip address. +Application security groups in which the private endpoint IP configuration is included. - Required: No -- Type: string +- Type: array -### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` +### Parameter: `privateEndpoints.customDnsConfigs` -Required. A list of private ip addresses of the private endpoint. +Custom DNS configurations. -- Required: Yes +- Required: No - Type: array - ### Parameter: `privateEndpoints.customNetworkInterfaceName` -Optional. The custom name of the network interface attached to the private endpoint. +The custom name of the network interface attached to the private endpoint. - Required: No - Type: string ### Parameter: `privateEndpoints.enableTelemetry` -Optional. Enable/Disable usage telemetry for module. +Enable/Disable usage telemetry for module. - Required: No - Type: bool ### Parameter: `privateEndpoints.ipConfigurations` -Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. +A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`name`](#parameter-privateendpointsipconfigurationsname) | Yes | string | Required. The name of the resource that is unique within a resource group. | -| [`properties`](#parameter-privateendpointsipconfigurationsproperties) | Yes | object | Required. Properties of private endpoint IP configurations. | - -### Parameter: `privateEndpoints.ipConfigurations.name` +### Parameter: `privateEndpoints.location` -Required. The name of the resource that is unique within a resource group. +The location to deploy the private endpoint to. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties` +### Parameter: `privateEndpoints.lock` -Required. Properties of private endpoint IP configurations. +Specify the type of lock. -- Required: Yes +- Required: No - Type: object -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | Yes | string | Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. | -| [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | Yes | string | Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. | -| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | Yes | string | Required. A private ip address obtained from the private endpoint's subnet. | +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-privateendpointslockkind) | string | Specify the type of lock. | +| [`name`](#parameter-privateendpointslockname) | string | Specify the name of lock. | -### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` +### Parameter: `privateEndpoints.lock.kind` -Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. +Specify the type of lock. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` -### Parameter: `privateEndpoints.ipConfigurations.properties.memberName` +### Parameter: `privateEndpoints.lock.name` -Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. +Specify the name of lock. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` +### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` -Required. A private ip address obtained from the private endpoint's subnet. +Manual PrivateLink Service Connections. -- Required: Yes -- Type: string +- Required: No +- Type: array +### Parameter: `privateEndpoints.name` +The name of the private endpoint. -### Parameter: `privateEndpoints.location` +- Required: No +- Type: string + +### Parameter: `privateEndpoints.privateDnsZoneGroupName` -Optional. The location to deploy the private endpoint to. +The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. - Required: No - Type: string -### Parameter: `privateEndpoints.lock` +### Parameter: `privateEndpoints.privateDnsZoneResourceIds` -Optional. Specify the type of lock. +The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. - Required: No -- Type: object +- Type: array -### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` +### Parameter: `privateEndpoints.roleAssignments` -Optional. Manual PrivateLink Service Connections. +Array of role assignments to create. - Required: No - Type: array -### Parameter: `privateEndpoints.name` +**Required parameters** -Optional. The name of the private endpoint. +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-privateendpointsroleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-privateendpointsroleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -- Required: No +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-privateendpointsroleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-privateendpointsroleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-privateendpointsroleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-privateendpointsroleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-privateendpointsroleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | + +### Parameter: `privateEndpoints.roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `privateEndpoints.privateDnsZoneGroupName` +### Parameter: `privateEndpoints.roleAssignments.roleDefinitionIdOrName` + +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.roleAssignments.condition` -Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `privateEndpoints.privateDnsZoneResourceIds` +### Parameter: `privateEndpoints.roleAssignments.conditionVersion` -Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. +Version of the condition. - Required: No -- Type: array +- Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `privateEndpoints.roleAssignments` +### Parameter: `privateEndpoints.roleAssignments.delegatedManagedIdentityResourceId` -Optional. Array of role assignments to create. +The Resource Id of the delegated managed identity resource. - Required: No -- Type: array +- Type: string -### Parameter: `privateEndpoints.service` +### Parameter: `privateEndpoints.roleAssignments.description` -Required. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". +The description of the role assignment. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.subnetResourceId` +### Parameter: `privateEndpoints.roleAssignments.principalType` -Required. Resource ID of the subnet where the endpoint needs to be created. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `privateEndpoints.tags` -Optional. Tags to be applied on all resources/resource groups in this deployment. +Tags to be applied on all resources/resource groups in this deployment. - Required: No - Type: object @@ -2477,6 +2536,7 @@ Optional. Tags to be applied on all resources/resource groups in this deployment ### Parameter: `privateLinkConfigurations` PrivateLink configurations on application gateway. + - Required: No - Type: array - Default: `[]` @@ -2484,6 +2544,7 @@ PrivateLink configurations on application gateway. ### Parameter: `probes` Probes of the application gateway resource. + - Required: No - Type: array - Default: `[]` @@ -2491,6 +2552,7 @@ Probes of the application gateway resource. ### Parameter: `redirectConfigurations` Redirect configurations of the application gateway resource. + - Required: No - Type: array - Default: `[]` @@ -2498,6 +2560,7 @@ Redirect configurations of the application gateway resource. ### Parameter: `requestRoutingRules` Request routing rules of the application gateway resource. + - Required: No - Type: array - Default: `[]` @@ -2505,6 +2568,7 @@ Request routing rules of the application gateway resource. ### Parameter: `rewriteRuleSets` Rewrite rules for the application gateway resource. + - Required: No - Type: array - Default: `[]` @@ -2512,74 +2576,96 @@ Rewrite rules for the application gateway resource. ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `routingRules` Routing rules of the application gateway resource. + - Required: No - Type: array - Default: `[]` @@ -2587,6 +2673,7 @@ Routing rules of the application gateway resource. ### Parameter: `sku` The name of the SKU for the Application Gateway. + - Required: No - Type: string - Default: `'WAF_Medium'` @@ -2606,6 +2693,7 @@ The name of the SKU for the Application Gateway. ### Parameter: `sslCertificates` SSL certificates of the application gateway resource. + - Required: No - Type: array - Default: `[]` @@ -2613,6 +2701,7 @@ SSL certificates of the application gateway resource. ### Parameter: `sslPolicyCipherSuites` Ssl cipher suites to be enabled in the specified order to application gateway. + - Required: No - Type: array - Default: @@ -2659,6 +2748,7 @@ Ssl cipher suites to be enabled in the specified order to application gateway. ### Parameter: `sslPolicyMinProtocolVersion` Ssl protocol enums. + - Required: No - Type: string - Default: `'TLSv1_2'` @@ -2675,6 +2765,7 @@ Ssl protocol enums. ### Parameter: `sslPolicyName` Ssl predefined policy name enums. + - Required: No - Type: string - Default: `''` @@ -2693,6 +2784,7 @@ Ssl predefined policy name enums. ### Parameter: `sslPolicyType` Type of Ssl Policy. + - Required: No - Type: string - Default: `'Custom'` @@ -2708,6 +2800,7 @@ Type of Ssl Policy. ### Parameter: `sslProfiles` SSL profiles of the application gateway resource. + - Required: No - Type: array - Default: `[]` @@ -2715,12 +2808,14 @@ SSL profiles of the application gateway resource. ### Parameter: `tags` Resource tags. + - Required: No - Type: object ### Parameter: `trustedClientCertificates` Trusted client certificates of the application gateway resource. + - Required: No - Type: array - Default: `[]` @@ -2728,6 +2823,7 @@ Trusted client certificates of the application gateway resource. ### Parameter: `trustedRootCertificates` Trusted Root certificates of the application gateway resource. + - Required: No - Type: array - Default: `[]` @@ -2735,6 +2831,7 @@ Trusted Root certificates of the application gateway resource. ### Parameter: `urlPathMaps` URL path map of the application gateway resource. + - Required: No - Type: array - Default: `[]` @@ -2742,6 +2839,7 @@ URL path map of the application gateway resource. ### Parameter: `webApplicationFirewallConfiguration` Application gateway web application firewall configuration. Should be configured for security reasons. + - Required: No - Type: object - Default: `{}` @@ -2749,6 +2847,7 @@ Application gateway web application firewall configuration. Should be configured ### Parameter: `zones` A list of availability zones denoting where the resource needs to come from. + - Required: No - Type: array - Default: `[]` diff --git a/modules/network/application-security-group/README.md b/modules/network/application-security-group/README.md index fc21701695..a1376bb487 100644 --- a/modules/network/application-security-group/README.md +++ b/modules/network/application-security-group/README.md @@ -224,9 +224,17 @@ module applicationSecurityGroup 'br:bicep/modules/network.application-security-g | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignments to create. | | [`tags`](#parameter-tags) | object | Tags of the resource. | +### Parameter: `name` + +Name of the Application Security Group. + +- Required: Yes +- Type: string + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -234,6 +242,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -241,107 +250,132 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string -### Parameter: `name` - -Name of the Application Security Group. -- Required: Yes -- Type: string - ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object diff --git a/modules/network/azure-firewall/README.md b/modules/network/azure-firewall/README.md index ccb0cb3de8..d232283c5c 100644 --- a/modules/network/azure-firewall/README.md +++ b/modules/network/azure-firewall/README.md @@ -1094,9 +1094,41 @@ module azureFirewall 'br:bicep/modules/network.azure-firewall:1.0.0' = { | [`threatIntelMode`](#parameter-threatintelmode) | string | The operation mode for Threat Intel. | | [`zones`](#parameter-zones) | array | Zone numbers e.g. 1,2,3. | +### Parameter: `name` + +Name of the Azure Firewall. + +- Required: Yes +- Type: string + +### Parameter: `hubIPAddresses` + +IP addresses associated with AzureFirewall. Required if `virtualHubId` is supplied. + +- Required: No +- Type: object +- Default: `{}` + +### Parameter: `virtualHubId` + +The virtualHub resource ID to which the firewall belongs. Required if `vNetId` is empty. + +- Required: No +- Type: string +- Default: `''` + +### Parameter: `vNetId` + +Shared services Virtual Network resource ID. The virtual network ID containing AzureFirewallSubnet. If a Public IP is not provided, then the Public IP that is created as part of this module will be applied with the subnet provided in this variable. Required if `virtualHubId` is empty. + +- Required: No +- Type: string +- Default: `''` + ### Parameter: `additionalPublicIpConfigurations` This is to add any additional Public IP configurations on top of the Public IP with subnet IP configuration. + - Required: No - Type: array - Default: `[]` @@ -1104,6 +1136,7 @@ This is to add any additional Public IP configurations on top of the Public IP w ### Parameter: `applicationRuleCollections` Collection of application rule collections used by Azure Firewall. + - Required: No - Type: array - Default: `[]` @@ -1111,6 +1144,7 @@ Collection of application rule collections used by Azure Firewall. ### Parameter: `azureSkuTier` Tier of an Azure Firewall. + - Required: No - Type: string - Default: `'Standard'` @@ -1126,114 +1160,90 @@ Tier of an Azure Firewall. ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.metricCategories` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | - -### Parameter: `diagnosticSettings.metricCategories.category` - -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. - -- Required: Yes -- Type: string - - ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -1241,6 +1251,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -1248,20 +1259,15 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `firewallPolicyId` Resource ID of the Firewall Policy that should be attached. + - Required: No - Type: string - Default: `''` -### Parameter: `hubIPAddresses` - -IP addresses associated with AzureFirewall. Required if `virtualHubId` is supplied. -- Required: No -- Type: object -- Default: `{}` - ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -1269,26 +1275,35 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -1296,6 +1311,7 @@ Optional. Specify the name of lock. ### Parameter: `managementIPAddressObject` Specifies the properties of the Management Public IP to create and be used by Azure Firewall. If it's not provided and managementIPResourceID is empty, a '-mip' suffix will be appended to the Firewall's name. + - Required: No - Type: object - Default: `{}` @@ -1303,19 +1319,15 @@ Specifies the properties of the Management Public IP to create and be used by Az ### Parameter: `managementIPResourceID` The Management Public IP resource ID to associate to the AzureFirewallManagementSubnet. If empty, then the Management Public IP that is created as part of this module will be applied to the AzureFirewallManagementSubnet. + - Required: No - Type: string - Default: `''` -### Parameter: `name` - -Name of the Azure Firewall. -- Required: Yes -- Type: string - ### Parameter: `natRuleCollections` Collection of NAT rule collections used by Azure Firewall. + - Required: No - Type: array - Default: `[]` @@ -1323,6 +1335,7 @@ Collection of NAT rule collections used by Azure Firewall. ### Parameter: `networkRuleCollections` Collection of network rule collections used by Azure Firewall. + - Required: No - Type: array - Default: `[]` @@ -1330,6 +1343,7 @@ Collection of network rule collections used by Azure Firewall. ### Parameter: `publicIPAddressObject` Specifies the properties of the Public IP to create and be used by the Firewall, if no existing public IP was provided. + - Required: No - Type: object - Default: @@ -1342,6 +1356,7 @@ Specifies the properties of the Public IP to create and be used by the Firewall, ### Parameter: `publicIPResourceID` The Public IP resource ID to associate to the AzureFirewallSubnet. If empty, then the Public IP that is created as part of this module will be applied to the AzureFirewallSubnet. + - Required: No - Type: string - Default: `''` @@ -1349,80 +1364,103 @@ The Public IP resource ID to associate to the AzureFirewallSubnet. If empty, the ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +**Optional parameters** -### Parameter: `roleAssignments.condition` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +### Parameter: `roleAssignments.principalId` -- Required: No +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `tags` Tags of the Azure Firewall resource. + - Required: No - Type: object ### Parameter: `threatIntelMode` The operation mode for Threat Intel. + - Required: No - Type: string - Default: `'Deny'` @@ -1435,23 +1473,10 @@ The operation mode for Threat Intel. ] ``` -### Parameter: `virtualHubId` - -The virtualHub resource ID to which the firewall belongs. Required if `vNetId` is empty. -- Required: No -- Type: string -- Default: `''` - -### Parameter: `vNetId` - -Shared services Virtual Network resource ID. The virtual network ID containing AzureFirewallSubnet. If a Public IP is not provided, then the Public IP that is created as part of this module will be applied with the subnet provided in this variable. Required if `virtualHubId` is empty. -- Required: No -- Type: string -- Default: `''` - ### Parameter: `zones` Zone numbers e.g. 1,2,3. + - Required: No - Type: array - Default: diff --git a/modules/network/bastion-host/README.md b/modules/network/bastion-host/README.md index 583131bb54..5057715cf3 100644 --- a/modules/network/bastion-host/README.md +++ b/modules/network/bastion-host/README.md @@ -524,9 +524,24 @@ module bastionHost 'br:bicep/modules/network.bastion-host:1.0.0' = { | [`skuName`](#parameter-skuname) | string | The SKU of this Bastion Host. | | [`tags`](#parameter-tags) | object | Tags of the resource. | +### Parameter: `name` + +Name of the Azure Bastion resource. + +- Required: Yes +- Type: string + +### Parameter: `vNetId` + +Shared services Virtual Network resource identifier. + +- Required: Yes +- Type: string + ### Parameter: `bastionSubnetPublicIpResourceId` The Public IP resource ID to associate to the azureBastionSubnet. If empty, then the Public IP that is created as part of this module will be applied to the azureBastionSubnet. + - Required: No - Type: string - Default: `''` @@ -534,94 +549,82 @@ The Public IP resource ID to associate to the azureBastionSubnet. If empty, then ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -629,6 +632,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `disableCopyPaste` Choose to disable or enable Copy Paste. + - Required: No - Type: bool - Default: `False` @@ -636,6 +640,7 @@ Choose to disable or enable Copy Paste. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -643,6 +648,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `enableFileCopy` Choose to disable or enable File Copy. + - Required: No - Type: bool - Default: `True` @@ -650,6 +656,7 @@ Choose to disable or enable File Copy. ### Parameter: `enableIpConnect` Choose to disable or enable IP Connect. + - Required: No - Type: bool - Default: `False` @@ -657,6 +664,7 @@ Choose to disable or enable IP Connect. ### Parameter: `enableKerberos` Choose to disable or enable Kerberos authentication. + - Required: No - Type: bool - Default: `False` @@ -664,6 +672,7 @@ Choose to disable or enable Kerberos authentication. ### Parameter: `enableShareableLink` Choose to disable or enable Shareable Link. + - Required: No - Type: bool - Default: `False` @@ -671,6 +680,7 @@ Choose to disable or enable Shareable Link. ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -678,39 +688,43 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string -### Parameter: `name` - -Name of the Azure Bastion resource. -- Required: Yes -- Type: string - ### Parameter: `publicIPAddressObject` Specifies the properties of the Public IP to create and be used by Azure Bastion, if no existing public IP was provided. + - Required: No - Type: object - Default: @@ -723,74 +737,96 @@ Specifies the properties of the Public IP to create and be used by Azure Bastion ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `scaleUnits` The scale units for the Bastion Host resource. + - Required: No - Type: int - Default: `2` @@ -798,6 +834,7 @@ The scale units for the Bastion Host resource. ### Parameter: `skuName` The SKU of this Bastion Host. + - Required: No - Type: string - Default: `'Basic'` @@ -812,15 +849,10 @@ The SKU of this Bastion Host. ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object -### Parameter: `vNetId` - -Shared services Virtual Network resource identifier. -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/network/connection/README.md b/modules/network/connection/README.md index d8f8169acb..8a2af94d6a 100644 --- a/modules/network/connection/README.md +++ b/modules/network/connection/README.md @@ -158,9 +158,24 @@ module connection 'br:bicep/modules/network.connection:1.0.0' = { | [`virtualNetworkGateway2`](#parameter-virtualnetworkgateway2) | object | The remote Virtual Network Gateway. Used for connection connectionType [Vnet2Vnet]. | | [`vpnSharedKey`](#parameter-vpnsharedkey) | securestring | Specifies a VPN shared key. The same value has to be specified on both Virtual Network Gateways. | +### Parameter: `name` + +Remote connection name. + +- Required: Yes +- Type: string + +### Parameter: `virtualNetworkGateway1` + +The primary Virtual Network Gateway. + +- Required: Yes +- Type: object + ### Parameter: `authorizationKey` The Authorization Key to connect to an Express Route Circuit. Used for connection type [ExpressRoute]. + - Required: No - Type: securestring - Default: `''` @@ -168,6 +183,7 @@ The Authorization Key to connect to an Express Route Circuit. Used for connectio ### Parameter: `connectionMode` The connection connectionMode for this connection. Available for IPSec connections. + - Required: No - Type: string - Default: `'Default'` @@ -183,6 +199,7 @@ The connection connectionMode for this connection. Available for IPSec connectio ### Parameter: `connectionProtocol` Connection connectionProtocol used for this connection. Available for IPSec connections. + - Required: No - Type: string - Default: `'IKEv2'` @@ -197,6 +214,7 @@ Connection connectionProtocol used for this connection. Available for IPSec conn ### Parameter: `connectionType` Gateway connection connectionType. + - Required: No - Type: string - Default: `'IPsec'` @@ -213,6 +231,7 @@ Gateway connection connectionType. ### Parameter: `customIPSecPolicy` The IPSec Policies to be considered by this connection. + - Required: No - Type: object - Default: @@ -232,6 +251,7 @@ The IPSec Policies to be considered by this connection. ### Parameter: `dpdTimeoutSeconds` The dead peer detection timeout of this connection in seconds. Setting the timeout to shorter periods will cause IKE to rekey more aggressively, causing the connection to appear to be disconnected in some instances. The general recommendation is to set the timeout between 30 to 45 seconds. + - Required: No - Type: int - Default: `45` @@ -239,6 +259,7 @@ The dead peer detection timeout of this connection in seconds. Setting the timeo ### Parameter: `enableBgp` Value to specify if BGP is enabled or not. + - Required: No - Type: bool - Default: `False` @@ -246,6 +267,7 @@ Value to specify if BGP is enabled or not. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -253,6 +275,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `enablePrivateLinkFastPath` Bypass the ExpressRoute gateway when accessing private-links. ExpressRoute FastPath (expressRouteGatewayBypass) must be enabled. Only available when connection connectionType is Express Route. + - Required: No - Type: bool - Default: `False` @@ -260,6 +283,7 @@ Bypass the ExpressRoute gateway when accessing private-links. ExpressRoute FastP ### Parameter: `expressRouteGatewayBypass` Bypass ExpressRoute Gateway for data forwarding. Only available when connection connectionType is Express Route. + - Required: No - Type: bool - Default: `False` @@ -267,6 +291,7 @@ Bypass ExpressRoute Gateway for data forwarding. Only available when connection ### Parameter: `localNetworkGateway2` The local network gateway. Used for connection type [IPsec]. + - Required: No - Type: object - Default: `{}` @@ -274,6 +299,7 @@ The local network gateway. Used for connection type [IPsec]. ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -281,39 +307,43 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string -### Parameter: `name` - -Remote connection name. -- Required: Yes -- Type: string - ### Parameter: `peer` The remote peer. Used for connection connectionType [ExpressRoute]. + - Required: No - Type: object - Default: `{}` @@ -321,6 +351,7 @@ The remote peer. Used for connection connectionType [ExpressRoute]. ### Parameter: `routingWeight` The weight added to routes learned from this BGP speaker. + - Required: No - Type: int - Default: `-1` @@ -328,12 +359,14 @@ The weight added to routes learned from this BGP speaker. ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object ### Parameter: `useLocalAzureIpAddress` Use private local Azure IP for the connection. Only available for IPSec Virtual Network Gateways that use the Azure Private IP Property. + - Required: No - Type: bool - Default: `False` @@ -341,19 +374,15 @@ Use private local Azure IP for the connection. Only available for IPSec Virtual ### Parameter: `usePolicyBasedTrafficSelectors` Enable policy-based traffic selectors. + - Required: No - Type: bool - Default: `False` -### Parameter: `virtualNetworkGateway1` - -The primary Virtual Network Gateway. -- Required: Yes -- Type: object - ### Parameter: `virtualNetworkGateway2` The remote Virtual Network Gateway. Used for connection connectionType [Vnet2Vnet]. + - Required: No - Type: object - Default: `{}` @@ -361,6 +390,7 @@ The remote Virtual Network Gateway. Used for connection connectionType [Vnet2Vne ### Parameter: `vpnSharedKey` Specifies a VPN shared key. The same value has to be specified on both Virtual Network Gateways. + - Required: No - Type: securestring - Default: `''` diff --git a/modules/network/ddos-protection-plan/README.md b/modules/network/ddos-protection-plan/README.md index 583e7a2350..844e478c25 100644 --- a/modules/network/ddos-protection-plan/README.md +++ b/modules/network/ddos-protection-plan/README.md @@ -273,9 +273,17 @@ module ddosProtectionPlan 'br:bicep/modules/network.ddos-protection-plan:1.0.0' | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignments to create. | | [`tags`](#parameter-tags) | object | Tags of the resource. | +### Parameter: `name` + +Name of the DDoS protection plan to assign the VNET to. + +- Required: Yes +- Type: string + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -283,6 +291,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -290,107 +299,132 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string -### Parameter: `name` - -Name of the DDoS protection plan to assign the VNET to. -- Required: Yes -- Type: string - ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object diff --git a/modules/network/dns-forwarding-ruleset/README.md b/modules/network/dns-forwarding-ruleset/README.md index 7f80e40e75..77a9d2fe37 100644 --- a/modules/network/dns-forwarding-ruleset/README.md +++ b/modules/network/dns-forwarding-ruleset/README.md @@ -375,12 +375,21 @@ module dnsForwardingRuleset 'br:bicep/modules/network.dns-forwarding-ruleset:1.0 ### Parameter: `dnsResolverOutboundEndpointResourceIds` The reference to the DNS resolver outbound endpoints that are used to route DNS queries matching the forwarding rules in the ruleset to the target DNS servers. + - Required: Yes - Type: array +### Parameter: `name` + +Name of the DNS Forwarding Ruleset. + +- Required: Yes +- Type: string + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -388,6 +397,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `forwardingRules` Array of forwarding rules. + - Required: No - Type: array - Default: `[]` @@ -395,6 +405,7 @@ Array of forwarding rules. ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -402,113 +413,139 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string -### Parameter: `name` - -Name of the DNS Forwarding Ruleset. -- Required: Yes -- Type: string - ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object ### Parameter: `vNetLinks` Array of virtual network links. + - Required: No - Type: array - Default: `[]` diff --git a/modules/network/dns-forwarding-ruleset/forwarding-rule/README.md b/modules/network/dns-forwarding-ruleset/forwarding-rule/README.md index 39dd2043dd..64a7cf0a97 100644 --- a/modules/network/dns-forwarding-ruleset/forwarding-rule/README.md +++ b/modules/network/dns-forwarding-ruleset/forwarding-rule/README.md @@ -40,21 +40,38 @@ This template deploys Forwarding Rule in a Dns Forwarding Ruleset. | [`location`](#parameter-location) | string | Location for all resources. | | [`metadata`](#parameter-metadata) | object | Metadata attached to the forwarding rule. | -### Parameter: `dnsForwardingRulesetName` +### Parameter: `domainName` + +The domain name for the forwarding rule. -Name of the parent DNS Forwarding Ruleset. Required if the template is used in a standalone deployment. - Required: Yes - Type: string -### Parameter: `domainName` +### Parameter: `name` + +Name of the Forwarding Rule. + +- Required: Yes +- Type: string + +### Parameter: `targetDnsServers` + +DNS servers to forward the DNS query to. + +- Required: Yes +- Type: array + +### Parameter: `dnsForwardingRulesetName` + +Name of the parent DNS Forwarding Ruleset. Required if the template is used in a standalone deployment. -The domain name for the forwarding rule. - Required: Yes - Type: string ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -62,6 +79,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `forwardingRuleState` The state of forwarding rule. + - Required: No - Type: string - Default: `'Enabled'` @@ -76,6 +94,7 @@ The state of forwarding rule. ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -83,22 +102,11 @@ Location for all resources. ### Parameter: `metadata` Metadata attached to the forwarding rule. + - Required: No - Type: object - Default: `{}` -### Parameter: `name` - -Name of the Forwarding Rule. -- Required: Yes -- Type: string - -### Parameter: `targetDnsServers` - -DNS servers to forward the DNS query to. -- Required: Yes -- Type: array - ## Outputs diff --git a/modules/network/dns-forwarding-ruleset/virtual-network-link/README.md b/modules/network/dns-forwarding-ruleset/virtual-network-link/README.md index af8b359da9..90efca7cd6 100644 --- a/modules/network/dns-forwarding-ruleset/virtual-network-link/README.md +++ b/modules/network/dns-forwarding-ruleset/virtual-network-link/README.md @@ -37,15 +37,24 @@ This template deploys Virtual Network Link in a Dns Forwarding Ruleset. | [`location`](#parameter-location) | string | The location of the PrivateDNSZone. Should be global. | | [`name`](#parameter-name) | string | The name of the virtual network link. | +### Parameter: `virtualNetworkResourceId` + +Link to another virtual network resource ID. + +- Required: Yes +- Type: string + ### Parameter: `dnsForwardingRulesetName` The name of the parent DNS Fowarding Rule Set. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -53,6 +62,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` The location of the PrivateDNSZone. Should be global. + - Required: No - Type: string - Default: `'global'` @@ -60,16 +70,11 @@ The location of the PrivateDNSZone. Should be global. ### Parameter: `name` The name of the virtual network link. + - Required: No - Type: string - Default: `[format('{0}-vnetlink', last(split(parameters('virtualNetworkResourceId'), '/')))]` -### Parameter: `virtualNetworkResourceId` - -Link to another virtual network resource ID. -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/network/dns-resolver/README.md b/modules/network/dns-resolver/README.md index 9dd23b73e9..70ca712dfc 100644 --- a/modules/network/dns-resolver/README.md +++ b/modules/network/dns-resolver/README.md @@ -239,9 +239,24 @@ module dnsResolver 'br:bicep/modules/network.dns-resolver:1.0.0' = { | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`tags`](#parameter-tags) | object | Tags of the resource. | +### Parameter: `name` + +Name of the Private DNS Resolver. + +- Required: Yes +- Type: string + +### Parameter: `virtualNetworkId` + +ResourceId of the virtual network to attach the Private DNS Resolver to. + +- Required: Yes +- Type: string + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -249,6 +264,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `inboundEndpoints` Inbound Endpoints for Private DNS Resolver. + - Required: No - Type: array - Default: `[]` @@ -256,6 +272,7 @@ Inbound Endpoints for Private DNS Resolver. ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -263,39 +280,43 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string -### Parameter: `name` - -Name of the Private DNS Resolver. -- Required: Yes -- Type: string - ### Parameter: `outboundEndpoints` Outbound Endpoints for Private DNS Resolver. + - Required: No - Type: array - Default: `[]` @@ -303,83 +324,99 @@ Outbound Endpoints for Private DNS Resolver. ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object -### Parameter: `virtualNetworkId` - -ResourceId of the virtual network to attach the Private DNS Resolver to. -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/network/dns-zone/README.md b/modules/network/dns-zone/README.md index 003e5548ed..4d7a11a4e4 100644 --- a/modules/network/dns-zone/README.md +++ b/modules/network/dns-zone/README.md @@ -919,9 +919,17 @@ module dnsZone 'br:bicep/modules/network.dns-zone:1.0.0' = { | [`tags`](#parameter-tags) | object | Tags of the resource. | | [`txt`](#parameter-txt) | array | Array of TXT records. | +### Parameter: `name` + +DNS zone name. + +- Required: Yes +- Type: string + ### Parameter: `a` Array of A records. + - Required: No - Type: array - Default: `[]` @@ -929,6 +937,7 @@ Array of A records. ### Parameter: `aaaa` Array of AAAA records. + - Required: No - Type: array - Default: `[]` @@ -936,6 +945,7 @@ Array of AAAA records. ### Parameter: `caa` Array of CAA records. + - Required: No - Type: array - Default: `[]` @@ -943,6 +953,7 @@ Array of CAA records. ### Parameter: `cname` Array of CNAME records. + - Required: No - Type: array - Default: `[]` @@ -950,6 +961,7 @@ Array of CNAME records. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -957,6 +969,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` The location of the dnsZone. Should be global. + - Required: No - Type: string - Default: `'global'` @@ -964,26 +977,35 @@ The location of the dnsZone. Should be global. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -991,19 +1013,15 @@ Optional. Specify the name of lock. ### Parameter: `mx` Array of MX records. + - Required: No - Type: array - Default: `[]` -### Parameter: `name` - -DNS zone name. -- Required: Yes -- Type: string - ### Parameter: `ns` Array of NS records. + - Required: No - Type: array - Default: `[]` @@ -1011,6 +1029,7 @@ Array of NS records. ### Parameter: `ptr` Array of PTR records. + - Required: No - Type: array - Default: `[]` @@ -1018,74 +1037,96 @@ Array of PTR records. ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `soa` Array of SOA records. + - Required: No - Type: array - Default: `[]` @@ -1093,6 +1134,7 @@ Array of SOA records. ### Parameter: `srv` Array of SRV records. + - Required: No - Type: array - Default: `[]` @@ -1100,12 +1142,14 @@ Array of SRV records. ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object ### Parameter: `txt` Array of TXT records. + - Required: No - Type: array - Default: `[]` diff --git a/modules/network/dns-zone/a/README.md b/modules/network/dns-zone/a/README.md index 222006ccc6..99577d607a 100644 --- a/modules/network/dns-zone/a/README.md +++ b/modules/network/dns-zone/a/README.md @@ -41,22 +41,32 @@ This module deploys a Public DNS Zone A record. | [`targetResourceId`](#parameter-targetresourceid) | string | A reference to an azure resource from where the dns resource value is taken. Also known as an alias record sets and are only supported for record types A, AAAA and CNAME. A resource ID can be an Azure Traffic Manager, Azure CDN, Front Door, Static Web App, or a resource ID of a record set of the same type in the DNS zone (i.e. A, AAAA or CNAME). Cannot be used in conjuction with the "aRecords" property. | | [`ttl`](#parameter-ttl) | int | The TTL (time-to-live) of the records in the record set. | -### Parameter: `aRecords` +### Parameter: `name` -The list of A records in the record set. Cannot be used in conjuction with the "targetResource" property. -- Required: No -- Type: array -- Default: `[]` +The name of the A record. + +- Required: Yes +- Type: string ### Parameter: `dnsZoneName` The name of the parent DNS zone. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string +### Parameter: `aRecords` + +The list of A records in the record set. Cannot be used in conjuction with the "targetResource" property. + +- Required: No +- Type: array +- Default: `[]` + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -64,87 +74,104 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `metadata` The metadata attached to the record set. + - Required: No - Type: object - Default: `{}` -### Parameter: `name` - -The name of the A record. -- Required: Yes -- Type: string - ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + - Required: No - Type: array +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | +**Optional parameters** -### Parameter: `roleAssignments.condition` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +### Parameter: `roleAssignments.principalId` -- Required: No +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `targetResourceId` A reference to an azure resource from where the dns resource value is taken. Also known as an alias record sets and are only supported for record types A, AAAA and CNAME. A resource ID can be an Azure Traffic Manager, Azure CDN, Front Door, Static Web App, or a resource ID of a record set of the same type in the DNS zone (i.e. A, AAAA or CNAME). Cannot be used in conjuction with the "aRecords" property. + - Required: No - Type: string - Default: `''` @@ -152,6 +179,7 @@ A reference to an azure resource from where the dns resource value is taken. Als ### Parameter: `ttl` The TTL (time-to-live) of the records in the record set. + - Required: No - Type: int - Default: `3600` diff --git a/modules/network/dns-zone/aaaa/README.md b/modules/network/dns-zone/aaaa/README.md index fb0bcad96e..aa68ea3696 100644 --- a/modules/network/dns-zone/aaaa/README.md +++ b/modules/network/dns-zone/aaaa/README.md @@ -41,22 +41,32 @@ This module deploys a Public DNS Zone AAAA record. | [`targetResourceId`](#parameter-targetresourceid) | string | A reference to an azure resource from where the dns resource value is taken. Also known as an alias record sets and are only supported for record types A, AAAA and CNAME. A resource ID can be an Azure Traffic Manager, Azure CDN, Front Door, Static Web App, or a resource ID of a record set of the same type in the DNS zone (i.e. A, AAAA or CNAME). Cannot be used in conjuction with the "aRecords" property. | | [`ttl`](#parameter-ttl) | int | The TTL (time-to-live) of the records in the record set. | -### Parameter: `aaaaRecords` +### Parameter: `name` -The list of AAAA records in the record set. Cannot be used in conjuction with the "targetResource" property. -- Required: No -- Type: array -- Default: `[]` +The name of the AAAA record. + +- Required: Yes +- Type: string ### Parameter: `dnsZoneName` The name of the parent DNS zone. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string +### Parameter: `aaaaRecords` + +The list of AAAA records in the record set. Cannot be used in conjuction with the "targetResource" property. + +- Required: No +- Type: array +- Default: `[]` + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -64,87 +74,104 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `metadata` The metadata attached to the record set. + - Required: No - Type: object - Default: `{}` -### Parameter: `name` - -The name of the AAAA record. -- Required: Yes -- Type: string - ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + - Required: No - Type: array +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | +**Optional parameters** -### Parameter: `roleAssignments.condition` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +### Parameter: `roleAssignments.principalId` -- Required: No +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `targetResourceId` A reference to an azure resource from where the dns resource value is taken. Also known as an alias record sets and are only supported for record types A, AAAA and CNAME. A resource ID can be an Azure Traffic Manager, Azure CDN, Front Door, Static Web App, or a resource ID of a record set of the same type in the DNS zone (i.e. A, AAAA or CNAME). Cannot be used in conjuction with the "aRecords" property. + - Required: No - Type: string - Default: `''` @@ -152,6 +179,7 @@ A reference to an azure resource from where the dns resource value is taken. Als ### Parameter: `ttl` The TTL (time-to-live) of the records in the record set. + - Required: No - Type: int - Default: `3600` diff --git a/modules/network/dns-zone/caa/README.md b/modules/network/dns-zone/caa/README.md index bd705d06a7..4d72be6d76 100644 --- a/modules/network/dns-zone/caa/README.md +++ b/modules/network/dns-zone/caa/README.md @@ -40,22 +40,32 @@ This module deploys a Public DNS Zone CAA record. | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`ttl`](#parameter-ttl) | int | The TTL (time-to-live) of the records in the record set. | -### Parameter: `caaRecords` +### Parameter: `name` -The list of CAA records in the record set. -- Required: No -- Type: array -- Default: `[]` +The name of the CAA record. + +- Required: Yes +- Type: string ### Parameter: `dnsZoneName` The name of the parent DNS zone. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string +### Parameter: `caaRecords` + +The list of CAA records in the record set. + +- Required: No +- Type: array +- Default: `[]` + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -63,87 +73,104 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `metadata` The metadata attached to the record set. + - Required: No - Type: object - Default: `{}` -### Parameter: `name` - -The name of the CAA record. -- Required: Yes -- Type: string - ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | -### Parameter: `roleAssignments.condition` +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +### Parameter: `roleAssignments.principalId` -- Required: No +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `ttl` The TTL (time-to-live) of the records in the record set. + - Required: No - Type: int - Default: `3600` diff --git a/modules/network/dns-zone/cname/README.md b/modules/network/dns-zone/cname/README.md index 063728513a..a89e2c97a6 100644 --- a/modules/network/dns-zone/cname/README.md +++ b/modules/network/dns-zone/cname/README.md @@ -41,22 +41,32 @@ This module deploys a Public DNS Zone CNAME record. | [`targetResourceId`](#parameter-targetresourceid) | string | A reference to an azure resource from where the dns resource value is taken. Also known as an alias record sets and are only supported for record types A, AAAA and CNAME. A resource ID can be an Azure Traffic Manager, Azure CDN, Front Door, Static Web App, or a resource ID of a record set of the same type in the DNS zone (i.e. A, AAAA or CNAME). Cannot be used in conjuction with the "aRecords" property. | | [`ttl`](#parameter-ttl) | int | The TTL (time-to-live) of the records in the record set. | -### Parameter: `cnameRecord` +### Parameter: `name` -A CNAME record. Cannot be used in conjuction with the "targetResource" property. -- Required: No -- Type: object -- Default: `{}` +The name of the CNAME record. + +- Required: Yes +- Type: string ### Parameter: `dnsZoneName` The name of the parent DNS zone. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string +### Parameter: `cnameRecord` + +A CNAME record. Cannot be used in conjuction with the "targetResource" property. + +- Required: No +- Type: object +- Default: `{}` + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -64,87 +74,104 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `metadata` The metadata attached to the record set. + - Required: No - Type: object - Default: `{}` -### Parameter: `name` - -The name of the CNAME record. -- Required: Yes -- Type: string - ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + - Required: No - Type: array +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | +**Optional parameters** -### Parameter: `roleAssignments.condition` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +### Parameter: `roleAssignments.principalId` -- Required: No +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `targetResourceId` A reference to an azure resource from where the dns resource value is taken. Also known as an alias record sets and are only supported for record types A, AAAA and CNAME. A resource ID can be an Azure Traffic Manager, Azure CDN, Front Door, Static Web App, or a resource ID of a record set of the same type in the DNS zone (i.e. A, AAAA or CNAME). Cannot be used in conjuction with the "aRecords" property. + - Required: No - Type: string - Default: `''` @@ -152,6 +179,7 @@ A reference to an azure resource from where the dns resource value is taken. Als ### Parameter: `ttl` The TTL (time-to-live) of the records in the record set. + - Required: No - Type: int - Default: `3600` diff --git a/modules/network/dns-zone/mx/README.md b/modules/network/dns-zone/mx/README.md index 7aaa4e37fe..bea5e827f7 100644 --- a/modules/network/dns-zone/mx/README.md +++ b/modules/network/dns-zone/mx/README.md @@ -40,15 +40,24 @@ This module deploys a Public DNS Zone MX record. | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`ttl`](#parameter-ttl) | int | The TTL (time-to-live) of the records in the record set. | +### Parameter: `name` + +The name of the MX record. + +- Required: Yes +- Type: string + ### Parameter: `dnsZoneName` The name of the parent DNS zone. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -56,6 +65,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `metadata` The metadata attached to the record set. + - Required: No - Type: object - Default: `{}` @@ -63,87 +73,104 @@ The metadata attached to the record set. ### Parameter: `mxRecords` The list of MX records in the record set. + - Required: No - Type: array - Default: `[]` -### Parameter: `name` - -The name of the MX record. -- Required: Yes -- Type: string - ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `ttl` The TTL (time-to-live) of the records in the record set. + - Required: No - Type: int - Default: `3600` diff --git a/modules/network/dns-zone/ns/README.md b/modules/network/dns-zone/ns/README.md index 4330bd1fd0..8035417f4b 100644 --- a/modules/network/dns-zone/ns/README.md +++ b/modules/network/dns-zone/ns/README.md @@ -40,15 +40,24 @@ This module deploys a Public DNS Zone NS record. | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`ttl`](#parameter-ttl) | int | The TTL (time-to-live) of the records in the record set. | +### Parameter: `name` + +The name of the NS record. + +- Required: Yes +- Type: string + ### Parameter: `dnsZoneName` The name of the parent DNS zone. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -56,19 +65,15 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `metadata` The metadata attached to the record set. + - Required: No - Type: object - Default: `{}` -### Parameter: `name` - -The name of the NS record. -- Required: Yes -- Type: string - ### Parameter: `nsRecords` The list of NS records in the record set. + - Required: No - Type: array - Default: `[]` @@ -76,74 +81,96 @@ The list of NS records in the record set. ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `ttl` The TTL (time-to-live) of the records in the record set. + - Required: No - Type: int - Default: `3600` diff --git a/modules/network/dns-zone/ptr/README.md b/modules/network/dns-zone/ptr/README.md index 6609c1ff35..68258a9035 100644 --- a/modules/network/dns-zone/ptr/README.md +++ b/modules/network/dns-zone/ptr/README.md @@ -40,15 +40,24 @@ This module deploys a Public DNS Zone PTR record. | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`ttl`](#parameter-ttl) | int | The TTL (time-to-live) of the records in the record set. | +### Parameter: `name` + +The name of the PTR record. + +- Required: Yes +- Type: string + ### Parameter: `dnsZoneName` The name of the parent DNS zone. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -56,19 +65,15 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `metadata` The metadata attached to the record set. + - Required: No - Type: object - Default: `{}` -### Parameter: `name` - -The name of the PTR record. -- Required: Yes -- Type: string - ### Parameter: `ptrRecords` The list of PTR records in the record set. + - Required: No - Type: array - Default: `[]` @@ -76,74 +81,96 @@ The list of PTR records in the record set. ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `ttl` The TTL (time-to-live) of the records in the record set. + - Required: No - Type: int - Default: `3600` diff --git a/modules/network/dns-zone/soa/README.md b/modules/network/dns-zone/soa/README.md index 155270e1da..3b8577a68c 100644 --- a/modules/network/dns-zone/soa/README.md +++ b/modules/network/dns-zone/soa/README.md @@ -40,15 +40,24 @@ This module deploys a Public DNS Zone SOA record. | [`soaRecord`](#parameter-soarecord) | object | A SOA record. | | [`ttl`](#parameter-ttl) | int | The TTL (time-to-live) of the records in the record set. | +### Parameter: `name` + +The name of the SOA record. + +- Required: Yes +- Type: string + ### Parameter: `dnsZoneName` The name of the parent DNS zone. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -56,87 +65,104 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `metadata` The metadata attached to the record set. + - Required: No - Type: object - Default: `{}` -### Parameter: `name` - -The name of the SOA record. -- Required: Yes -- Type: string - ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `soaRecord` A SOA record. + - Required: No - Type: object - Default: `{}` @@ -144,6 +170,7 @@ A SOA record. ### Parameter: `ttl` The TTL (time-to-live) of the records in the record set. + - Required: No - Type: int - Default: `3600` diff --git a/modules/network/dns-zone/srv/README.md b/modules/network/dns-zone/srv/README.md index 0143e63e5d..6650830d14 100644 --- a/modules/network/dns-zone/srv/README.md +++ b/modules/network/dns-zone/srv/README.md @@ -40,15 +40,24 @@ This module deploys a Public DNS Zone SRV record. | [`srvRecords`](#parameter-srvrecords) | array | The list of SRV records in the record set. | | [`ttl`](#parameter-ttl) | int | The TTL (time-to-live) of the records in the record set. | +### Parameter: `name` + +The name of the SRV record. + +- Required: Yes +- Type: string + ### Parameter: `dnsZoneName` The name of the parent DNS zone. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -56,87 +65,104 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `metadata` The metadata attached to the record set. + - Required: No - Type: object - Default: `{}` -### Parameter: `name` - -The name of the SRV record. -- Required: Yes -- Type: string - ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `srvRecords` The list of SRV records in the record set. + - Required: No - Type: array - Default: `[]` @@ -144,6 +170,7 @@ The list of SRV records in the record set. ### Parameter: `ttl` The TTL (time-to-live) of the records in the record set. + - Required: No - Type: int - Default: `3600` diff --git a/modules/network/dns-zone/txt/README.md b/modules/network/dns-zone/txt/README.md index 35897fbd07..101e48bca4 100644 --- a/modules/network/dns-zone/txt/README.md +++ b/modules/network/dns-zone/txt/README.md @@ -40,15 +40,24 @@ This module deploys a Public DNS Zone TXT record. | [`ttl`](#parameter-ttl) | int | The TTL (time-to-live) of the records in the record set. | | [`txtRecords`](#parameter-txtrecords) | array | The list of TXT records in the record set. | +### Parameter: `name` + +The name of the TXT record. + +- Required: Yes +- Type: string + ### Parameter: `dnsZoneName` The name of the parent DNS zone. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -56,87 +65,104 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `metadata` The metadata attached to the record set. + - Required: No - Type: object - Default: `{}` -### Parameter: `name` - -The name of the TXT record. -- Required: Yes -- Type: string - ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `ttl` The TTL (time-to-live) of the records in the record set. + - Required: No - Type: int - Default: `3600` @@ -144,6 +170,7 @@ The TTL (time-to-live) of the records in the record set. ### Parameter: `txtRecords` The list of TXT records in the record set. + - Required: No - Type: array - Default: `[]` diff --git a/modules/network/express-route-circuit/README.md b/modules/network/express-route-circuit/README.md index 3548350675..0252c375f3 100644 --- a/modules/network/express-route-circuit/README.md +++ b/modules/network/express-route-circuit/README.md @@ -413,9 +413,38 @@ module expressRouteCircuit 'br:bicep/modules/network.express-route-circuit:1.0.0 | [`tags`](#parameter-tags) | object | Tags of the resource. | | [`vlanId`](#parameter-vlanid) | int | Specifies the identifier that is used to identify the customer. | +### Parameter: `bandwidthInMbps` + +This is the bandwidth in Mbps of the circuit being created. It must exactly match one of the available bandwidth offers List ExpressRoute Service Providers API call. + +- Required: Yes +- Type: int + +### Parameter: `name` + +This is the name of the ExpressRoute circuit. + +- Required: Yes +- Type: string + +### Parameter: `peeringLocation` + +This is the name of the peering location and not the ARM resource location. It must exactly match one of the available peering locations from List ExpressRoute Service Providers API call. + +- Required: Yes +- Type: string + +### Parameter: `serviceProviderName` + +This is the name of the ExpressRoute Service Provider. It must exactly match one of the Service Providers from List ExpressRoute Service Providers API call. + +- Required: Yes +- Type: string + ### Parameter: `allowClassicOperations` Allow classic operations. You can connect to virtual networks in the classic deployment model by setting allowClassicOperations to true. + - Required: No - Type: bool - Default: `False` @@ -423,127 +452,98 @@ Allow classic operations. You can connect to virtual networks in the classic dep ### Parameter: `bandwidthInGbps` The bandwidth of the circuit when the circuit is provisioned on an ExpressRoutePort resource. Available when configuring Express Route Direct. Default value of 0 will set the property to null. + - Required: No - Type: int - Default: `0` -### Parameter: `bandwidthInMbps` - -This is the bandwidth in Mbps of the circuit being created. It must exactly match one of the available bandwidth offers List ExpressRoute Service Providers API call. -- Required: Yes -- Type: int - ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.metricCategories` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | - -### Parameter: `diagnosticSettings.metricCategories.category` - -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. - -- Required: Yes -- Type: string - - ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -551,6 +551,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -558,6 +559,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `expressRoutePortResourceId` The reference to the ExpressRoutePort resource when the circuit is provisioned on an ExpressRoutePort resource. Available when configuring Express Route Direct. + - Required: No - Type: string - Default: `''` @@ -565,6 +567,7 @@ The reference to the ExpressRoutePort resource when the circuit is provisioned o ### Parameter: `globalReachEnabled` Flag denoting global reach status. To enable ExpressRoute Global Reach between different geopolitical regions, your circuits must be Premium SKU. + - Required: No - Type: bool - Default: `False` @@ -572,6 +575,7 @@ Flag denoting global reach status. To enable ExpressRoute Global Reach between d ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -579,39 +583,43 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string -### Parameter: `name` - -This is the name of the ExpressRoute circuit. -- Required: Yes -- Type: string - ### Parameter: `peerASN` The autonomous system number of the customer/connectivity provider. + - Required: No - Type: int - Default: `0` @@ -619,19 +627,15 @@ The autonomous system number of the customer/connectivity provider. ### Parameter: `peering` Enabled BGP peering type for the Circuit. + - Required: No - Type: bool - Default: `False` -### Parameter: `peeringLocation` - -This is the name of the peering location and not the ARM resource location. It must exactly match one of the available peering locations from List ExpressRoute Service Providers API call. -- Required: Yes -- Type: string - ### Parameter: `peeringType` BGP peering type for the Circuit. Choose from AzurePrivatePeering, AzurePublicPeering or MicrosoftPeering. + - Required: No - Type: string - Default: `'AzurePrivatePeering'` @@ -646,6 +650,7 @@ BGP peering type for the Circuit. Choose from AzurePrivatePeering, AzurePublicPe ### Parameter: `primaryPeerAddressPrefix` A /30 subnet used to configure IP addresses for interfaces on Link1. + - Required: No - Type: string - Default: `''` @@ -653,87 +658,104 @@ A /30 subnet used to configure IP addresses for interfaces on Link1. ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +### Parameter: `roleAssignments.principalId` -- Required: No +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `secondaryPeerAddressPrefix` A /30 subnet used to configure IP addresses for interfaces on Link2. + - Required: No - Type: string - Default: `''` -### Parameter: `serviceProviderName` - -This is the name of the ExpressRoute Service Provider. It must exactly match one of the Service Providers from List ExpressRoute Service Providers API call. -- Required: Yes -- Type: string - ### Parameter: `sharedKey` The shared key for peering configuration. Router does MD5 hash comparison to validate the packets sent by BGP connection. This parameter is optional and can be removed from peering configuration if not required. + - Required: No - Type: string - Default: `''` @@ -741,6 +763,7 @@ The shared key for peering configuration. Router does MD5 hash comparison to val ### Parameter: `skuFamily` Chosen SKU family of ExpressRoute circuit. Choose from MeteredData or UnlimitedData SKU families. + - Required: No - Type: string - Default: `'MeteredData'` @@ -755,6 +778,7 @@ Chosen SKU family of ExpressRoute circuit. Choose from MeteredData or UnlimitedD ### Parameter: `skuTier` Chosen SKU Tier of ExpressRoute circuit. Choose from Local, Premium or Standard SKU tiers. + - Required: No - Type: string - Default: `'Standard'` @@ -770,12 +794,14 @@ Chosen SKU Tier of ExpressRoute circuit. Choose from Local, Premium or Standard ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object ### Parameter: `vlanId` Specifies the identifier that is used to identify the customer. + - Required: No - Type: int - Default: `0` diff --git a/modules/network/express-route-gateway/README.md b/modules/network/express-route-gateway/README.md index 2bba6a1bf2..c2084076e9 100644 --- a/modules/network/express-route-gateway/README.md +++ b/modules/network/express-route-gateway/README.md @@ -304,9 +304,24 @@ module expressRouteGateway 'br:bicep/modules/network.express-route-gateway:1.0.0 | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignments to create. | | [`tags`](#parameter-tags) | object | Tags of the Firewall policy resource. | +### Parameter: `name` + +Name of the Express Route Gateway. + +- Required: Yes +- Type: string + +### Parameter: `virtualHubId` + +Resource ID of the Virtual Wan Hub. + +- Required: Yes +- Type: string + ### Parameter: `allowNonVirtualWanTraffic` Configures this gateway to accept traffic from non Virtual WAN networks. + - Required: No - Type: bool - Default: `False` @@ -314,6 +329,7 @@ Configures this gateway to accept traffic from non Virtual WAN networks. ### Parameter: `autoScaleConfigurationBoundsMax` Maximum number of scale units deployed for ExpressRoute gateway. + - Required: No - Type: int - Default: `2` @@ -321,6 +337,7 @@ Maximum number of scale units deployed for ExpressRoute gateway. ### Parameter: `autoScaleConfigurationBoundsMin` Minimum number of scale units deployed for ExpressRoute gateway. + - Required: No - Type: int - Default: `2` @@ -328,6 +345,7 @@ Minimum number of scale units deployed for ExpressRoute gateway. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -335,6 +353,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `expressRouteConnections` List of ExpressRoute connections to the ExpressRoute gateway. + - Required: No - Type: array - Default: `[]` @@ -342,6 +361,7 @@ List of ExpressRoute connections to the ExpressRoute gateway. ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -349,116 +369,135 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string -### Parameter: `name` - -Name of the Express Route Gateway. -- Required: Yes -- Type: string - ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | + +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -### Parameter: `roleAssignments.condition` +### Parameter: `roleAssignments.principalId` -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +The principal ID of the principal (user/group/identity) to assign the role to. -- Required: No +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `tags` Tags of the Firewall policy resource. + - Required: No - Type: object -### Parameter: `virtualHubId` - -Resource ID of the Virtual Wan Hub. -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/network/firewall-policy/README.md b/modules/network/firewall-policy/README.md index 3b9ff291c6..c99c673261 100644 --- a/modules/network/firewall-policy/README.md +++ b/modules/network/firewall-policy/README.md @@ -407,9 +407,17 @@ module firewallPolicy 'br:bicep/modules/network.firewall-policy:1.0.0' = { | [`tier`](#parameter-tier) | string | Tier of Firewall Policy. | | [`workspaces`](#parameter-workspaces) | array | List of workspaces for Firewall Policy Insights. | +### Parameter: `name` + +Name of the Firewall Policy. + +- Required: Yes +- Type: string + ### Parameter: `allowSqlRedirect` A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the flag requires no rule using port 11000-11999. + - Required: No - Type: bool - Default: `False` @@ -417,6 +425,7 @@ A flag to indicate if SQL Redirect traffic filtering is enabled. Turning on the ### Parameter: `autoLearnPrivateRanges` The operation mode for automatically learning private ranges to not be SNAT. + - Required: No - Type: string - Default: `'Disabled'` @@ -431,6 +440,7 @@ The operation mode for automatically learning private ranges to not be SNAT. ### Parameter: `basePolicyResourceId` Resource ID of the base policy. + - Required: No - Type: string - Default: `''` @@ -438,6 +448,7 @@ Resource ID of the base policy. ### Parameter: `bypassTrafficSettings` List of rules for traffic to bypass. + - Required: No - Type: array - Default: `[]` @@ -445,6 +456,7 @@ List of rules for traffic to bypass. ### Parameter: `certificateName` Name of the CA certificate. + - Required: No - Type: string - Default: `''` @@ -452,6 +464,7 @@ Name of the CA certificate. ### Parameter: `defaultWorkspaceId` Default Log Analytics Resource ID for Firewall Policy Insights. + - Required: No - Type: string - Default: `''` @@ -459,6 +472,7 @@ Default Log Analytics Resource ID for Firewall Policy Insights. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -466,6 +480,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `enableProxy` Enable DNS Proxy on Firewalls attached to the Firewall Policy. + - Required: No - Type: bool - Default: `False` @@ -473,6 +488,7 @@ Enable DNS Proxy on Firewalls attached to the Firewall Policy. ### Parameter: `fqdns` List of FQDNs for the ThreatIntel Allowlist. + - Required: No - Type: array - Default: `[]` @@ -480,6 +496,7 @@ List of FQDNs for the ThreatIntel Allowlist. ### Parameter: `insightsIsEnabled` A flag to indicate if the insights are enabled on the policy. + - Required: No - Type: bool - Default: `False` @@ -487,6 +504,7 @@ A flag to indicate if the insights are enabled on the policy. ### Parameter: `ipAddresses` List of IP addresses for the ThreatIntel Allowlist. + - Required: No - Type: array - Default: `[]` @@ -494,6 +512,7 @@ List of IP addresses for the ThreatIntel Allowlist. ### Parameter: `keyVaultSecretId` Secret ID of (base-64 encoded unencrypted PFX) Secret or Certificate object stored in KeyVault. + - Required: No - Type: string - Default: `''` @@ -501,6 +520,7 @@ Secret ID of (base-64 encoded unencrypted PFX) Secret or Certificate object stor ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -508,17 +528,19 @@ Location for all resources. ### Parameter: `managedIdentities` The managed identity definition for this resource. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | Yes | array | Optional. The resource ID(s) to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. | ### Parameter: `managedIdentities.userAssignedResourceIds` -Optional. The resource ID(s) to assign to the resource. +The resource ID(s) to assign to the resource. - Required: Yes - Type: array @@ -526,6 +548,7 @@ Optional. The resource ID(s) to assign to the resource. ### Parameter: `mode` The configuring of intrusion detection. + - Required: No - Type: string - Default: `'Off'` @@ -538,15 +561,10 @@ The configuring of intrusion detection. ] ``` -### Parameter: `name` - -Name of the Firewall Policy. -- Required: Yes -- Type: string - ### Parameter: `privateRanges` List of private IP addresses/IP address ranges to not be SNAT. + - Required: No - Type: array - Default: `[]` @@ -554,6 +572,7 @@ List of private IP addresses/IP address ranges to not be SNAT. ### Parameter: `retentionDays` Number of days the insights should be enabled on the policy. + - Required: No - Type: int - Default: `365` @@ -561,6 +580,7 @@ Number of days the insights should be enabled on the policy. ### Parameter: `ruleCollectionGroups` Rule collection groups. + - Required: No - Type: array - Default: `[]` @@ -568,6 +588,7 @@ Rule collection groups. ### Parameter: `servers` List of Custom DNS Servers. + - Required: No - Type: array - Default: `[]` @@ -575,6 +596,7 @@ List of Custom DNS Servers. ### Parameter: `signatureOverrides` List of specific signatures states. + - Required: No - Type: array - Default: `[]` @@ -582,12 +604,14 @@ List of specific signatures states. ### Parameter: `tags` Tags of the Firewall policy resource. + - Required: No - Type: object ### Parameter: `threatIntelMode` The operation mode for Threat Intel. + - Required: No - Type: string - Default: `'Off'` @@ -603,6 +627,7 @@ The operation mode for Threat Intel. ### Parameter: `tier` Tier of Firewall Policy. + - Required: No - Type: string - Default: `'Standard'` @@ -617,6 +642,7 @@ Tier of Firewall Policy. ### Parameter: `workspaces` List of workspaces for Firewall Policy Insights. + - Required: No - Type: array - Default: `[]` diff --git a/modules/network/firewall-policy/rule-collection-group/README.md b/modules/network/firewall-policy/rule-collection-group/README.md index 920f33ecd8..aa3fdbc956 100644 --- a/modules/network/firewall-policy/rule-collection-group/README.md +++ b/modules/network/firewall-policy/rule-collection-group/README.md @@ -37,34 +37,39 @@ This module deploys a Firewall Policy Rule Collection Group. | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`ruleCollections`](#parameter-rulecollections) | array | Group of Firewall Policy rule collections. | -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` - -### Parameter: `firewallPolicyName` - -The name of the parent Firewall Policy. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `name` The name of the rule collection group to deploy. + - Required: Yes - Type: string ### Parameter: `priority` Priority of the Firewall Policy Rule Collection Group resource. + - Required: Yes - Type: int +### Parameter: `firewallPolicyName` + +The name of the parent Firewall Policy. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` + ### Parameter: `ruleCollections` Group of Firewall Policy rule collections. + - Required: No - Type: array - Default: `[]` diff --git a/modules/network/front-door-web-application-firewall-policy/README.md b/modules/network/front-door-web-application-firewall-policy/README.md index c62511aad4..cf76c7f7bc 100644 --- a/modules/network/front-door-web-application-firewall-policy/README.md +++ b/modules/network/front-door-web-application-firewall-policy/README.md @@ -545,9 +545,17 @@ module frontDoorWebApplicationFirewallPolicy 'br:bicep/modules/network.front-doo | [`sku`](#parameter-sku) | string | The pricing tier of the WAF profile. | | [`tags`](#parameter-tags) | object | Resource tags. | +### Parameter: `name` + +Name of the Front Door WAF policy. + +- Required: Yes +- Type: string + ### Parameter: `customRules` The custom rules inside the policy. + - Required: No - Type: object - Default: @@ -578,6 +586,7 @@ The custom rules inside the policy. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -585,6 +594,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `'global'` @@ -592,26 +602,35 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -619,6 +638,7 @@ Optional. Specify the name of lock. ### Parameter: `managedRules` Describes the managedRules structure. + - Required: No - Type: object - Default: @@ -642,15 +662,10 @@ Describes the managedRules structure. } ``` -### Parameter: `name` - -Name of the Front Door WAF policy. -- Required: Yes -- Type: string - ### Parameter: `policySettings` The PolicySettings for policy. + - Required: No - Type: object - Default: @@ -664,74 +679,96 @@ The PolicySettings for policy. ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +**Optional parameters** -### Parameter: `roleAssignments.condition` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +### Parameter: `roleAssignments.principalId` -- Required: No +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `sku` The pricing tier of the WAF profile. + - Required: No - Type: string - Default: `'Standard_AzureFrontDoor'` @@ -746,6 +783,7 @@ The pricing tier of the WAF profile. ### Parameter: `tags` Resource tags. + - Required: No - Type: object diff --git a/modules/network/front-door/README.md b/modules/network/front-door/README.md index b86171346b..6fd669facf 100644 --- a/modules/network/front-door/README.md +++ b/modules/network/front-door/README.md @@ -839,120 +839,132 @@ module frontDoor 'br:bicep/modules/network.front-door:1.0.0' = { ### Parameter: `backendPools` Backend address pool of the frontdoor resource. + - Required: Yes - Type: array -### Parameter: `diagnosticSettings` +### Parameter: `frontendEndpoints` -The diagnostic settings of the service. -- Required: No +Frontend endpoints of the frontdoor resource. + +- Required: Yes - Type: array +### Parameter: `healthProbeSettings` -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +Heath probe settings of the frontdoor resource. -### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` +- Required: Yes +- Type: array -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +### Parameter: `loadBalancingSettings` -- Required: No -- Type: string +Load balancing settings of the frontdoor resource. -### Parameter: `diagnosticSettings.eventHubName` +- Required: Yes +- Type: array -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +### Parameter: `name` -- Required: No +The name of the frontDoor. + +- Required: Yes - Type: string -### Parameter: `diagnosticSettings.logAnalyticsDestinationType` +### Parameter: `routingRules` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +Routing rules settings of the frontdoor resource. -- Required: No -- Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Required: Yes +- Type: array -### Parameter: `diagnosticSettings.logCategoriesAndGroups` +### Parameter: `diagnosticSettings` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The diagnostic settings of the service. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` +### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` +### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string +### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -### Parameter: `diagnosticSettings.marketplacePartnerResourceId` - -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` -### Parameter: `diagnosticSettings.metricCategories` +### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | - -### Parameter: `diagnosticSettings.metricCategories.category` +### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. -- Required: Yes +- Required: No - Type: string +### Parameter: `diagnosticSettings.metricCategories` + +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. + +- Required: No +- Type: array ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -960,6 +972,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -967,6 +980,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `enabledState` State of the frontdoor resource. + - Required: No - Type: string - Default: `'Enabled'` @@ -974,6 +988,7 @@ State of the frontdoor resource. ### Parameter: `enforceCertificateNameCheck` Enforce certificate name check of the frontdoor resource. + - Required: No - Type: string - Default: `'Disabled'` @@ -981,31 +996,15 @@ Enforce certificate name check of the frontdoor resource. ### Parameter: `friendlyName` Friendly name of the frontdoor resource. + - Required: No - Type: string - Default: `''` -### Parameter: `frontendEndpoints` - -Frontend endpoints of the frontdoor resource. -- Required: Yes -- Type: array - -### Parameter: `healthProbeSettings` - -Heath probe settings of the frontdoor resource. -- Required: Yes -- Type: array - -### Parameter: `loadBalancingSettings` - -Load balancing settings of the frontdoor resource. -- Required: Yes -- Type: array - ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -1013,113 +1012,132 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string -### Parameter: `name` - -The name of the frontDoor. -- Required: Yes -- Type: string - ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string - -### Parameter: `routingRules` - -Routing rules settings of the frontdoor resource. -- Required: Yes -- Type: array +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `sendRecvTimeoutSeconds` Certificate name check time of the frontdoor resource. + - Required: No - Type: int - Default: `240` @@ -1127,6 +1145,7 @@ Certificate name check time of the frontdoor resource. ### Parameter: `tags` Resource tags. + - Required: No - Type: object diff --git a/modules/network/ip-group/README.md b/modules/network/ip-group/README.md index a5ac16bc08..295e9b4498 100644 --- a/modules/network/ip-group/README.md +++ b/modules/network/ip-group/README.md @@ -294,9 +294,17 @@ module ipGroup 'br:bicep/modules/network.ip-group:1.0.0' = { | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignments to create. | | [`tags`](#parameter-tags) | object | Resource tags. | +### Parameter: `name` + +The name of the ipGroups. + +- Required: Yes +- Type: string + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -304,6 +312,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `ipAddresses` IpAddresses/IpAddressPrefixes in the IpGroups resource. + - Required: No - Type: array - Default: `[]` @@ -311,6 +320,7 @@ IpAddresses/IpAddressPrefixes in the IpGroups resource. ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -318,107 +328,132 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string -### Parameter: `name` - -The name of the ipGroups. -- Required: Yes -- Type: string - ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `tags` Resource tags. + - Required: No - Type: object diff --git a/modules/network/load-balancer/README.md b/modules/network/load-balancer/README.md index 1da31adc09..94e0c1185f 100644 --- a/modules/network/load-balancer/README.md +++ b/modules/network/load-balancer/README.md @@ -927,9 +927,24 @@ module loadBalancer 'br:bicep/modules/network.load-balancer:1.0.0' = { | [`skuName`](#parameter-skuname) | string | Name of a load balancer SKU. | | [`tags`](#parameter-tags) | object | Tags of the resource. | +### Parameter: `frontendIPConfigurations` + +Array of objects containing all frontend IP configurations. + +- Required: Yes +- Type: array + +### Parameter: `name` + +The Proximity Placement Groups Name. + +- Required: Yes +- Type: string + ### Parameter: `backendAddressPools` Collection of backend address pools used by a load balancer. + - Required: No - Type: array - Default: `[]` @@ -937,86 +952,82 @@ Collection of backend address pools used by a load balancer. ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.metricCategories` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | - -### Parameter: `diagnosticSettings.metricCategories.category` - -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. - -- Required: Yes -- Type: string - - ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -1024,19 +1035,15 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` -### Parameter: `frontendIPConfigurations` - -Array of objects containing all frontend IP configurations. -- Required: Yes -- Type: array - ### Parameter: `inboundNatRules` Collection of inbound NAT Rules used by a load balancer. Defining inbound NAT rules on your load balancer is mutually exclusive with defining an inbound NAT pool. Inbound NAT pools are referenced from virtual machine scale sets. NICs that are associated with individual virtual machines cannot reference an Inbound NAT pool. They have to reference individual inbound NAT rules. + - Required: No - Type: array - Default: `[]` @@ -1044,6 +1051,7 @@ Collection of inbound NAT Rules used by a load balancer. Defining inbound NAT ru ### Parameter: `loadBalancingRules` Array of objects containing all load balancing rules. + - Required: No - Type: array - Default: `[]` @@ -1051,6 +1059,7 @@ Array of objects containing all load balancing rules. ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -1058,39 +1067,43 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string -### Parameter: `name` - -The Proximity Placement Groups Name. -- Required: Yes -- Type: string - ### Parameter: `outboundRules` The outbound rules. + - Required: No - Type: array - Default: `[]` @@ -1098,6 +1111,7 @@ The outbound rules. ### Parameter: `probes` Array of objects containing all probes, these are references in the load balancing rules. + - Required: No - Type: array - Default: `[]` @@ -1105,74 +1119,96 @@ Array of objects containing all probes, these are references in the load balanci ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `skuName` Name of a load balancer SKU. + - Required: No - Type: string - Default: `'Standard'` @@ -1187,6 +1223,7 @@ Name of a load balancer SKU. ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object diff --git a/modules/network/load-balancer/backend-address-pool/README.md b/modules/network/load-balancer/backend-address-pool/README.md index 98c95d3b23..6570434862 100644 --- a/modules/network/load-balancer/backend-address-pool/README.md +++ b/modules/network/load-balancer/backend-address-pool/README.md @@ -39,9 +39,24 @@ This module deploys a Load Balancer Backend Address Pools. | [`syncMode`](#parameter-syncmode) | string | Backend address synchronous mode for the backend pool. | | [`tunnelInterfaces`](#parameter-tunnelinterfaces) | array | An array of gateway load balancer tunnel interfaces. | +### Parameter: `name` + +The name of the backend address pool. + +- Required: Yes +- Type: string + +### Parameter: `loadBalancerName` + +The name of the parent load balancer. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `drainPeriodInSeconds` Amount of seconds Load Balancer waits for before sending RESET to client and backend address. if value is 0 then this property will be set to null. Subscription must register the feature Microsoft.Network/SLBAllowConnectionDraining before using this property. + - Required: No - Type: int - Default: `0` @@ -49,6 +64,7 @@ Amount of seconds Load Balancer waits for before sending RESET to client and bac ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -56,25 +72,15 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `loadBalancerBackendAddresses` An array of backend addresses. + - Required: No - Type: array - Default: `[]` -### Parameter: `loadBalancerName` - -The name of the parent load balancer. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - -### Parameter: `name` - -The name of the backend address pool. -- Required: Yes -- Type: string - ### Parameter: `syncMode` Backend address synchronous mode for the backend pool. + - Required: No - Type: string - Default: `''` @@ -90,6 +96,7 @@ Backend address synchronous mode for the backend pool. ### Parameter: `tunnelInterfaces` An array of gateway load balancer tunnel interfaces. + - Required: No - Type: array - Default: `[]` diff --git a/modules/network/load-balancer/inbound-nat-rule/README.md b/modules/network/load-balancer/inbound-nat-rule/README.md index 5cd6e7873d..85f725237f 100644 --- a/modules/network/load-balancer/inbound-nat-rule/README.md +++ b/modules/network/load-balancer/inbound-nat-rule/README.md @@ -45,9 +45,38 @@ This module deploys a Load Balancer Inbound NAT Rules. | [`idleTimeoutInMinutes`](#parameter-idletimeoutinminutes) | int | The timeout for the TCP idle connection. The value can be set between 4 and 30 minutes. The default value is 4 minutes. This element is only used when the protocol is set to TCP. | | [`protocol`](#parameter-protocol) | string | The transport protocol for the endpoint. | +### Parameter: `frontendIPConfigurationName` + +The name of the frontend IP address to set for the inbound NAT rule. + +- Required: Yes +- Type: string + +### Parameter: `frontendPort` + +The port for the external endpoint. Port numbers for each rule must be unique within the Load Balancer. + +- Required: Yes +- Type: int + +### Parameter: `name` + +The name of the inbound NAT rule. + +- Required: Yes +- Type: string + +### Parameter: `loadBalancerName` + +The name of the parent load balancer. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `backendAddressPoolName` Name of the backend address pool. + - Required: No - Type: string - Default: `''` @@ -55,6 +84,7 @@ Name of the backend address pool. ### Parameter: `backendPort` The port used for the internal endpoint. + - Required: No - Type: int - Default: `[parameters('frontendPort')]` @@ -62,6 +92,7 @@ The port used for the internal endpoint. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -69,6 +100,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `enableFloatingIP` Configures a virtual machine's endpoint for the floating IP capability required to configure a SQL AlwaysOn Availability Group. This setting is required when using the SQL AlwaysOn Availability Groups in SQL server. This setting can't be changed after you create the endpoint. + - Required: No - Type: bool - Default: `False` @@ -76,25 +108,15 @@ Configures a virtual machine's endpoint for the floating IP capability required ### Parameter: `enableTcpReset` Receive bidirectional TCP Reset on TCP flow idle timeout or unexpected connection termination. This element is only used when the protocol is set to TCP. + - Required: No - Type: bool - Default: `False` -### Parameter: `frontendIPConfigurationName` - -The name of the frontend IP address to set for the inbound NAT rule. -- Required: Yes -- Type: string - -### Parameter: `frontendPort` - -The port for the external endpoint. Port numbers for each rule must be unique within the Load Balancer. -- Required: Yes -- Type: int - ### Parameter: `frontendPortRangeEnd` The port range end for the external endpoint. This property is used together with BackendAddressPool and FrontendPortRangeStart. Individual inbound NAT rule port mappings will be created for each backend address from BackendAddressPool. + - Required: No - Type: int - Default: `-1` @@ -102,6 +124,7 @@ The port range end for the external endpoint. This property is used together wit ### Parameter: `frontendPortRangeStart` The port range start for the external endpoint. This property is used together with BackendAddressPool and FrontendPortRangeEnd. Individual inbound NAT rule port mappings will be created for each backend address from BackendAddressPool. + - Required: No - Type: int - Default: `-1` @@ -109,25 +132,15 @@ The port range start for the external endpoint. This property is used together w ### Parameter: `idleTimeoutInMinutes` The timeout for the TCP idle connection. The value can be set between 4 and 30 minutes. The default value is 4 minutes. This element is only used when the protocol is set to TCP. + - Required: No - Type: int - Default: `4` -### Parameter: `loadBalancerName` - -The name of the parent load balancer. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - -### Parameter: `name` - -The name of the inbound NAT rule. -- Required: Yes -- Type: string - ### Parameter: `protocol` The transport protocol for the endpoint. + - Required: No - Type: string - Default: `'Tcp'` diff --git a/modules/network/local-network-gateway/README.md b/modules/network/local-network-gateway/README.md index f2fb425a1a..97c73c9da3 100644 --- a/modules/network/local-network-gateway/README.md +++ b/modules/network/local-network-gateway/README.md @@ -331,9 +331,31 @@ module localNetworkGateway 'br:bicep/modules/network.local-network-gateway:1.0.0 | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignments to create. | | [`tags`](#parameter-tags) | object | Tags of the resource. | +### Parameter: `localAddressPrefixes` + +List of the local (on-premises) IP address ranges. + +- Required: Yes +- Type: array + +### Parameter: `localGatewayPublicIpAddress` + +Public IP of the local gateway. + +- Required: Yes +- Type: string + +### Parameter: `name` + +Name of the Local Network Gateway. + +- Required: Yes +- Type: string + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -341,19 +363,15 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `fqdn` FQDN of local network gateway. + - Required: No - Type: string - Default: `''` -### Parameter: `localAddressPrefixes` - -List of the local (on-premises) IP address ranges. -- Required: Yes -- Type: array - ### Parameter: `localAsn` The BGP speaker's ASN. Not providing this value will automatically disable BGP on this Local Network Gateway resource. + - Required: No - Type: string - Default: `''` @@ -361,19 +379,15 @@ The BGP speaker's ASN. Not providing this value will automatically disable BGP o ### Parameter: `localBgpPeeringAddress` The BGP peering address and BGP identifier of this BGP speaker. Not providing this value will automatically disable BGP on this Local Network Gateway resource. + - Required: No - Type: string - Default: `''` -### Parameter: `localGatewayPublicIpAddress` - -Public IP of the local gateway. -- Required: Yes -- Type: string - ### Parameter: `localPeerWeight` The weight added to routes learned from this BGP speaker. This will only take effect if both the localAsn and the localBgpPeeringAddress values are provided. + - Required: No - Type: string - Default: `''` @@ -381,6 +395,7 @@ The weight added to routes learned from this BGP speaker. This will only take ef ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -388,107 +403,132 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string -### Parameter: `name` - -Name of the Local Network Gateway. -- Required: Yes -- Type: string - ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +**Optional parameters** -### Parameter: `roleAssignments.condition` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +### Parameter: `roleAssignments.principalId` -- Required: No +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object diff --git a/modules/network/nat-gateway/README.md b/modules/network/nat-gateway/README.md index 48343f3c1b..cf808aa8bb 100644 --- a/modules/network/nat-gateway/README.md +++ b/modules/network/nat-gateway/README.md @@ -514,9 +514,17 @@ module natGateway 'br:bicep/modules/network.nat-gateway:1.0.0' = { | [`tags`](#parameter-tags) | object | Tags for the resource. | | [`zones`](#parameter-zones) | array | A list of availability zones denoting the zone in which Nat Gateway should be deployed. | +### Parameter: `name` + +Name of the Azure Bastion resource. + +- Required: Yes +- Type: string + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -524,6 +532,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `idleTimeoutInMinutes` The idle timeout of the NAT gateway. + - Required: No - Type: int - Default: `5` @@ -531,6 +540,7 @@ The idle timeout of the NAT gateway. ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -538,51 +548,57 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string -### Parameter: `name` - -Name of the Azure Bastion resource. -- Required: Yes -- Type: string - ### Parameter: `publicIPAddressObjects` Specifies the properties of the Public IPs to create and be used by the NAT Gateway. + - Required: No - Type: array ### Parameter: `publicIPPrefixObjects` Specifies the properties of the Public IP Prefixes to create and be used by the NAT Gateway. + - Required: No - Type: array ### Parameter: `publicIPPrefixResourceIds` Existing Public IP Prefixes resource IDs to use for the NAT Gateway. + - Required: No - Type: array - Default: `[]` @@ -590,6 +606,7 @@ Existing Public IP Prefixes resource IDs to use for the NAT Gateway. ### Parameter: `publicIpResourceIds` Existing Public IP Address resource IDs to use for the NAT Gateway. + - Required: No - Type: array - Default: `[]` @@ -597,80 +614,103 @@ Existing Public IP Address resource IDs to use for the NAT Gateway. ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `tags` Tags for the resource. + - Required: No - Type: object ### Parameter: `zones` A list of availability zones denoting the zone in which Nat Gateway should be deployed. + - Required: No - Type: array - Default: `[]` diff --git a/modules/network/network-interface/README.md b/modules/network/network-interface/README.md index 0efe82db56..398da34fed 100644 --- a/modules/network/network-interface/README.md +++ b/modules/network/network-interface/README.md @@ -455,9 +455,24 @@ module networkInterface 'br:bicep/modules/network.network-interface:1.0.0' = { | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`tags`](#parameter-tags) | object | Tags of the resource. | +### Parameter: `ipConfigurations` + +A list of IPConfigurations of the network interface. + +- Required: Yes +- Type: array + +### Parameter: `name` + +The name of the network interface. + +- Required: Yes +- Type: string + ### Parameter: `auxiliaryMode` Auxiliary mode of Network Interface resource. Not all regions are enabled for Auxiliary Mode Nic. + - Required: No - Type: string - Default: `'None'` @@ -473,6 +488,7 @@ Auxiliary mode of Network Interface resource. Not all regions are enabled for Au ### Parameter: `auxiliarySku` Auxiliary sku of Network Interface resource. Not all regions are enabled for Auxiliary Mode Nic. + - Required: No - Type: string - Default: `'None'` @@ -490,86 +506,82 @@ Auxiliary sku of Network Interface resource. Not all regions are enabled for Aux ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.metricCategories` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | - -### Parameter: `diagnosticSettings.metricCategories.category` - -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. - -- Required: Yes -- Type: string - - ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -577,6 +589,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `disableTcpStateTracking` Indicates whether to disable tcp state tracking. Subscription must be registered for the Microsoft.Network/AllowDisableTcpStateTracking feature before this property can be set to true. + - Required: No - Type: bool - Default: `False` @@ -584,6 +597,7 @@ Indicates whether to disable tcp state tracking. Subscription must be registered ### Parameter: `dnsServers` List of DNS servers IP addresses. Use 'AzureProvidedDNS' to switch to azure provided DNS resolution. 'AzureProvidedDNS' value cannot be combined with other IPs, it must be the only value in dnsServers collection. + - Required: No - Type: array - Default: `[]` @@ -591,6 +605,7 @@ List of DNS servers IP addresses. Use 'AzureProvidedDNS' to switch to azure prov ### Parameter: `enableAcceleratedNetworking` If the network interface is accelerated networking enabled. + - Required: No - Type: bool - Default: `False` @@ -598,6 +613,7 @@ If the network interface is accelerated networking enabled. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -605,19 +621,15 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `enableIPForwarding` Indicates whether IP forwarding is enabled on this network interface. + - Required: No - Type: bool - Default: `False` -### Parameter: `ipConfigurations` - -A list of IPConfigurations of the network interface. -- Required: Yes -- Type: array - ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -625,39 +637,43 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string -### Parameter: `name` - -The name of the network interface. -- Required: Yes -- Type: string - ### Parameter: `networkSecurityGroupResourceId` The network security group (NSG) to attach to the network interface. + - Required: No - Type: string - Default: `''` @@ -665,74 +681,96 @@ The network security group (NSG) to attach to the network interface. ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + - Required: No - Type: array +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | + +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -### Parameter: `roleAssignments.condition` +### Parameter: `roleAssignments.principalId` -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +The principal ID of the principal (user/group/identity) to assign the role to. -- Required: No +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object diff --git a/modules/network/network-manager/README.md b/modules/network/network-manager/README.md index 8460d85457..ad557d501f 100644 --- a/modules/network/network-manager/README.md +++ b/modules/network/network-manager/README.md @@ -972,9 +972,39 @@ module networkManager 'br:bicep/modules/network.network-manager:1.0.0' = { | [`securityAdminConfigurations`](#parameter-securityadminconfigurations) | array | Security Admin Configurations, Rule Collections and Rules to create for the network manager. Azure Virtual Network Manager provides two different types of configurations you can deploy across your virtual networks, one of them being a SecurityAdmin configuration. A security admin configuration contains a set of rule collections. Each rule collection contains one or more security admin rules. You then associate the rule collection with the network groups that you want to apply the security admin rules to. | | [`tags`](#parameter-tags) | object | Tags of the resource. | +### Parameter: `name` + +Name of the Network Manager. + +- Required: Yes +- Type: string + +### Parameter: `networkManagerScopeAccesses` + +Scope Access. String array containing any of "Connectivity", "SecurityAdmin". The connectivity feature allows you to create network topologies at scale. The security admin feature lets you create high-priority security rules, which take precedence over NSGs. + +- Required: Yes +- Type: array + +### Parameter: `networkManagerScopes` + +Scope of Network Manager. Contains a list of management groups or a list of subscriptions. This defines the boundary of network resources that this Network Manager instance can manage. If using Management Groups, ensure that the "Microsoft.Network" resource provider is registered for those Management Groups prior to deployment. + +- Required: Yes +- Type: object + +### Parameter: `networkGroups` + +Network Groups and static members to create for the network manager. Required if using "connectivityConfigurations" or "securityAdminConfigurations" parameters. A network group is global container that includes a set of virtual network resources from any region. Then, configurations are applied to target the network group, which applies the configuration to all members of the group. The two types are group memberships are static and dynamic memberships. Static membership allows you to explicitly add virtual networks to a group by manually selecting individual virtual networks, and is available as a child module, while dynamic membership is defined through Azure policy. See [How Azure Policy works with Network Groups](https://learn.microsoft.com/en-us/azure/virtual-network-manager/concept-azure-policy-integration) for more details. + +- Required: No +- Type: array +- Default: `[]` + ### Parameter: `connectivityConfigurations` Connectivity Configurations to create for the network manager. Network manager must contain at least one network group in order to define connectivity configurations. + - Required: No - Type: array - Default: `[]` @@ -982,6 +1012,7 @@ Connectivity Configurations to create for the network manager. Network manager m ### Parameter: `description` A description of the network manager. + - Required: No - Type: string - Default: `''` @@ -989,6 +1020,7 @@ A description of the network manager. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -996,6 +1028,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -1003,126 +1036,132 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string -### Parameter: `name` - -Name of the Network Manager. -- Required: Yes -- Type: string +### Parameter: `roleAssignments` -### Parameter: `networkGroups` +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -Network Groups and static members to create for the network manager. Required if using "connectivityConfigurations" or "securityAdminConfigurations" parameters. A network group is global container that includes a set of virtual network resources from any region. Then, configurations are applied to target the network group, which applies the configuration to all members of the group. The two types are group memberships are static and dynamic memberships. Static membership allows you to explicitly add virtual networks to a group by manually selecting individual virtual networks, and is available as a child module, while dynamic membership is defined through Azure policy. See [How Azure Policy works with Network Groups](https://learn.microsoft.com/en-us/azure/virtual-network-manager/concept-azure-policy-integration) for more details. - Required: No - Type: array -- Default: `[]` -### Parameter: `networkManagerScopeAccesses` +**Required parameters** -Scope Access. String array containing any of "Connectivity", "SecurityAdmin". The connectivity feature allows you to create network topologies at scale. The security admin feature lets you create high-priority security rules, which take precedence over NSGs. -- Required: Yes -- Type: array +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | -### Parameter: `networkManagerScopes` +**Optional parameters** -Scope of Network Manager. Contains a list of management groups or a list of subscriptions. This defines the boundary of network resources that this Network Manager instance can manage. If using Management Groups, ensure that the "Microsoft.Network" resource provider is registered for those Management Groups prior to deployment. -- Required: Yes -- Type: object +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -### Parameter: `roleAssignments` +### Parameter: `roleAssignments.principalId` -Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No -- Type: array +The principal ID of the principal (user/group/identity) to assign the role to. +- Required: Yes +- Type: string -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | +### Parameter: `roleAssignments.roleDefinitionIdOrName` + +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. + +- Required: Yes +- Type: string ### Parameter: `roleAssignments.condition` -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string ### Parameter: `roleAssignments.conditionVersion` -Optional. Version of the condition. +Version of the condition. - Required: No - Type: string -- Allowed: `[2.0]` +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` ### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Optional. The Resource Id of the delegated managed identity resource. +The Resource Id of the delegated managed identity resource. - Required: No - Type: string ### Parameter: `roleAssignments.description` -Optional. The description of the role assignment. +The description of the role assignment. - Required: No - Type: string -### Parameter: `roleAssignments.principalId` - -Required. The principal ID of the principal (user/group/identity) to assign the role to. - -- Required: Yes -- Type: string - ### Parameter: `roleAssignments.principalType` -Optional. The principal type of the assigned principal ID. +The principal type of the assigned principal ID. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` - -### Parameter: `roleAssignments.roleDefinitionIdOrName` - -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. - -- Required: Yes -- Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `scopeConnections` Scope Connections to create for the network manager. Allows network manager to manage resources from another tenant. Supports management groups or subscriptions from another tenant. + - Required: No - Type: array - Default: `[]` @@ -1130,6 +1169,7 @@ Scope Connections to create for the network manager. Allows network manager to m ### Parameter: `securityAdminConfigurations` Security Admin Configurations, Rule Collections and Rules to create for the network manager. Azure Virtual Network Manager provides two different types of configurations you can deploy across your virtual networks, one of them being a SecurityAdmin configuration. A security admin configuration contains a set of rule collections. Each rule collection contains one or more security admin rules. You then associate the rule collection with the network groups that you want to apply the security admin rules to. + - Required: No - Type: array - Default: `[]` @@ -1137,6 +1177,7 @@ Security Admin Configurations, Rule Collections and Rules to create for the netw ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object diff --git a/modules/network/network-manager/connectivity-configuration/README.md b/modules/network/network-manager/connectivity-configuration/README.md index 82d0de0287..6168ea4e7f 100644 --- a/modules/network/network-manager/connectivity-configuration/README.md +++ b/modules/network/network-manager/connectivity-configuration/README.md @@ -45,6 +45,7 @@ Connectivity configurations define hub-and-spoke or mesh topologies applied to o ### Parameter: `appliesToGroups` Network Groups for the configuration. + - Required: No - Type: array - Default: `[]` @@ -52,6 +53,7 @@ Network Groups for the configuration. ### Parameter: `connectivityTopology` Connectivity topology type. + - Required: Yes - Type: string - Allowed: @@ -62,9 +64,32 @@ Connectivity topology type. ] ``` +### Parameter: `name` + +The name of the connectivity configuration. + +- Required: Yes +- Type: string + +### Parameter: `hubs` + +List of hub items. This will create peerings between the specified hub and the virtual networks in the network group specified. Required if connectivityTopology is of type "HubAndSpoke". + +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `networkManagerName` + +The name of the parent network manager. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `deleteExistingPeering` Flag if need to remove current existing peerings. If set to "True", all peerings on virtual networks in selected network groups will be removed and replaced with the peerings defined by this configuration. Optional when connectivityTopology is of type "HubAndSpoke". + - Required: No - Type: string - Default: `'False'` @@ -79,6 +104,7 @@ Flag if need to remove current existing peerings. If set to "True", all peerings ### Parameter: `description` A description of the connectivity configuration. + - Required: No - Type: string - Default: `''` @@ -86,20 +112,15 @@ A description of the connectivity configuration. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` -### Parameter: `hubs` - -List of hub items. This will create peerings between the specified hub and the virtual networks in the network group specified. Required if connectivityTopology is of type "HubAndSpoke". -- Required: No -- Type: array -- Default: `[]` - ### Parameter: `isGlobal` Flag if global mesh is supported. By default, mesh connectivity is applied to virtual networks within the same region. If set to "True", a global mesh enables connectivity across regions. + - Required: No - Type: string - Default: `'False'` @@ -111,18 +132,6 @@ Flag if global mesh is supported. By default, mesh connectivity is applied to vi ] ``` -### Parameter: `name` - -The name of the connectivity configuration. -- Required: Yes -- Type: string - -### Parameter: `networkManagerName` - -The name of the parent network manager. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/network/network-manager/network-group/README.md b/modules/network/network-manager/network-group/README.md index a5f8dca4a0..dfc2942b79 100644 --- a/modules/network/network-manager/network-group/README.md +++ b/modules/network/network-manager/network-group/README.md @@ -39,9 +39,24 @@ A network group is a collection of same-type network resources that you can asso | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`staticMembers`](#parameter-staticmembers) | array | Static Members to create for the network group. Contains virtual networks to add to the network group. | +### Parameter: `name` + +The name of the network group. + +- Required: Yes +- Type: string + +### Parameter: `networkManagerName` + +The name of the parent network manager. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `description` A description of the network group. + - Required: No - Type: string - Default: `''` @@ -49,25 +64,15 @@ A description of the network group. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` -### Parameter: `name` - -The name of the network group. -- Required: Yes -- Type: string - -### Parameter: `networkManagerName` - -The name of the parent network manager. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `staticMembers` Static Members to create for the network group. Contains virtual networks to add to the network group. + - Required: No - Type: array - Default: `[]` diff --git a/modules/network/network-manager/network-group/static-member/README.md b/modules/network/network-manager/network-group/static-member/README.md index 7a10fbc50c..43d13ca7e6 100644 --- a/modules/network/network-manager/network-group/static-member/README.md +++ b/modules/network/network-manager/network-group/static-member/README.md @@ -38,36 +38,41 @@ Static membership allows you to explicitly add virtual networks to a group by ma | :-- | :-- | :-- | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` - ### Parameter: `name` The name of the static member. + +- Required: Yes +- Type: string + +### Parameter: `resourceId` + +Resource ID of the virtual network. + - Required: Yes - Type: string ### Parameter: `networkGroupName` The name of the parent network group. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string ### Parameter: `networkManagerName` The name of the parent network manager. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string -### Parameter: `resourceId` +### Parameter: `enableDefaultTelemetry` -Resource ID of the virtual network. -- Required: Yes -- Type: string +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` ## Outputs diff --git a/modules/network/network-manager/scope-connection/README.md b/modules/network/network-manager/scope-connection/README.md index b2e6fbf6c5..ad53105021 100644 --- a/modules/network/network-manager/scope-connection/README.md +++ b/modules/network/network-manager/scope-connection/README.md @@ -39,43 +39,49 @@ Create a cross-tenant connection to manage a resource from another tenant. | [`description`](#parameter-description) | string | A description of the scope connection. | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | -### Parameter: `description` +### Parameter: `name` -A description of the scope connection. -- Required: No +The name of the scope connection. + +- Required: Yes - Type: string -- Default: `''` -### Parameter: `enableDefaultTelemetry` +### Parameter: `resourceId` -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` +Enter the subscription or management group resource ID that you want to add to this network manager's scope. -### Parameter: `name` +- Required: Yes +- Type: string + +### Parameter: `tenantId` + +Tenant ID of the subscription or management group that you want to manage. -The name of the scope connection. - Required: Yes - Type: string ### Parameter: `networkManagerName` The name of the parent network manager. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string -### Parameter: `resourceId` +### Parameter: `description` -Enter the subscription or management group resource ID that you want to add to this network manager's scope. -- Required: Yes +A description of the scope connection. + +- Required: No - Type: string +- Default: `''` -### Parameter: `tenantId` +### Parameter: `enableDefaultTelemetry` -Tenant ID of the subscription or management group that you want to manage. -- Required: Yes -- Type: string +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` ## Outputs diff --git a/modules/network/network-manager/security-admin-configuration/README.md b/modules/network/network-manager/security-admin-configuration/README.md index e49e0a6867..acf913b035 100644 --- a/modules/network/network-manager/security-admin-configuration/README.md +++ b/modules/network/network-manager/security-admin-configuration/README.md @@ -44,6 +44,7 @@ A security admin configuration contains a set of rule collections. Each rule col ### Parameter: `applyOnNetworkIntentPolicyBasedServices` Enum list of network intent policy based services. + - Required: No - Type: array - Default: @@ -61,9 +62,24 @@ Enum list of network intent policy based services. ] ``` +### Parameter: `name` + +The name of the security admin configuration. + +- Required: Yes +- Type: string + +### Parameter: `networkManagerName` + +The name of the parent network manager. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `description` A description of the security admin configuration. + - Required: No - Type: string - Default: `''` @@ -71,25 +87,15 @@ A description of the security admin configuration. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` -### Parameter: `name` - -The name of the security admin configuration. -- Required: Yes -- Type: string - -### Parameter: `networkManagerName` - -The name of the parent network manager. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `ruleCollections` A security admin configuration contains a set of rule collections that are applied to network groups. Each rule collection contains one or more security admin rules. + - Required: No - Type: array - Default: `[]` diff --git a/modules/network/network-manager/security-admin-configuration/rule-collection/README.md b/modules/network/network-manager/security-admin-configuration/rule-collection/README.md index 8f8dbcef8f..dc47633126 100644 --- a/modules/network/network-manager/security-admin-configuration/rule-collection/README.md +++ b/modules/network/network-manager/security-admin-configuration/rule-collection/README.md @@ -44,12 +44,35 @@ A security admin configuration contains a set of rule collections. Each rule col ### Parameter: `appliesToGroups` List of network groups for configuration. An admin rule collection must be associated to at least one network group. + - Required: Yes - Type: array +### Parameter: `name` + +The name of the admin rule collection. + +- Required: Yes +- Type: string + +### Parameter: `networkManagerName` + +The name of the parent network manager. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + +### Parameter: `securityAdminConfigurationName` + +The name of the parent security admin configuration. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `description` A description of the admin rule collection. + - Required: No - Type: string - Default: `''` @@ -57,33 +80,17 @@ A description of the admin rule collection. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` -### Parameter: `name` - -The name of the admin rule collection. -- Required: Yes -- Type: string - -### Parameter: `networkManagerName` - -The name of the parent network manager. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `rules` List of rules for the admin rules collection. Security admin rules allows enforcing security policy criteria that matches the conditions set. Warning: A rule collection without rule will cause a deployment configuration for security admin goal state in network manager to fail. -- Required: Yes -- Type: array -### Parameter: `securityAdminConfigurationName` - -The name of the parent security admin configuration. Required if the template is used in a standalone deployment. - Required: Yes -- Type: string +- Type: array ## Outputs diff --git a/modules/network/network-manager/security-admin-configuration/rule-collection/rule/README.md b/modules/network/network-manager/security-admin-configuration/rule-collection/rule/README.md index dfb454ced3..7e0081bd9e 100644 --- a/modules/network/network-manager/security-admin-configuration/rule-collection/rule/README.md +++ b/modules/network/network-manager/security-admin-configuration/rule-collection/rule/README.md @@ -50,6 +50,7 @@ A security admin configuration contains a set of rule collections. Each rule col ### Parameter: `access` Indicates the access allowed for this particular rule. "Allow" means traffic matching this rule will be allowed. "Deny" means traffic matching this rule will be blocked. "AlwaysAllow" means that traffic matching this rule will be allowed regardless of other rules with lower priority or user-defined NSGs. + - Required: Yes - Type: string - Allowed: @@ -61,30 +62,10 @@ Indicates the access allowed for this particular rule. "Allow" means traffic mat ] ``` -### Parameter: `description` - -A description of the rule. -- Required: No -- Type: string -- Default: `''` - -### Parameter: `destinationPortRanges` - -List of destination port ranges. This specifies on which ports traffic will be allowed or denied by this rule. Provide an (*) to allow traffic on any port. Port ranges are between 1-65535. -- Required: No -- Type: array -- Default: `[]` - -### Parameter: `destinations` - -The destnations filter can be an IP Address or a service tag. Each filter contains the properties AddressPrefixType (IPPrefix or ServiceTag) and AddressPrefix (using CIDR notation (e.g. 192.168.99.0/24 or 2001:1234::/64) or a service tag (e.g. AppService.WestEurope)). Combining CIDR and Service tags in one rule filter is not permitted. -- Required: No -- Type: array -- Default: `[]` - ### Parameter: `direction` Indicates if the traffic matched against the rule in inbound or outbound. + - Required: Yes - Type: string - Allowed: @@ -95,34 +76,24 @@ Indicates if the traffic matched against the rule in inbound or outbound. ] ``` -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` - ### Parameter: `name` The name of the rule. -- Required: Yes -- Type: string -### Parameter: `networkManagerName` - -The name of the parent network manager. Required if the template is used in a standalone deployment. - Required: Yes - Type: string ### Parameter: `priority` The priority of the rule. The value can be between 1 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. + - Required: Yes - Type: int ### Parameter: `protocol` Network protocol this rule applies to. + - Required: Yes - Type: string - Allowed: @@ -137,21 +108,63 @@ Network protocol this rule applies to. ] ``` +### Parameter: `networkManagerName` + +The name of the parent network manager. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `ruleCollectionName` The name of the parent rule collection. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string ### Parameter: `securityAdminConfigurationName` The name of the parent security admin configuration. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string +### Parameter: `description` + +A description of the rule. + +- Required: No +- Type: string +- Default: `''` + +### Parameter: `destinationPortRanges` + +List of destination port ranges. This specifies on which ports traffic will be allowed or denied by this rule. Provide an (*) to allow traffic on any port. Port ranges are between 1-65535. + +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `destinations` + +The destnations filter can be an IP Address or a service tag. Each filter contains the properties AddressPrefixType (IPPrefix or ServiceTag) and AddressPrefix (using CIDR notation (e.g. 192.168.99.0/24 or 2001:1234::/64) or a service tag (e.g. AppService.WestEurope)). Combining CIDR and Service tags in one rule filter is not permitted. + +- Required: No +- Type: array +- Default: `[]` + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` + ### Parameter: `sourcePortRanges` List of destination port ranges. This specifies on which ports traffic will be allowed or denied by this rule. Provide an (*) to allow traffic on any port. Port ranges are between 1-65535. + - Required: No - Type: array - Default: `[]` @@ -159,6 +172,7 @@ List of destination port ranges. This specifies on which ports traffic will be a ### Parameter: `sources` The source filter can be an IP Address or a service tag. Each filter contains the properties AddressPrefixType (IPPrefix or ServiceTag) and AddressPrefix (using CIDR notation (e.g. 192.168.99.0/24 or 2001:1234::/64) or a service tag (e.g. AppService.WestEurope)). Combining CIDR and Service tags in one rule filter is not permitted. + - Required: No - Type: array - Default: `[]` diff --git a/modules/network/network-security-group/README.md b/modules/network/network-security-group/README.md index f0672acbff..9ea167f1eb 100644 --- a/modules/network/network-security-group/README.md +++ b/modules/network/network-security-group/README.md @@ -578,97 +578,92 @@ module networkSecurityGroup 'br:bicep/modules/network.network-security-group:1.0 | [`securityRules`](#parameter-securityrules) | array | Array of Security Rules to deploy to the Network Security Group. When not provided, an NSG including only the built-in roles will be deployed. | | [`tags`](#parameter-tags) | object | Tags of the NSG resource. | +### Parameter: `name` + +Name of the Network Security Group. + +- Required: Yes +- Type: string + ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -676,6 +671,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -683,6 +679,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `flushConnection` When enabled, flows created from Network Security Group connections will be re-evaluated when rules are updates. Initial enablement will trigger re-evaluation. Network Security Group connection flushing is not available in all regions. + - Required: No - Type: bool - Default: `False` @@ -690,6 +687,7 @@ When enabled, flows created from Network Security Group connections will be re-e ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -697,107 +695,132 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string -### Parameter: `name` - -Name of the Network Security Group. -- Required: Yes -- Type: string - ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `securityRules` Array of Security Rules to deploy to the Network Security Group. When not provided, an NSG including only the built-in roles will be deployed. + - Required: No - Type: array - Default: `[]` @@ -805,6 +828,7 @@ Array of Security Rules to deploy to the Network Security Group. When not provid ### Parameter: `tags` Tags of the NSG resource. + - Required: No - Type: object diff --git a/modules/network/network-security-group/security-rule/README.md b/modules/network/network-security-group/security-rule/README.md index 98658edd16..b0f951daa0 100644 --- a/modules/network/network-security-group/security-rule/README.md +++ b/modules/network/network-security-group/security-rule/README.md @@ -50,9 +50,63 @@ This module deploys a Network Security Group (NSG) Security Rule. | [`sourcePortRange`](#parameter-sourceportrange) | string | The source port or range. Integer or range between 0 and 65535. Asterisk "*" can also be used to match all ports. | | [`sourcePortRanges`](#parameter-sourceportranges) | array | The source port ranges. | +### Parameter: `direction` + +The direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic. + +- Required: Yes +- Type: string +- Allowed: + ```Bicep + [ + 'Inbound' + 'Outbound' + ] + ``` + +### Parameter: `name` + +The name of the security rule. + +- Required: Yes +- Type: string + +### Parameter: `priority` + +The priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. + +- Required: Yes +- Type: int + +### Parameter: `protocol` + +Network protocol this rule applies to. + +- Required: Yes +- Type: string +- Allowed: + ```Bicep + [ + '*' + 'Ah' + 'Esp' + 'Icmp' + 'Tcp' + 'Udp' + ] + ``` + +### Parameter: `networkSecurityGroupName` + +The name of the parent network security group to deploy the security rule into. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `access` Whether network traffic is allowed or denied. + - Required: No - Type: string - Default: `'Deny'` @@ -67,6 +121,7 @@ Whether network traffic is allowed or denied. ### Parameter: `description` A description for this rule. + - Required: No - Type: string - Default: `''` @@ -74,6 +129,7 @@ A description for this rule. ### Parameter: `destinationAddressPrefix` The destination address prefix. CIDR or destination IP range. Asterisk "*" can also be used to match all source IPs. Default tags such as "VirtualNetwork", "AzureLoadBalancer" and "Internet" can also be used. + - Required: No - Type: string - Default: `''` @@ -81,6 +137,7 @@ The destination address prefix. CIDR or destination IP range. Asterisk "*" can a ### Parameter: `destinationAddressPrefixes` The destination address prefixes. CIDR or destination IP ranges. + - Required: No - Type: array - Default: `[]` @@ -88,6 +145,7 @@ The destination address prefixes. CIDR or destination IP ranges. ### Parameter: `destinationApplicationSecurityGroups` The application security group specified as destination. + - Required: No - Type: array - Default: `[]` @@ -95,6 +153,7 @@ The application security group specified as destination. ### Parameter: `destinationPortRange` The destination port or range. Integer or range between 0 and 65535. Asterisk "*" can also be used to match all ports. + - Required: No - Type: string - Default: `''` @@ -102,68 +161,23 @@ The destination port or range. Integer or range between 0 and 65535. Asterisk "* ### Parameter: `destinationPortRanges` The destination port ranges. + - Required: No - Type: array - Default: `[]` -### Parameter: `direction` - -The direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic. -- Required: Yes -- Type: string -- Allowed: - ```Bicep - [ - 'Inbound' - 'Outbound' - ] - ``` - ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` -### Parameter: `name` - -The name of the security rule. -- Required: Yes -- Type: string - -### Parameter: `networkSecurityGroupName` - -The name of the parent network security group to deploy the security rule into. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - -### Parameter: `priority` - -The priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. -- Required: Yes -- Type: int - -### Parameter: `protocol` - -Network protocol this rule applies to. -- Required: Yes -- Type: string -- Allowed: - ```Bicep - [ - '*' - 'Ah' - 'Esp' - 'Icmp' - 'Tcp' - 'Udp' - ] - ``` - ### Parameter: `sourceAddressPrefix` The CIDR or source IP range. Asterisk "*" can also be used to match all source IPs. Default tags such as "VirtualNetwork", "AzureLoadBalancer" and "Internet" can also be used. If this is an ingress rule, specifies where network traffic originates from. + - Required: No - Type: string - Default: `''` @@ -171,6 +185,7 @@ The CIDR or source IP range. Asterisk "*" can also be used to match all source I ### Parameter: `sourceAddressPrefixes` The CIDR or source IP ranges. + - Required: No - Type: array - Default: `[]` @@ -178,6 +193,7 @@ The CIDR or source IP ranges. ### Parameter: `sourceApplicationSecurityGroups` The application security group specified as source. + - Required: No - Type: array - Default: `[]` @@ -185,6 +201,7 @@ The application security group specified as source. ### Parameter: `sourcePortRange` The source port or range. Integer or range between 0 and 65535. Asterisk "*" can also be used to match all ports. + - Required: No - Type: string - Default: `''` @@ -192,6 +209,7 @@ The source port or range. Integer or range between 0 and 65535. Asterisk "*" can ### Parameter: `sourcePortRanges` The source port ranges. + - Required: No - Type: array - Default: `[]` diff --git a/modules/network/network-watcher/README.md b/modules/network/network-watcher/README.md index c8263f21d9..07a3771138 100644 --- a/modules/network/network-watcher/README.md +++ b/modules/network/network-watcher/README.md @@ -535,6 +535,7 @@ module networkWatcher 'br:bicep/modules/network.network-watcher:1.0.0' = { ### Parameter: `connectionMonitors` Array that contains the Connection Monitors. + - Required: No - Type: array - Default: `[]` @@ -542,6 +543,7 @@ Array that contains the Connection Monitors. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -549,6 +551,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `flowLogs` Array that contains the Flow Logs. + - Required: No - Type: array - Default: `[]` @@ -556,6 +559,7 @@ Array that contains the Flow Logs. ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -563,26 +567,35 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -590,6 +603,7 @@ Optional. Specify the name of lock. ### Parameter: `name` Name of the Network Watcher resource (hidden). + - Required: No - Type: string - Default: `[format('NetworkWatcher_{0}', parameters('location'))]` @@ -597,74 +611,96 @@ Name of the Network Watcher resource (hidden). ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +### Parameter: `roleAssignments.principalId` -- Required: No +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object diff --git a/modules/network/network-watcher/connection-monitor/README.md b/modules/network/network-watcher/connection-monitor/README.md index 313167cd95..ff5812ad1a 100644 --- a/modules/network/network-watcher/connection-monitor/README.md +++ b/modules/network/network-watcher/connection-monitor/README.md @@ -36,9 +36,17 @@ This module deploys a Network Watcher Connection Monitor. | [`testGroups`](#parameter-testgroups) | array | List of connection monitor test groups. | | [`workspaceResourceId`](#parameter-workspaceresourceid) | string | Specify the Log Analytics Workspace Resource ID. | +### Parameter: `name` + +Name of the resource. + +- Required: Yes +- Type: string + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -46,6 +54,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `endpoints` List of connection monitor endpoints. + - Required: No - Type: array - Default: `[]` @@ -53,19 +62,15 @@ List of connection monitor endpoints. ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` -### Parameter: `name` - -Name of the resource. -- Required: Yes -- Type: string - ### Parameter: `networkWatcherName` Name of the network watcher resource. Must be in the resource group where the Flow log will be created and same region as the NSG. + - Required: No - Type: string - Default: `[format('NetworkWatcher_{0}', resourceGroup().location)]` @@ -73,12 +78,14 @@ Name of the network watcher resource. Must be in the resource group where the Fl ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object ### Parameter: `testConfigurations` List of connection monitor test configurations. + - Required: No - Type: array - Default: `[]` @@ -86,6 +93,7 @@ List of connection monitor test configurations. ### Parameter: `testGroups` List of connection monitor test groups. + - Required: No - Type: array - Default: `[]` @@ -93,6 +101,7 @@ List of connection monitor test groups. ### Parameter: `workspaceResourceId` Specify the Log Analytics Workspace Resource ID. + - Required: No - Type: string - Default: `''` diff --git a/modules/network/network-watcher/flow-log/README.md b/modules/network/network-watcher/flow-log/README.md index 512cbc68db..b6489b44bb 100644 --- a/modules/network/network-watcher/flow-log/README.md +++ b/modules/network/network-watcher/flow-log/README.md @@ -40,9 +40,24 @@ This module controls the Network Security Group Flow Logs and analytics settings | [`trafficAnalyticsInterval`](#parameter-trafficanalyticsinterval) | int | The interval in minutes which would decide how frequently TA service should do flow analytics. | | [`workspaceResourceId`](#parameter-workspaceresourceid) | string | Specify the Log Analytics Workspace Resource ID. | +### Parameter: `storageId` + +Resource ID of the diagnostic storage account. + +- Required: Yes +- Type: string + +### Parameter: `targetResourceId` + +Resource ID of the NSG that must be enabled for Flow Logs. + +- Required: Yes +- Type: string + ### Parameter: `enabled` If the flow log should be enabled. + - Required: No - Type: bool - Default: `True` @@ -50,6 +65,7 @@ If the flow log should be enabled. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -57,6 +73,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `formatVersion` The flow log format version. + - Required: No - Type: int - Default: `2` @@ -71,6 +88,7 @@ The flow log format version. ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -78,6 +96,7 @@ Location for all resources. ### Parameter: `name` Name of the resource. + - Required: No - Type: string - Default: `[format('{0}-{1}-flowlog', last(split(parameters('targetResourceId'), '/')), split(parameters('targetResourceId'), '/')[4])]` @@ -85,6 +104,7 @@ Name of the resource. ### Parameter: `networkWatcherName` Name of the network watcher resource. Must be in the resource group where the Flow log will be created and same region as the NSG. + - Required: No - Type: string - Default: `[format('NetworkWatcher_{0}', resourceGroup().location)]` @@ -92,31 +112,22 @@ Name of the network watcher resource. Must be in the resource group where the Fl ### Parameter: `retentionInDays` Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. + - Required: No - Type: int - Default: `365` -### Parameter: `storageId` - -Resource ID of the diagnostic storage account. -- Required: Yes -- Type: string - ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object -### Parameter: `targetResourceId` - -Resource ID of the NSG that must be enabled for Flow Logs. -- Required: Yes -- Type: string - ### Parameter: `trafficAnalyticsInterval` The interval in minutes which would decide how frequently TA service should do flow analytics. + - Required: No - Type: int - Default: `60` @@ -131,6 +142,7 @@ The interval in minutes which would decide how frequently TA service should do f ### Parameter: `workspaceResourceId` Specify the Log Analytics Workspace Resource ID. + - Required: No - Type: string - Default: `''` diff --git a/modules/network/private-dns-zone/README.md b/modules/network/private-dns-zone/README.md index 714eea7f96..cb8de05f03 100644 --- a/modules/network/private-dns-zone/README.md +++ b/modules/network/private-dns-zone/README.md @@ -929,9 +929,17 @@ module privateDnsZone 'br:bicep/modules/network.private-dns-zone:1.0.0' = { | [`txt`](#parameter-txt) | array | Array of TXT records. | | [`virtualNetworkLinks`](#parameter-virtualnetworklinks) | array | Array of custom objects describing vNet links of the DNS zone. Each object should contain properties 'vnetResourceId' and 'registrationEnabled'. The 'vnetResourceId' is a resource ID of a vNet to link, 'registrationEnabled' (bool) enables automatic DNS registration in the zone for the linked vNet. | +### Parameter: `name` + +Private DNS zone name. + +- Required: Yes +- Type: string + ### Parameter: `a` Array of A records. + - Required: No - Type: array - Default: `[]` @@ -939,6 +947,7 @@ Array of A records. ### Parameter: `aaaa` Array of AAAA records. + - Required: No - Type: array - Default: `[]` @@ -946,6 +955,7 @@ Array of AAAA records. ### Parameter: `cname` Array of CNAME records. + - Required: No - Type: array - Default: `[]` @@ -953,6 +963,7 @@ Array of CNAME records. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -960,6 +971,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` The location of the PrivateDNSZone. Should be global. + - Required: No - Type: string - Default: `'global'` @@ -967,26 +979,35 @@ The location of the PrivateDNSZone. Should be global. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -994,19 +1015,15 @@ Optional. Specify the name of lock. ### Parameter: `mx` Array of MX records. + - Required: No - Type: array - Default: `[]` -### Parameter: `name` - -Private DNS zone name. -- Required: Yes -- Type: string - ### Parameter: `ptr` Array of PTR records. + - Required: No - Type: array - Default: `[]` @@ -1014,74 +1031,96 @@ Array of PTR records. ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `soa` Array of SOA records. + - Required: No - Type: array - Default: `[]` @@ -1089,6 +1128,7 @@ Array of SOA records. ### Parameter: `srv` Array of SRV records. + - Required: No - Type: array - Default: `[]` @@ -1096,12 +1136,14 @@ Array of SRV records. ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object ### Parameter: `txt` Array of TXT records. + - Required: No - Type: array - Default: `[]` @@ -1109,6 +1151,7 @@ Array of TXT records. ### Parameter: `virtualNetworkLinks` Array of custom objects describing vNet links of the DNS zone. Each object should contain properties 'vnetResourceId' and 'registrationEnabled'. The 'vnetResourceId' is a resource ID of a vNet to link, 'registrationEnabled' (bool) enables automatic DNS registration in the zone for the linked vNet. + - Required: No - Type: array - Default: `[]` diff --git a/modules/network/private-dns-zone/a/README.md b/modules/network/private-dns-zone/a/README.md index 9c8802653e..324cf8f429 100644 --- a/modules/network/private-dns-zone/a/README.md +++ b/modules/network/private-dns-zone/a/README.md @@ -40,9 +40,24 @@ This module deploys a Private DNS Zone A record. | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`ttl`](#parameter-ttl) | int | The TTL (time-to-live) of the records in the record set. | +### Parameter: `name` + +The name of the A record. + +- Required: Yes +- Type: string + +### Parameter: `privateDnsZoneName` + +The name of the parent Private DNS zone. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `aRecords` The list of A records in the record set. + - Required: No - Type: array - Default: `[]` @@ -50,6 +65,7 @@ The list of A records in the record set. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -57,93 +73,104 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `metadata` The metadata attached to the record set. + - Required: No - Type: object - Default: `{}` -### Parameter: `name` - -The name of the A record. -- Required: Yes -- Type: string - -### Parameter: `privateDnsZoneName` - -The name of the parent Private DNS zone. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `ttl` The TTL (time-to-live) of the records in the record set. + - Required: No - Type: int - Default: `3600` diff --git a/modules/network/private-dns-zone/aaaa/README.md b/modules/network/private-dns-zone/aaaa/README.md index d825a7c1c4..a7aabb30c0 100644 --- a/modules/network/private-dns-zone/aaaa/README.md +++ b/modules/network/private-dns-zone/aaaa/README.md @@ -40,9 +40,24 @@ This module deploys a Private DNS Zone AAAA record. | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`ttl`](#parameter-ttl) | int | The TTL (time-to-live) of the records in the record set. | +### Parameter: `name` + +The name of the AAAA record. + +- Required: Yes +- Type: string + +### Parameter: `privateDnsZoneName` + +The name of the parent Private DNS zone. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `aaaaRecords` The list of AAAA records in the record set. + - Required: No - Type: array - Default: `[]` @@ -50,6 +65,7 @@ The list of AAAA records in the record set. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -57,93 +73,104 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `metadata` The metadata attached to the record set. + - Required: No - Type: object - Default: `{}` -### Parameter: `name` - -The name of the AAAA record. -- Required: Yes -- Type: string - -### Parameter: `privateDnsZoneName` - -The name of the parent Private DNS zone. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `ttl` The TTL (time-to-live) of the records in the record set. + - Required: No - Type: int - Default: `3600` diff --git a/modules/network/private-dns-zone/cname/README.md b/modules/network/private-dns-zone/cname/README.md index 0a2e3b151b..14ac042831 100644 --- a/modules/network/private-dns-zone/cname/README.md +++ b/modules/network/private-dns-zone/cname/README.md @@ -40,9 +40,24 @@ This module deploys a Private DNS Zone CNAME record. | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`ttl`](#parameter-ttl) | int | The TTL (time-to-live) of the records in the record set. | +### Parameter: `name` + +The name of the CNAME record. + +- Required: Yes +- Type: string + +### Parameter: `privateDnsZoneName` + +The name of the parent Private DNS zone. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `cnameRecord` A CNAME record. + - Required: No - Type: object - Default: `{}` @@ -50,6 +65,7 @@ A CNAME record. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -57,93 +73,104 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `metadata` The metadata attached to the record set. + - Required: No - Type: object - Default: `{}` -### Parameter: `name` - -The name of the CNAME record. -- Required: Yes -- Type: string - -### Parameter: `privateDnsZoneName` - -The name of the parent Private DNS zone. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `ttl` The TTL (time-to-live) of the records in the record set. + - Required: No - Type: int - Default: `3600` diff --git a/modules/network/private-dns-zone/mx/README.md b/modules/network/private-dns-zone/mx/README.md index f8ec7f7dfa..666ea216fa 100644 --- a/modules/network/private-dns-zone/mx/README.md +++ b/modules/network/private-dns-zone/mx/README.md @@ -40,9 +40,24 @@ This module deploys a Private DNS Zone MX record. | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`ttl`](#parameter-ttl) | int | The TTL (time-to-live) of the records in the record set. | +### Parameter: `name` + +The name of the MX record. + +- Required: Yes +- Type: string + +### Parameter: `privateDnsZoneName` + +The name of the parent Private DNS zone. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -50,6 +65,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `metadata` The metadata attached to the record set. + - Required: No - Type: object - Default: `{}` @@ -57,93 +73,104 @@ The metadata attached to the record set. ### Parameter: `mxRecords` The list of MX records in the record set. + - Required: No - Type: array - Default: `[]` -### Parameter: `name` - -The name of the MX record. -- Required: Yes -- Type: string - -### Parameter: `privateDnsZoneName` - -The name of the parent Private DNS zone. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `ttl` The TTL (time-to-live) of the records in the record set. + - Required: No - Type: int - Default: `3600` diff --git a/modules/network/private-dns-zone/ptr/README.md b/modules/network/private-dns-zone/ptr/README.md index 58f270d3c3..20aa566d5e 100644 --- a/modules/network/private-dns-zone/ptr/README.md +++ b/modules/network/private-dns-zone/ptr/README.md @@ -40,9 +40,24 @@ This module deploys a Private DNS Zone PTR record. | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`ttl`](#parameter-ttl) | int | The TTL (time-to-live) of the records in the record set. | +### Parameter: `name` + +The name of the PTR record. + +- Required: Yes +- Type: string + +### Parameter: `privateDnsZoneName` + +The name of the parent Private DNS zone. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -50,25 +65,15 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `metadata` The metadata attached to the record set. + - Required: No - Type: object - Default: `{}` -### Parameter: `name` - -The name of the PTR record. -- Required: Yes -- Type: string - -### Parameter: `privateDnsZoneName` - -The name of the parent Private DNS zone. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `ptrRecords` The list of PTR records in the record set. + - Required: No - Type: array - Default: `[]` @@ -76,74 +81,96 @@ The list of PTR records in the record set. ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `ttl` The TTL (time-to-live) of the records in the record set. + - Required: No - Type: int - Default: `3600` diff --git a/modules/network/private-dns-zone/soa/README.md b/modules/network/private-dns-zone/soa/README.md index 827a5007c3..37fd471fdf 100644 --- a/modules/network/private-dns-zone/soa/README.md +++ b/modules/network/private-dns-zone/soa/README.md @@ -40,9 +40,24 @@ This module deploys a Private DNS Zone SOA record. | [`soaRecord`](#parameter-soarecord) | object | A SOA record. | | [`ttl`](#parameter-ttl) | int | The TTL (time-to-live) of the records in the record set. | +### Parameter: `name` + +The name of the SOA record. + +- Required: Yes +- Type: string + +### Parameter: `privateDnsZoneName` + +The name of the parent Private DNS zone. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -50,93 +65,104 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `metadata` The metadata attached to the record set. + - Required: No - Type: object - Default: `{}` -### Parameter: `name` - -The name of the SOA record. -- Required: Yes -- Type: string - -### Parameter: `privateDnsZoneName` - -The name of the parent Private DNS zone. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | -### Parameter: `roleAssignments.condition` +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +### Parameter: `roleAssignments.principalId` -- Required: No +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `soaRecord` A SOA record. + - Required: No - Type: object - Default: `{}` @@ -144,6 +170,7 @@ A SOA record. ### Parameter: `ttl` The TTL (time-to-live) of the records in the record set. + - Required: No - Type: int - Default: `3600` diff --git a/modules/network/private-dns-zone/srv/README.md b/modules/network/private-dns-zone/srv/README.md index 650c311142..da0f621c88 100644 --- a/modules/network/private-dns-zone/srv/README.md +++ b/modules/network/private-dns-zone/srv/README.md @@ -40,9 +40,24 @@ This module deploys a Private DNS Zone SRV record. | [`srvRecords`](#parameter-srvrecords) | array | The list of SRV records in the record set. | | [`ttl`](#parameter-ttl) | int | The TTL (time-to-live) of the records in the record set. | +### Parameter: `name` + +The name of the SRV record. + +- Required: Yes +- Type: string + +### Parameter: `privateDnsZoneName` + +The name of the parent Private DNS zone. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -50,93 +65,104 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `metadata` The metadata attached to the record set. + - Required: No - Type: object - Default: `{}` -### Parameter: `name` - -The name of the SRV record. -- Required: Yes -- Type: string - -### Parameter: `privateDnsZoneName` - -The name of the parent Private DNS zone. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | -### Parameter: `roleAssignments.condition` +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +### Parameter: `roleAssignments.principalId` -- Required: No +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `srvRecords` The list of SRV records in the record set. + - Required: No - Type: array - Default: `[]` @@ -144,6 +170,7 @@ The list of SRV records in the record set. ### Parameter: `ttl` The TTL (time-to-live) of the records in the record set. + - Required: No - Type: int - Default: `3600` diff --git a/modules/network/private-dns-zone/txt/README.md b/modules/network/private-dns-zone/txt/README.md index 600c4871f0..36e82bc657 100644 --- a/modules/network/private-dns-zone/txt/README.md +++ b/modules/network/private-dns-zone/txt/README.md @@ -40,9 +40,24 @@ This module deploys a Private DNS Zone TXT record. | [`ttl`](#parameter-ttl) | int | The TTL (time-to-live) of the records in the record set. | | [`txtRecords`](#parameter-txtrecords) | array | The list of TXT records in the record set. | +### Parameter: `name` + +The name of the TXT record. + +- Required: Yes +- Type: string + +### Parameter: `privateDnsZoneName` + +The name of the parent Private DNS zone. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -50,93 +65,104 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `metadata` The metadata attached to the record set. + - Required: No - Type: object - Default: `{}` -### Parameter: `name` - -The name of the TXT record. -- Required: Yes -- Type: string - -### Parameter: `privateDnsZoneName` - -The name of the parent Private DNS zone. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | -### Parameter: `roleAssignments.condition` +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +### Parameter: `roleAssignments.principalId` -- Required: No +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `ttl` The TTL (time-to-live) of the records in the record set. + - Required: No - Type: int - Default: `3600` @@ -144,6 +170,7 @@ The TTL (time-to-live) of the records in the record set. ### Parameter: `txtRecords` The list of TXT records in the record set. + - Required: No - Type: array - Default: `[]` diff --git a/modules/network/private-dns-zone/virtual-network-link/README.md b/modules/network/private-dns-zone/virtual-network-link/README.md index b83d22b41d..8cb4a9d04d 100644 --- a/modules/network/private-dns-zone/virtual-network-link/README.md +++ b/modules/network/private-dns-zone/virtual-network-link/README.md @@ -39,9 +39,24 @@ This module deploys a Private DNS Zone Virtual Network Link. | [`registrationEnabled`](#parameter-registrationenabled) | bool | Is auto-registration of virtual machine records in the virtual network in the Private DNS zone enabled?. | | [`tags`](#parameter-tags) | object | Tags of the resource. | +### Parameter: `virtualNetworkResourceId` + +Link to another virtual network resource ID. + +- Required: Yes +- Type: string + +### Parameter: `privateDnsZoneName` + +The name of the parent Private DNS zone. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -49,6 +64,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` The location of the PrivateDNSZone. Should be global. + - Required: No - Type: string - Default: `'global'` @@ -56,19 +72,15 @@ The location of the PrivateDNSZone. Should be global. ### Parameter: `name` The name of the virtual network link. + - Required: No - Type: string - Default: `[format('{0}-vnetlink', last(split(parameters('virtualNetworkResourceId'), '/')))]` -### Parameter: `privateDnsZoneName` - -The name of the parent Private DNS zone. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `registrationEnabled` Is auto-registration of virtual machine records in the virtual network in the Private DNS zone enabled?. + - Required: No - Type: bool - Default: `False` @@ -76,15 +88,10 @@ Is auto-registration of virtual machine records in the virtual network in the Pr ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object -### Parameter: `virtualNetworkResourceId` - -Link to another virtual network resource ID. -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/network/private-endpoint/README.md b/modules/network/private-endpoint/README.md index 866ff9fecc..1ca7067d72 100644 --- a/modules/network/private-endpoint/README.md +++ b/modules/network/private-endpoint/README.md @@ -450,34 +450,65 @@ module privateEndpoint 'br:bicep/modules/network.private-endpoint:1.0.0' = { | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | | [`tags`](#parameter-tags) | object | Tags to be applied on all resources/resource groups in this deployment. | +### Parameter: `groupIds` + +Subtype(s) of the connection to be created. The allowed values depend on the type serviceResourceId refers to. + +- Required: Yes +- Type: array + +### Parameter: `name` + +Name of the private endpoint resource to create. + +- Required: Yes +- Type: string + +### Parameter: `serviceResourceId` + +Resource ID of the resource that needs to be connected to the network. + +- Required: Yes +- Type: string + +### Parameter: `subnetResourceId` + +Resource ID of the subnet where the endpoint needs to be created. + +- Required: Yes +- Type: string + ### Parameter: `applicationSecurityGroupResourceIds` Application security groups in which the private endpoint IP configuration is included. + - Required: No - Type: array ### Parameter: `customDnsConfigs` Custom DNS configurations. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`fqdn`](#parameter-customdnsconfigsfqdn) | Yes | string | Required. Fqdn that resolves to private endpoint ip address. | -| [`ipAddresses`](#parameter-customdnsconfigsipaddresses) | Yes | array | Required. A list of private ip addresses of the private endpoint. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`fqdn`](#parameter-customdnsconfigsfqdn) | string | Fqdn that resolves to private endpoint ip address. | +| [`ipAddresses`](#parameter-customdnsconfigsipaddresses) | array | A list of private ip addresses of the private endpoint. | ### Parameter: `customDnsConfigs.fqdn` -Required. Fqdn that resolves to private endpoint ip address. +Fqdn that resolves to private endpoint ip address. - Required: Yes - Type: string ### Parameter: `customDnsConfigs.ipAddresses` -Required. A list of private ip addresses of the private endpoint. +A list of private ip addresses of the private endpoint. - Required: Yes - Type: array @@ -485,79 +516,50 @@ Required. A list of private ip addresses of the private endpoint. ### Parameter: `customNetworkInterfaceName` The custom name of the network interface attached to the private endpoint. + - Required: No - Type: string ### Parameter: `enableDefaultTelemetry` Enable/Disable usage telemetry for module. + - Required: No - Type: bool - Default: `True` -### Parameter: `groupIds` - -Subtype(s) of the connection to be created. The allowed values depend on the type serviceResourceId refers to. -- Required: Yes -- Type: array - ### Parameter: `ipConfigurations` A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`name`](#parameter-ipconfigurationsname) | Yes | string | Required. The name of the resource that is unique within a resource group. | -| [`properties`](#parameter-ipconfigurationsproperties) | Yes | object | Required. Properties of private endpoint IP configurations. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`name`](#parameter-ipconfigurationsname) | string | The name of the resource that is unique within a resource group. | +| [`properties`](#parameter-ipconfigurationsproperties) | object | Properties of private endpoint IP configurations. | ### Parameter: `ipConfigurations.name` -Required. The name of the resource that is unique within a resource group. +The name of the resource that is unique within a resource group. - Required: Yes - Type: string ### Parameter: `ipConfigurations.properties` -Required. Properties of private endpoint IP configurations. +Properties of private endpoint IP configurations. - Required: Yes - Type: object -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`groupId`](#parameter-ipconfigurationspropertiesgroupid) | Yes | string | Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. | -| [`memberName`](#parameter-ipconfigurationspropertiesmembername) | Yes | string | Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. | -| [`privateIPAddress`](#parameter-ipconfigurationspropertiesprivateipaddress) | Yes | string | Required. A private ip address obtained from the private endpoint's subnet. | - -### Parameter: `ipConfigurations.properties.groupId` - -Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. - -- Required: Yes -- Type: string - -### Parameter: `ipConfigurations.properties.memberName` - -Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. - -- Required: Yes -- Type: string - -### Parameter: `ipConfigurations.properties.privateIPAddress` - -Required. A private ip address obtained from the private endpoint's subnet. - -- Required: Yes -- Type: string - - ### Parameter: `location` Location for all Resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -565,26 +567,35 @@ Location for all Resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -592,110 +603,117 @@ Optional. Specify the name of lock. ### Parameter: `manualPrivateLinkServiceConnections` Manual PrivateLink Service Connections. + - Required: No - Type: array -### Parameter: `name` - -Name of the private endpoint resource to create. -- Required: Yes -- Type: string - ### Parameter: `privateDnsZoneGroupName` The name of the private DNS zone group to create if `privateDnsZoneResourceIds` were provided. + - Required: No - Type: string ### Parameter: `privateDnsZoneResourceIds` The private DNS zone groups to associate the private endpoint. A DNS zone group can support up to 5 DNS zones. + - Required: No - Type: array ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | - -### Parameter: `roleAssignments.condition` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +**Optional parameters** -- Required: No -- Type: string +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.principalId` -Optional. Version of the condition. +The principal ID of the principal (user/group/identity) to assign the role to. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. The Resource Id of the delegated managed identity resource. +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. -- Required: No +- Required: Yes - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.condition` -Optional. The description of the role assignment. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.conditionVersion` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +Version of the condition. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Optional. The principal type of the assigned principal ID. +The Resource Id of the delegated managed identity resource. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.description` -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. +The description of the role assignment. -- Required: Yes +- Required: No - Type: string -### Parameter: `serviceResourceId` - -Resource ID of the resource that needs to be connected to the network. -- Required: Yes -- Type: string +### Parameter: `roleAssignments.principalType` -### Parameter: `subnetResourceId` +The principal type of the assigned principal ID. -Resource ID of the subnet where the endpoint needs to be created. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `tags` Tags to be applied on all resources/resource groups in this deployment. + - Required: No - Type: object diff --git a/modules/network/private-endpoint/private-dns-zone-group/README.md b/modules/network/private-endpoint/private-dns-zone-group/README.md index d6c0e0b294..bdcb972739 100644 --- a/modules/network/private-endpoint/private-dns-zone-group/README.md +++ b/modules/network/private-endpoint/private-dns-zone-group/README.md @@ -36,9 +36,24 @@ This module deploys a Private Endpoint Private DNS Zone Group. | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable/Disable usage telemetry for module. | | [`name`](#parameter-name) | string | The name of the private DNS zone group. | +### Parameter: `privateDNSResourceIds` + +Array of private DNS zone resource IDs. A DNS zone group can support up to 5 DNS zones. + +- Required: Yes +- Type: array + +### Parameter: `privateEndpointName` + +The name of the parent private endpoint. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `enableDefaultTelemetry` Enable/Disable usage telemetry for module. + - Required: No - Type: bool - Default: `True` @@ -46,22 +61,11 @@ Enable/Disable usage telemetry for module. ### Parameter: `name` The name of the private DNS zone group. + - Required: No - Type: string - Default: `'default'` -### Parameter: `privateDNSResourceIds` - -Array of private DNS zone resource IDs. A DNS zone group can support up to 5 DNS zones. -- Required: Yes -- Type: array - -### Parameter: `privateEndpointName` - -The name of the parent private endpoint. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/network/private-link-service/README.md b/modules/network/private-link-service/README.md index 5d295b3fc2..3015544cdf 100644 --- a/modules/network/private-link-service/README.md +++ b/modules/network/private-link-service/README.md @@ -463,9 +463,17 @@ module privateLinkService 'br:bicep/modules/network.private-link-service:1.0.0' | [`tags`](#parameter-tags) | object | Tags to be applied on all resources/resource groups in this deployment. | | [`visibility`](#parameter-visibility) | object | Controls the exposure settings for your Private Link service. Service providers can choose to limit the exposure to their service to subscriptions with Azure role-based access control (Azure RBAC) permissions, a restricted set of subscriptions, or all Azure subscriptions. | +### Parameter: `name` + +Name of the private link service to create. + +- Required: Yes +- Type: string + ### Parameter: `autoApproval` The auto-approval list of the private link service. + - Required: No - Type: object - Default: `{}` @@ -473,6 +481,7 @@ The auto-approval list of the private link service. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -480,6 +489,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `enableProxyProtocol` Lets the service provider use tcp proxy v2 to retrieve connection information about the service consumer. Service Provider is responsible for setting up receiver configs to be able to parse the proxy protocol v2 header. + - Required: No - Type: bool - Default: `False` @@ -487,6 +497,7 @@ Lets the service provider use tcp proxy v2 to retrieve connection information ab ### Parameter: `extendedLocation` The extended location of the load balancer. + - Required: No - Type: object - Default: `{}` @@ -494,6 +505,7 @@ The extended location of the load balancer. ### Parameter: `fqdns` The list of Fqdn. + - Required: No - Type: array - Default: `[]` @@ -501,6 +513,7 @@ The list of Fqdn. ### Parameter: `ipConfigurations` An array of private link service IP configurations. + - Required: No - Type: array - Default: `[]` @@ -508,6 +521,7 @@ An array of private link service IP configurations. ### Parameter: `loadBalancerFrontendIpConfigurations` An array of references to the load balancer IP configurations. The Private Link service is tied to the frontend IP address of a Standard Load Balancer. All traffic destined for the service will reach the frontend of the SLB. You can configure SLB rules to direct this traffic to appropriate backend pools where your applications are running. Load balancer frontend IP configurations are different than NAT IP configurations. + - Required: No - Type: array - Default: `[]` @@ -515,6 +529,7 @@ An array of references to the load balancer IP configurations. The Private Link ### Parameter: `location` Location for all Resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -522,113 +537,139 @@ Location for all Resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string -### Parameter: `name` - -Name of the private link service to create. -- Required: Yes -- Type: string - ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `tags` Tags to be applied on all resources/resource groups in this deployment. + - Required: No - Type: object ### Parameter: `visibility` Controls the exposure settings for your Private Link service. Service providers can choose to limit the exposure to their service to subscriptions with Azure role-based access control (Azure RBAC) permissions, a restricted set of subscriptions, or all Azure subscriptions. + - Required: No - Type: object - Default: `{}` diff --git a/modules/network/public-ip-address/README.md b/modules/network/public-ip-address/README.md index cfe71b8195..758b33d6c9 100644 --- a/modules/network/public-ip-address/README.md +++ b/modules/network/public-ip-address/README.md @@ -383,117 +383,100 @@ module publicIpAddress 'br:bicep/modules/network.public-ip-address:1.0.0' = { | [`tags`](#parameter-tags) | object | Tags of the resource. | | [`zones`](#parameter-zones) | array | A list of availability zones denoting the IP allocated for the resource needs to come from. | +### Parameter: `name` + +The name of the Public IP Address. + +- Required: Yes +- Type: string + ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.metricCategories` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | - -### Parameter: `diagnosticSettings.metricCategories.category` - -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. - -- Required: Yes -- Type: string - - ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -501,6 +484,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `domainNameLabel` The domain name label. The concatenation of the domain name label and the regionalized DNS zone make up the fully qualified domain name associated with the public IP address. If a domain name label is specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system. + - Required: No - Type: string - Default: `''` @@ -508,6 +492,7 @@ The domain name label. The concatenation of the domain name label and the region ### Parameter: `domainNameLabelScope` The domain name label scope. If a domain name label and a domain name label scope are specified, an A DNS record is created for the public IP in the Microsoft Azure DNS system with a hashed value includes in FQDN. + - Required: No - Type: string - Default: `''` @@ -525,6 +510,7 @@ The domain name label scope. If a domain name label and a domain name label scop ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -532,6 +518,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `fqdn` The Fully Qualified Domain Name of the A DNS record associated with the public IP. This is the concatenation of the domainNameLabel and the regionalized DNS zone. + - Required: No - Type: string - Default: `''` @@ -539,6 +526,7 @@ The Fully Qualified Domain Name of the A DNS record associated with the public I ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -546,39 +534,43 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string -### Parameter: `name` - -The name of the Public IP Address. -- Required: Yes -- Type: string - ### Parameter: `publicIPAddressVersion` IP address version. + - Required: No - Type: string - Default: `'IPv4'` @@ -593,6 +585,7 @@ IP address version. ### Parameter: `publicIPAllocationMethod` The public IP address allocation method. + - Required: No - Type: string - Default: `'Static'` @@ -607,6 +600,7 @@ The public IP address allocation method. ### Parameter: `publicIPPrefixResourceId` Resource ID of the Public IP Prefix object. This is only needed if you want your Public IPs created in a PIP Prefix. + - Required: No - Type: string - Default: `''` @@ -614,6 +608,7 @@ Resource ID of the Public IP Prefix object. This is only needed if you want your ### Parameter: `reverseFqdn` The reverse FQDN. A user-visible, fully qualified domain name that resolves to this public IP address. If the reverseFqdn is specified, then a PTR DNS record is created pointing from the IP address in the in-addr.arpa domain to the reverse FQDN. + - Required: No - Type: string - Default: `''` @@ -621,74 +616,96 @@ The reverse FQDN. A user-visible, fully qualified domain name that resolves to t ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `skuName` Name of a public IP address SKU. + - Required: No - Type: string - Default: `'Standard'` @@ -703,6 +720,7 @@ Name of a public IP address SKU. ### Parameter: `skuTier` Tier of a public IP address SKU. + - Required: No - Type: string - Default: `'Regional'` @@ -717,12 +735,14 @@ Tier of a public IP address SKU. ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object ### Parameter: `zones` A list of availability zones denoting the IP allocated for the resource needs to come from. + - Required: No - Type: array - Default: `[]` diff --git a/modules/network/public-ip-prefix/README.md b/modules/network/public-ip-prefix/README.md index 8f34b55130..6d50284c85 100644 --- a/modules/network/public-ip-prefix/README.md +++ b/modules/network/public-ip-prefix/README.md @@ -287,9 +287,24 @@ module publicIpPrefix 'br:bicep/modules/network.public-ip-prefix:1.0.0' = { | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignments to create. | | [`tags`](#parameter-tags) | object | Tags of the resource. | +### Parameter: `name` + +Name of the Public IP Prefix. + +- Required: Yes +- Type: string + +### Parameter: `prefixLength` + +Length of the Public IP Prefix. + +- Required: Yes +- Type: int + ### Parameter: `customIPPrefix` The customIpPrefix that this prefix is associated with. A custom IP address prefix is a contiguous range of IP addresses owned by an external customer and provisioned into a subscription. When a custom IP prefix is in Provisioned, Commissioning, or Commissioned state, a linked public IP prefix can be created. Either as a subset of the custom IP prefix range or the entire range. + - Required: No - Type: object - Default: `{}` @@ -297,6 +312,7 @@ The customIpPrefix that this prefix is associated with. A custom IP address pref ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -304,6 +320,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -311,113 +328,132 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string -### Parameter: `name` - -Name of the Public IP Prefix. -- Required: Yes -- Type: string - -### Parameter: `prefixLength` - -Length of the Public IP Prefix. -- Required: Yes -- Type: int - ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +**Optional parameters** -### Parameter: `roleAssignments.condition` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | + +### Parameter: `roleAssignments.principalId` -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +The principal ID of the principal (user/group/identity) to assign the role to. -- Required: No +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object diff --git a/modules/network/route-table/README.md b/modules/network/route-table/README.md index f5c8ab94de..4602a539dd 100644 --- a/modules/network/route-table/README.md +++ b/modules/network/route-table/README.md @@ -315,9 +315,17 @@ module routeTable 'br:bicep/modules/network.route-table:1.0.0' = { | [`routes`](#parameter-routes) | array | An Array of Routes to be established within the hub route table. | | [`tags`](#parameter-tags) | object | Tags of the resource. | +### Parameter: `name` + +Name given for the hub route table. + +- Required: Yes +- Type: string + ### Parameter: `disableBgpRoutePropagation` Switch to disable BGP route propagation. + - Required: No - Type: bool - Default: `False` @@ -325,6 +333,7 @@ Switch to disable BGP route propagation. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -332,6 +341,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -339,107 +349,132 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string -### Parameter: `name` - -Name given for the hub route table. -- Required: Yes -- Type: string - ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `routes` An Array of Routes to be established within the hub route table. + - Required: No - Type: array - Default: `[]` @@ -447,6 +482,7 @@ An Array of Routes to be established within the hub route table. ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object diff --git a/modules/network/service-endpoint-policy/README.md b/modules/network/service-endpoint-policy/README.md index b8a16af871..e3f68a8e08 100644 --- a/modules/network/service-endpoint-policy/README.md +++ b/modules/network/service-endpoint-policy/README.md @@ -332,9 +332,17 @@ module serviceEndpointPolicy 'br:bicep/modules/network.service-endpoint-policy:1 | [`serviceEndpointPolicyDefinitions`](#parameter-serviceendpointpolicydefinitions) | array | An Array of service endpoint policy definitions. | | [`tags`](#parameter-tags) | object | Tags of the resource. | +### Parameter: `name` + +The Service Endpoint Policy name. + +- Required: Yes +- Type: string + ### Parameter: `contextualServiceEndpointPolicies` An Array of contextual service endpoint policy. + - Required: No - Type: array - Default: `[]` @@ -342,6 +350,7 @@ An Array of contextual service endpoint policy. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -349,6 +358,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -356,107 +366,132 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string -### Parameter: `name` - -The Service Endpoint Policy name. -- Required: Yes -- Type: string - ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +**Optional parameters** -### Parameter: `roleAssignments.condition` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +### Parameter: `roleAssignments.principalId` -- Required: No +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `serviceAlias` The alias indicating if the policy belongs to a service. + - Required: No - Type: string - Default: `''` @@ -464,6 +499,7 @@ The alias indicating if the policy belongs to a service. ### Parameter: `serviceEndpointPolicyDefinitions` An Array of service endpoint policy definitions. + - Required: No - Type: array - Default: `[]` @@ -471,6 +507,7 @@ An Array of service endpoint policy definitions. ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object diff --git a/modules/network/trafficmanagerprofile/README.md b/modules/network/trafficmanagerprofile/README.md index c7d12328ee..b76f98eb95 100644 --- a/modules/network/trafficmanagerprofile/README.md +++ b/modules/network/trafficmanagerprofile/README.md @@ -355,117 +355,107 @@ module trafficmanagerprofile 'br:bicep/modules/network.trafficmanagerprofile:1.0 | [`trafficViewEnrollmentStatus`](#parameter-trafficviewenrollmentstatus) | string | Indicates whether Traffic View is 'Enabled' or 'Disabled' for the Traffic Manager profile. Null, indicates 'Disabled'. Enabling this feature will increase the cost of the Traffic Manage profile. | | [`ttl`](#parameter-ttl) | int | The DNS Time-To-Live (TTL), in seconds. This informs the local DNS resolvers and DNS clients how long to cache DNS responses provided by this Traffic Manager profile. | +### Parameter: `name` + +Name of the Traffic Manager. + +- Required: Yes +- Type: string + +### Parameter: `relativeName` + +The relative DNS name provided by this Traffic Manager profile. This value is combined with the DNS domain name used by Azure Traffic Manager to form the fully-qualified domain name (FQDN) of the profile. + +- Required: Yes +- Type: string + ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.metricCategories` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | - -### Parameter: `diagnosticSettings.metricCategories.category` - -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. - -- Required: Yes -- Type: string - - ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -473,6 +463,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -480,6 +471,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `endpoints` The list of endpoints in the Traffic Manager profile. + - Required: No - Type: array - Default: `[]` @@ -487,26 +479,35 @@ The list of endpoints in the Traffic Manager profile. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -514,6 +515,7 @@ Optional. Specify the name of lock. ### Parameter: `maxReturn` Maximum number of endpoints to be returned for MultiValue routing type. + - Required: No - Type: int - Default: `1` @@ -521,6 +523,7 @@ Maximum number of endpoints to be returned for MultiValue routing type. ### Parameter: `monitorConfig` The endpoint monitoring settings of the Traffic Manager profile. + - Required: No - Type: object - Default: @@ -532,15 +535,10 @@ The endpoint monitoring settings of the Traffic Manager profile. } ``` -### Parameter: `name` - -Name of the Traffic Manager. -- Required: Yes -- Type: string - ### Parameter: `profileStatus` The status of the Traffic Manager profile. + - Required: No - Type: string - Default: `'Enabled'` @@ -552,89 +550,106 @@ The status of the Traffic Manager profile. ] ``` -### Parameter: `relativeName` - -The relative DNS name provided by this Traffic Manager profile. This value is combined with the DNS domain name used by Azure Traffic Manager to form the fully-qualified domain name (FQDN) of the profile. -- Required: Yes -- Type: string - ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +**Optional parameters** -### Parameter: `roleAssignments.condition` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | + +### Parameter: `roleAssignments.principalId` -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +The principal ID of the principal (user/group/identity) to assign the role to. -- Required: No +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `tags` Resource tags. + - Required: No - Type: object ### Parameter: `trafficRoutingMethod` The traffic routing method of the Traffic Manager profile. + - Required: No - Type: string - Default: `'Performance'` @@ -653,6 +668,7 @@ The traffic routing method of the Traffic Manager profile. ### Parameter: `trafficViewEnrollmentStatus` Indicates whether Traffic View is 'Enabled' or 'Disabled' for the Traffic Manager profile. Null, indicates 'Disabled'. Enabling this feature will increase the cost of the Traffic Manage profile. + - Required: No - Type: string - Default: `'Disabled'` @@ -667,6 +683,7 @@ Indicates whether Traffic View is 'Enabled' or 'Disabled' for the Traffic Manage ### Parameter: `ttl` The DNS Time-To-Live (TTL), in seconds. This informs the local DNS resolvers and DNS clients how long to cache DNS responses provided by this Traffic Manager profile. + - Required: No - Type: int - Default: `60` diff --git a/modules/network/virtual-hub/README.md b/modules/network/virtual-hub/README.md index c4c25d0839..a4c9622826 100644 --- a/modules/network/virtual-hub/README.md +++ b/modules/network/virtual-hub/README.md @@ -393,12 +393,28 @@ module virtualHub 'br:bicep/modules/network.virtual-hub:1.0.0' = { ### Parameter: `addressPrefix` Address-prefix for this VirtualHub. + +- Required: Yes +- Type: string + +### Parameter: `name` + +The virtual hub name. + +- Required: Yes +- Type: string + +### Parameter: `virtualWanId` + +Resource ID of the virtual WAN to link to. + - Required: Yes - Type: string ### Parameter: `allowBranchToBranchTraffic` Flag to control transit for VirtualRouter hub. + - Required: No - Type: bool - Default: `True` @@ -406,6 +422,7 @@ Flag to control transit for VirtualRouter hub. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -413,6 +430,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `expressRouteGatewayId` Resource ID of the Express Route Gateway to link to. + - Required: No - Type: string - Default: `''` @@ -420,6 +438,7 @@ Resource ID of the Express Route Gateway to link to. ### Parameter: `hubRouteTables` Route tables to create for the virtual hub. + - Required: No - Type: array - Default: `[]` @@ -427,6 +446,7 @@ Route tables to create for the virtual hub. ### Parameter: `hubVirtualNetworkConnections` Virtual network connections to create for the virtual hub. + - Required: No - Type: array - Default: `[]` @@ -434,6 +454,7 @@ Virtual network connections to create for the virtual hub. ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -441,39 +462,43 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string -### Parameter: `name` - -The virtual hub name. -- Required: Yes -- Type: string - ### Parameter: `p2SVpnGatewayId` Resource ID of the Point-to-Site VPN Gateway to link to. + - Required: No - Type: string - Default: `''` @@ -481,6 +506,7 @@ Resource ID of the Point-to-Site VPN Gateway to link to. ### Parameter: `preferredRoutingGateway` The preferred routing gateway types. + - Required: No - Type: string - Default: `''` @@ -497,6 +523,7 @@ The preferred routing gateway types. ### Parameter: `routeTableRoutes` VirtualHub route tables. + - Required: No - Type: array - Default: `[]` @@ -504,6 +531,7 @@ VirtualHub route tables. ### Parameter: `securityPartnerProviderId` ID of the Security Partner Provider to link to. + - Required: No - Type: string - Default: `''` @@ -511,6 +539,7 @@ ID of the Security Partner Provider to link to. ### Parameter: `securityProviderName` The Security Provider name. + - Required: No - Type: string - Default: `''` @@ -518,6 +547,7 @@ The Security Provider name. ### Parameter: `sku` The sku of this VirtualHub. + - Required: No - Type: string - Default: `'Standard'` @@ -532,12 +562,14 @@ The sku of this VirtualHub. ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object ### Parameter: `virtualHubRouteTableV2s` List of all virtual hub route table v2s associated with this VirtualHub. + - Required: No - Type: array - Default: `[]` @@ -545,6 +577,7 @@ List of all virtual hub route table v2s associated with this VirtualHub. ### Parameter: `virtualRouterAsn` VirtualRouter ASN. + - Required: No - Type: int - Default: `-1` @@ -552,19 +585,15 @@ VirtualRouter ASN. ### Parameter: `virtualRouterIps` VirtualRouter IPs. + - Required: No - Type: array - Default: `[]` -### Parameter: `virtualWanId` - -Resource ID of the virtual WAN to link to. -- Required: Yes -- Type: string - ### Parameter: `vpnGatewayId` Resource ID of the VPN Gateway to link to. + - Required: No - Type: string - Default: `''` diff --git a/modules/network/virtual-hub/hub-route-table/README.md b/modules/network/virtual-hub/hub-route-table/README.md index 37e065b3e2..d60664ecb0 100644 --- a/modules/network/virtual-hub/hub-route-table/README.md +++ b/modules/network/virtual-hub/hub-route-table/README.md @@ -37,9 +37,24 @@ This module deploys a Virtual Hub Route Table. | [`labels`](#parameter-labels) | array | List of labels associated with this route table. | | [`routes`](#parameter-routes) | array | List of all routes. | +### Parameter: `name` + +The route table name. + +- Required: Yes +- Type: string + +### Parameter: `virtualHubName` + +The name of the parent virtual hub. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -47,29 +62,19 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `labels` List of labels associated with this route table. + - Required: No - Type: array - Default: `[]` -### Parameter: `name` - -The route table name. -- Required: Yes -- Type: string - ### Parameter: `routes` List of all routes. + - Required: No - Type: array - Default: `[]` -### Parameter: `virtualHubName` - -The name of the parent virtual hub. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/network/virtual-hub/hub-virtual-network-connection/README.md b/modules/network/virtual-hub/hub-virtual-network-connection/README.md index f591dc99f6..87b479fa96 100644 --- a/modules/network/virtual-hub/hub-virtual-network-connection/README.md +++ b/modules/network/virtual-hub/hub-virtual-network-connection/README.md @@ -38,9 +38,31 @@ This module deploys a Virtual Hub Virtual Network Connection. | [`enableInternetSecurity`](#parameter-enableinternetsecurity) | bool | Enable internet security. | | [`routingConfiguration`](#parameter-routingconfiguration) | object | Routing Configuration indicating the associated and propagated route tables for this connection. | +### Parameter: `name` + +The connection name. + +- Required: Yes +- Type: string + +### Parameter: `remoteVirtualNetworkId` + +Resource ID of the virtual network to link to. + +- Required: Yes +- Type: string + +### Parameter: `virtualHubName` + +The name of the parent virtual hub. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -48,35 +70,19 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `enableInternetSecurity` Enable internet security. + - Required: No - Type: bool - Default: `True` -### Parameter: `name` - -The connection name. -- Required: Yes -- Type: string - -### Parameter: `remoteVirtualNetworkId` - -Resource ID of the virtual network to link to. -- Required: Yes -- Type: string - ### Parameter: `routingConfiguration` Routing Configuration indicating the associated and propagated route tables for this connection. + - Required: No - Type: object - Default: `{}` -### Parameter: `virtualHubName` - -The name of the parent virtual hub. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/network/virtual-network-gateway/README.md b/modules/network/virtual-network-gateway/README.md index 7a0a2b9daa..a4ff558ef0 100644 --- a/modules/network/virtual-network-gateway/README.md +++ b/modules/network/virtual-network-gateway/README.md @@ -670,9 +670,67 @@ module virtualNetworkGateway 'br:bicep/modules/network.virtual-network-gateway:1 | [`vpnGatewayGeneration`](#parameter-vpngatewaygeneration) | string | The generation for this VirtualNetworkGateway. Must be None if virtualNetworkGatewayType is not VPN. | | [`vpnType`](#parameter-vpntype) | string | Specifies the VPN type. | +### Parameter: `gatewayType` + +Specifies the gateway type. E.g. VPN, ExpressRoute. + +- Required: Yes +- Type: string +- Allowed: + ```Bicep + [ + 'ExpressRoute' + 'Vpn' + ] + ``` + +### Parameter: `name` + +Specifies the Virtual Network Gateway name. + +- Required: Yes +- Type: string + +### Parameter: `skuName` + +The SKU of the Gateway. + +- Required: Yes +- Type: string +- Allowed: + ```Bicep + [ + 'Basic' + 'ErGw1AZ' + 'ErGw2AZ' + 'ErGw3AZ' + 'HighPerformance' + 'Standard' + 'UltraPerformance' + 'VpnGw1' + 'VpnGw1AZ' + 'VpnGw2' + 'VpnGw2AZ' + 'VpnGw3' + 'VpnGw3AZ' + 'VpnGw4' + 'VpnGw4AZ' + 'VpnGw5' + 'VpnGw5AZ' + ] + ``` + +### Parameter: `vNetResourceId` + +Virtual Network resource ID. + +- Required: Yes +- Type: string + ### Parameter: `activeActive` Value to specify if the Gateway should be deployed in active-active or active-passive configuration. + - Required: No - Type: bool - Default: `True` @@ -680,6 +738,7 @@ Value to specify if the Gateway should be deployed in active-active or active-pa ### Parameter: `activeGatewayPipName` Specifies the name of the Public IP used by the Virtual Network Gateway when active-active configuration is required. If it's not provided, a '-pip' suffix will be appended to the gateway's name. + - Required: No - Type: string - Default: `[format('{0}-pip2', parameters('name'))]` @@ -687,6 +746,7 @@ Specifies the name of the Public IP used by the Virtual Network Gateway when act ### Parameter: `allowRemoteVnetTraffic` Configure this gateway to accept traffic from other Azure Virtual Networks. This configuration does not support connectivity to Azure Virtual WAN. + - Required: No - Type: bool - Default: `False` @@ -694,6 +754,7 @@ Configure this gateway to accept traffic from other Azure Virtual Networks. This ### Parameter: `allowVirtualWanTraffic` Configures this gateway to accept traffic from remote Virtual WAN networks. + - Required: No - Type: bool - Default: `False` @@ -701,6 +762,7 @@ Configures this gateway to accept traffic from remote Virtual WAN networks. ### Parameter: `asn` ASN value. + - Required: No - Type: int - Default: `65815` @@ -708,6 +770,7 @@ ASN value. ### Parameter: `clientRevokedCertThumbprint` Thumbprint of the revoked certificate. This would revoke VPN client certificates matching this thumbprint from connecting to the VNet. + - Required: No - Type: string - Default: `''` @@ -715,6 +778,7 @@ Thumbprint of the revoked certificate. This would revoke VPN client certificates ### Parameter: `clientRootCertData` Client root certificate data used to authenticate VPN clients. Cannot be configured if vpnClientAadConfiguration is provided. + - Required: No - Type: string - Default: `''` @@ -722,114 +786,90 @@ Client root certificate data used to authenticate VPN clients. Cannot be configu ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.metricCategories` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | - -### Parameter: `diagnosticSettings.metricCategories.category` - -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. - -- Required: Yes -- Type: string - - ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -837,6 +877,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `disableIPSecReplayProtection` disableIPSecReplayProtection flag. Used for VPN Gateways. + - Required: No - Type: bool - Default: `False` @@ -844,6 +885,7 @@ disableIPSecReplayProtection flag. Used for VPN Gateways. ### Parameter: `domainNameLabel` DNS name(s) of the Public IP resource(s). If you enabled active-active configuration, you need to provide 2 DNS names, if you want to use this feature. A region specific suffix will be appended to it, e.g.: your-DNS-name.westeurope.cloudapp.azure.com. + - Required: No - Type: array - Default: `[]` @@ -851,6 +893,7 @@ DNS name(s) of the Public IP resource(s). If you enabled active-active configura ### Parameter: `enableBgp` Value to specify if BGP is enabled or not. + - Required: No - Type: bool - Default: `True` @@ -858,6 +901,7 @@ Value to specify if BGP is enabled or not. ### Parameter: `enableBgpRouteTranslationForNat` EnableBgpRouteTranslationForNat flag. Can only be used when "natRules" are enabled on the Virtual Network Gateway. + - Required: No - Type: bool - Default: `False` @@ -865,6 +909,7 @@ EnableBgpRouteTranslationForNat flag. Can only be used when "natRules" are enabl ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -872,6 +917,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `enableDnsForwarding` Whether DNS forwarding is enabled or not and is only supported for Express Route Gateways. The DNS forwarding feature flag must be enabled on the current subscription. + - Required: No - Type: bool - Default: `False` @@ -879,6 +925,7 @@ Whether DNS forwarding is enabled or not and is only supported for Express Route ### Parameter: `enablePrivateIpAddress` Whether private IP needs to be enabled on this gateway for connections or not. Used for configuring a Site-to-Site VPN connection over ExpressRoute private peering. + - Required: No - Type: bool - Default: `False` @@ -886,6 +933,7 @@ Whether private IP needs to be enabled on this gateway for connections or not. U ### Parameter: `gatewayDefaultSiteLocalNetworkGatewayId` The reference to the LocalNetworkGateway resource which represents local network site having default routes. Assign Null value in case of removing existing default site setting. + - Required: No - Type: string - Default: `''` @@ -893,26 +941,15 @@ The reference to the LocalNetworkGateway resource which represents local network ### Parameter: `gatewayPipName` Specifies the name of the Public IP used by the Virtual Network Gateway. If it's not provided, a '-pip' suffix will be appended to the gateway's name. + - Required: No - Type: string - Default: `[format('{0}-pip1', parameters('name'))]` -### Parameter: `gatewayType` - -Specifies the gateway type. E.g. VPN, ExpressRoute. -- Required: Yes -- Type: string -- Allowed: - ```Bicep - [ - 'ExpressRoute' - 'Vpn' - ] - ``` - ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -920,39 +957,43 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string -### Parameter: `name` - -Specifies the Virtual Network Gateway name. -- Required: Yes -- Type: string - ### Parameter: `natRules` NatRules for virtual network gateway. NAT is supported on the the following SKUs: VpnGw2~5, VpnGw2AZ~5AZ and is supported for IPsec/IKE cross-premises connections only. + - Required: No - Type: array - Default: `[]` @@ -960,114 +1001,90 @@ NatRules for virtual network gateway. NAT is supported on the the following SKUs ### Parameter: `publicIpDiagnosticSettings` The diagnostic settings of the Public IP. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-publicipdiagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-publicipdiagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-publicipdiagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-publicipdiagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-publicipdiagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`metricCategories`](#parameter-publicipdiagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`name`](#parameter-publicipdiagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-publicipdiagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-publicipdiagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-publicipdiagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-publicipdiagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-publicipdiagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-publicipdiagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-publicipdiagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-publicipdiagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-publicipdiagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-publicipdiagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-publicipdiagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `publicIpDiagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `publicIpDiagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `publicIpDiagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `publicIpDiagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-publicipdiagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-publicipdiagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `publicIpDiagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `publicIpDiagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - ### Parameter: `publicIpDiagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `publicIpDiagnosticSettings.metricCategories` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-publicipdiagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | - -### Parameter: `publicIpDiagnosticSettings.metricCategories.category` - -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. - -- Required: Yes -- Type: string - - ### Parameter: `publicIpDiagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `publicIpDiagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `publicIpDiagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -1075,6 +1092,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `publicIPPrefixResourceId` Resource ID of the Public IP Prefix object. This is only needed if you want your Public IPs created in a PIP Prefix. + - Required: No - Type: string - Default: `''` @@ -1082,6 +1100,7 @@ Resource ID of the Public IP Prefix object. This is only needed if you want your ### Parameter: `publicIpZones` Specifies the zones of the Public IP address. Basic IP SKU does not support Availability Zones. + - Required: No - Type: array - Default: `[]` @@ -1089,114 +1108,103 @@ Specifies the zones of the Public IP address. Basic IP SKU does not support Avai ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | - -### Parameter: `roleAssignments.condition` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +**Optional parameters** -- Required: No -- Type: string +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.principalId` -Optional. Version of the condition. +The principal ID of the principal (user/group/identity) to assign the role to. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. The Resource Id of the delegated managed identity resource. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.condition` -Optional. The description of the role assignment. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.conditionVersion` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +Version of the condition. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Optional. The principal type of the assigned principal ID. +The Resource Id of the delegated managed identity resource. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.description` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The description of the role assignment. -- Required: Yes +- Required: No - Type: string -### Parameter: `skuName` +### Parameter: `roleAssignments.principalType` -The SKU of the Gateway. -- Required: Yes +The principal type of the assigned principal ID. + +- Required: No - Type: string - Allowed: ```Bicep [ - 'Basic' - 'ErGw1AZ' - 'ErGw2AZ' - 'ErGw3AZ' - 'HighPerformance' - 'Standard' - 'UltraPerformance' - 'VpnGw1' - 'VpnGw1AZ' - 'VpnGw2' - 'VpnGw2AZ' - 'VpnGw3' - 'VpnGw3AZ' - 'VpnGw4' - 'VpnGw4AZ' - 'VpnGw5' - 'VpnGw5AZ' + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' ] ``` ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object -### Parameter: `vNetResourceId` - -Virtual Network resource ID. -- Required: Yes -- Type: string - ### Parameter: `vpnClientAadConfiguration` Configuration for AAD Authentication for P2S Tunnel Type, Cannot be configured if clientRootCertData is provided. + - Required: No - Type: object - Default: `{}` @@ -1204,6 +1212,7 @@ Configuration for AAD Authentication for P2S Tunnel Type, Cannot be configured i ### Parameter: `vpnClientAddressPoolPrefix` The IP address range from which VPN clients will receive an IP address when connected. Range specified must not overlap with on-premise network. + - Required: No - Type: string - Default: `''` @@ -1211,6 +1220,7 @@ The IP address range from which VPN clients will receive an IP address when conn ### Parameter: `vpnGatewayGeneration` The generation for this VirtualNetworkGateway. Must be None if virtualNetworkGatewayType is not VPN. + - Required: No - Type: string - Default: `'None'` @@ -1226,6 +1236,7 @@ The generation for this VirtualNetworkGateway. Must be None if virtualNetworkGat ### Parameter: `vpnType` Specifies the VPN type. + - Required: No - Type: string - Default: `'RouteBased'` diff --git a/modules/network/virtual-network-gateway/nat-rule/README.md b/modules/network/virtual-network-gateway/nat-rule/README.md index 854cb64616..000683efbc 100644 --- a/modules/network/virtual-network-gateway/nat-rule/README.md +++ b/modules/network/virtual-network-gateway/nat-rule/README.md @@ -40,9 +40,24 @@ This module deploys a Virtual Network Gateway NAT Rule. | [`mode`](#parameter-mode) | string | The type of NAT rule for Virtual Network NAT. IngressSnat mode (also known as Ingress Source NAT) is applicable to traffic entering the Azure hub's site-to-site Virtual Network gateway. EgressSnat mode (also known as Egress Source NAT) is applicable to traffic leaving the Azure hub's Site-to-site Virtual Network gateway. | | [`type`](#parameter-type) | string | The type of NAT rule for Virtual Network NAT. Static one-to-one NAT establishes a one-to-one relationship between an internal address and an external address while Dynamic NAT assigns an IP and port based on availability. | +### Parameter: `name` + +The name of the NAT rule. + +- Required: Yes +- Type: string + +### Parameter: `virtualNetworkGatewayName` + +The name of the parent Virtual Network Gateway this NAT rule is associated with. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -50,6 +65,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `externalMappings` An address prefix range of destination IPs on the outside network that source IPs will be mapped to. In other words, your post-NAT address prefix range. + - Required: No - Type: array - Default: `[]` @@ -57,6 +73,7 @@ An address prefix range of destination IPs on the outside network that source IP ### Parameter: `internalMappings` An address prefix range of source IPs on the inside network that will be mapped to a set of external IPs. In other words, your pre-NAT address prefix range. + - Required: No - Type: array - Default: `[]` @@ -64,6 +81,7 @@ An address prefix range of source IPs on the inside network that will be mapped ### Parameter: `ipConfigurationId` A NAT rule must be configured to a specific Virtual Network Gateway instance. This is applicable to Dynamic NAT only. Static NAT rules are automatically applied to both Virtual Network Gateway instances. + - Required: No - Type: string - Default: `''` @@ -71,6 +89,7 @@ A NAT rule must be configured to a specific Virtual Network Gateway instance. Th ### Parameter: `mode` The type of NAT rule for Virtual Network NAT. IngressSnat mode (also known as Ingress Source NAT) is applicable to traffic entering the Azure hub's site-to-site Virtual Network gateway. EgressSnat mode (also known as Egress Source NAT) is applicable to traffic leaving the Azure hub's Site-to-site Virtual Network gateway. + - Required: No - Type: string - Default: `''` @@ -83,15 +102,10 @@ The type of NAT rule for Virtual Network NAT. IngressSnat mode (also known as In ] ``` -### Parameter: `name` - -The name of the NAT rule. -- Required: Yes -- Type: string - ### Parameter: `type` The type of NAT rule for Virtual Network NAT. Static one-to-one NAT establishes a one-to-one relationship between an internal address and an external address while Dynamic NAT assigns an IP and port based on availability. + - Required: No - Type: string - Default: `''` @@ -104,12 +118,6 @@ The type of NAT rule for Virtual Network NAT. Static one-to-one NAT establishes ] ``` -### Parameter: `virtualNetworkGatewayName` - -The name of the parent Virtual Network Gateway this NAT rule is associated with. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/network/virtual-network/README.md b/modules/network/virtual-network/README.md index 33dd1bb7cd..a4740e6bd8 100644 --- a/modules/network/virtual-network/README.md +++ b/modules/network/virtual-network/README.md @@ -693,12 +693,21 @@ module virtualNetwork 'br:bicep/modules/network.virtual-network:1.0.0' = { ### Parameter: `addressPrefixes` An Array of 1 or more IP Address Prefixes for the Virtual Network. + - Required: Yes - Type: array +### Parameter: `name` + +The Virtual Network (vNet) Name. + +- Required: Yes +- Type: string + ### Parameter: `ddosProtectionPlanId` Resource ID of the DDoS protection plan to assign the VNET to. If it's left blank, DDoS protection will not be configured. If it's provided, the VNET created by this template will be attached to the referenced DDoS protection plan. The DDoS protection plan can exist in the same or in a different subscription. + - Required: No - Type: string - Default: `''` @@ -706,114 +715,90 @@ Resource ID of the DDoS protection plan to assign the VNET to. If it's left blan ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.metricCategories` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | - -### Parameter: `diagnosticSettings.metricCategories.category` - -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. - -- Required: Yes -- Type: string - - ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -821,6 +806,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `dnsServers` DNS Servers associated to the Virtual Network. + - Required: No - Type: array - Default: `[]` @@ -828,6 +814,7 @@ DNS Servers associated to the Virtual Network. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -835,6 +822,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `flowTimeoutInMinutes` The flow timeout in minutes for the Virtual Network, which is used to enable connection tracking for intra-VM flows. Possible values are between 4 and 30 minutes. Default value 0 will set the property to null. + - Required: No - Type: int - Default: `0` @@ -842,6 +830,7 @@ The flow timeout in minutes for the Virtual Network, which is used to enable con ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -849,39 +838,43 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string -### Parameter: `name` - -The Virtual Network (vNet) Name. -- Required: Yes -- Type: string - ### Parameter: `peerings` Virtual Network Peerings configurations. + - Required: No - Type: array - Default: `[]` @@ -889,74 +882,96 @@ Virtual Network Peerings configurations. ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +**Optional parameters** -### Parameter: `roleAssignments.condition` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +### Parameter: `roleAssignments.principalId` -- Required: No +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `subnets` An Array of subnets to deploy to the Virtual Network. + - Required: No - Type: array - Default: `[]` @@ -964,12 +979,14 @@ An Array of subnets to deploy to the Virtual Network. ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object ### Parameter: `vnetEncryption` Indicates if encryption is enabled on virtual network and if VM without encryption is allowed in encrypted VNet. Requires the EnableVNetEncryption feature to be registered for the subscription and a supported region to use this property. + - Required: No - Type: bool - Default: `False` @@ -977,6 +994,7 @@ Indicates if encryption is enabled on virtual network and if VM without encrypti ### Parameter: `vnetEncryptionEnforcement` If the encrypted VNet allows VM that does not support encryption. Can only be used when vnetEncryption is enabled. + - Required: No - Type: string - Default: `'AllowUnencrypted'` diff --git a/modules/network/virtual-network/subnet/README.md b/modules/network/virtual-network/subnet/README.md index fbe94623e8..dc3d90591a 100644 --- a/modules/network/virtual-network/subnet/README.md +++ b/modules/network/virtual-network/subnet/README.md @@ -53,12 +53,21 @@ This module deploys a Virtual Network Subnet. ### Parameter: `addressPrefix` The address prefix for the subnet. + +- Required: Yes +- Type: string + +### Parameter: `virtualNetworkName` + +The name of the parent virtual network. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string ### Parameter: `addressPrefixes` List of address prefixes for the subnet. + - Required: No - Type: array - Default: `[]` @@ -66,6 +75,7 @@ List of address prefixes for the subnet. ### Parameter: `applicationGatewayIPConfigurations` Application gateway IP configurations of virtual network resource. + - Required: No - Type: array - Default: `[]` @@ -73,6 +83,7 @@ Application gateway IP configurations of virtual network resource. ### Parameter: `delegations` The delegations to enable on the subnet. + - Required: No - Type: array - Default: `[]` @@ -80,6 +91,7 @@ The delegations to enable on the subnet. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -87,6 +99,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `ipAllocations` Array of IpAllocation which reference this subnet. + - Required: No - Type: array - Default: `[]` @@ -94,12 +107,14 @@ Array of IpAllocation which reference this subnet. ### Parameter: `name` The Name of the subnet resource. + - Required: Yes - Type: string ### Parameter: `natGatewayId` The resource ID of the NAT Gateway to use for the subnet. + - Required: No - Type: string - Default: `''` @@ -107,6 +122,7 @@ The resource ID of the NAT Gateway to use for the subnet. ### Parameter: `networkSecurityGroupId` The resource ID of the network security group to assign to the subnet. + - Required: No - Type: string - Default: `''` @@ -114,6 +130,7 @@ The resource ID of the network security group to assign to the subnet. ### Parameter: `privateEndpointNetworkPolicies` enable or disable apply network policies on private endpoint in the subnet. + - Required: No - Type: string - Default: `''` @@ -129,6 +146,7 @@ enable or disable apply network policies on private endpoint in the subnet. ### Parameter: `privateLinkServiceNetworkPolicies` enable or disable apply network policies on private link service in the subnet. + - Required: No - Type: string - Default: `''` @@ -144,74 +162,96 @@ enable or disable apply network policies on private link service in the subnet. ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `routeTableId` The resource ID of the route table to assign to the subnet. + - Required: No - Type: string - Default: `''` @@ -219,6 +259,7 @@ The resource ID of the route table to assign to the subnet. ### Parameter: `serviceEndpointPolicies` An array of service endpoint policies. + - Required: No - Type: array - Default: `[]` @@ -226,16 +267,11 @@ An array of service endpoint policies. ### Parameter: `serviceEndpoints` The service endpoints to enable on the subnet. + - Required: No - Type: array - Default: `[]` -### Parameter: `virtualNetworkName` - -The name of the parent virtual network. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/network/virtual-network/virtual-network-peering/README.md b/modules/network/virtual-network/virtual-network-peering/README.md index fb53ca2d3f..6b9779648d 100644 --- a/modules/network/virtual-network/virtual-network-peering/README.md +++ b/modules/network/virtual-network/virtual-network-peering/README.md @@ -41,9 +41,24 @@ This module deploys a Virtual Network Peering. | [`name`](#parameter-name) | string | The Name of Vnet Peering resource. If not provided, default value will be localVnetName-remoteVnetName. | | [`useRemoteGateways`](#parameter-useremotegateways) | bool | If remote gateways can be used on this virtual network. If the flag is set to true, and allowGatewayTransit on remote peering is also true, virtual network will use gateways of remote virtual network for transit. Only one peering can have this flag set to true. This flag cannot be set if virtual network already has a gateway. Default is false. | +### Parameter: `remoteVirtualNetworkId` + +The Resource ID of the VNet that is this Local VNet is being peered to. Should be in the format of a Resource ID. + +- Required: Yes +- Type: string + +### Parameter: `localVnetName` + +The name of the parent Virtual Network to add the peering to. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `allowForwardedTraffic` Whether the forwarded traffic from the VMs in the local virtual network will be allowed/disallowed in remote virtual network. Default is true. + - Required: No - Type: bool - Default: `True` @@ -51,6 +66,7 @@ Whether the forwarded traffic from the VMs in the local virtual network will be ### Parameter: `allowGatewayTransit` If gateway links can be used in remote virtual networking to link to this virtual network. Default is false. + - Required: No - Type: bool - Default: `False` @@ -58,6 +74,7 @@ If gateway links can be used in remote virtual networking to link to this virtua ### Parameter: `allowVirtualNetworkAccess` Whether the VMs in the local virtual network space would be able to access the VMs in remote virtual network space. Default is true. + - Required: No - Type: bool - Default: `True` @@ -65,6 +82,7 @@ Whether the VMs in the local virtual network space would be able to access the V ### Parameter: `doNotVerifyRemoteGateways` If we need to verify the provisioning state of the remote gateway. Default is true. + - Required: No - Type: bool - Default: `True` @@ -72,32 +90,23 @@ If we need to verify the provisioning state of the remote gateway. Default is tr ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` -### Parameter: `localVnetName` - -The name of the parent Virtual Network to add the peering to. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `name` The Name of Vnet Peering resource. If not provided, default value will be localVnetName-remoteVnetName. + - Required: No - Type: string - Default: `[format('{0}-{1}', parameters('localVnetName'), last(split(parameters('remoteVirtualNetworkId'), '/')))]` -### Parameter: `remoteVirtualNetworkId` - -The Resource ID of the VNet that is this Local VNet is being peered to. Should be in the format of a Resource ID. -- Required: Yes -- Type: string - ### Parameter: `useRemoteGateways` If remote gateways can be used on this virtual network. If the flag is set to true, and allowGatewayTransit on remote peering is also true, virtual network will use gateways of remote virtual network for transit. Only one peering can have this flag set to true. This flag cannot be set if virtual network already has a gateway. Default is false. + - Required: No - Type: bool - Default: `False` diff --git a/modules/network/virtual-wan/README.md b/modules/network/virtual-wan/README.md index 2cb16b518d..9dee8a1d23 100644 --- a/modules/network/virtual-wan/README.md +++ b/modules/network/virtual-wan/README.md @@ -309,9 +309,17 @@ module virtualWan 'br:bicep/modules/network.virtual-wan:1.0.0' = { | [`tags`](#parameter-tags) | object | Tags of the resource. | | [`type`](#parameter-type) | string | The type of the Virtual WAN. | +### Parameter: `name` + +Name of the Virtual WAN. + +- Required: Yes +- Type: string + ### Parameter: `allowBranchToBranchTraffic` True if branch to branch traffic is allowed. + - Required: No - Type: bool - Default: `False` @@ -319,6 +327,7 @@ True if branch to branch traffic is allowed. ### Parameter: `allowVnetToVnetTraffic` True if VNET to VNET traffic is allowed. + - Required: No - Type: bool - Default: `False` @@ -326,6 +335,7 @@ True if VNET to VNET traffic is allowed. ### Parameter: `disableVpnEncryption` VPN encryption to be disabled or not. + - Required: No - Type: bool - Default: `False` @@ -333,6 +343,7 @@ VPN encryption to be disabled or not. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -340,6 +351,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` Location where all resources will be created. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -347,113 +359,139 @@ Location where all resources will be created. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string -### Parameter: `name` - -Name of the Virtual WAN. -- Required: Yes -- Type: string - ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +**Optional parameters** -### Parameter: `roleAssignments.condition` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +### Parameter: `roleAssignments.principalId` -- Required: No +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object ### Parameter: `type` The type of the Virtual WAN. + - Required: No - Type: string - Default: `'Standard'` diff --git a/modules/network/vpn-gateway/README.md b/modules/network/vpn-gateway/README.md index ae23f37365..90986c4cc0 100644 --- a/modules/network/vpn-gateway/README.md +++ b/modules/network/vpn-gateway/README.md @@ -409,9 +409,24 @@ module vpnGateway 'br:bicep/modules/network.vpn-gateway:1.0.0' = { | [`vpnConnections`](#parameter-vpnconnections) | array | The VPN connections to create in the VPN gateway. | | [`vpnGatewayScaleUnit`](#parameter-vpngatewayscaleunit) | int | The scale unit for this VPN gateway. | +### Parameter: `name` + +Name of the VPN gateway. + +- Required: Yes +- Type: string + +### Parameter: `virtualHubResourceId` + +The resource ID of a virtual Hub to connect to. Note: The virtual Hub and Gateway must be deployed into the same location. + +- Required: Yes +- Type: string + ### Parameter: `bgpSettings` BGP settings details. + - Required: No - Type: object - Default: `{}` @@ -419,6 +434,7 @@ BGP settings details. ### Parameter: `enableBgpRouteTranslationForNat` Enable BGP routes translation for NAT on this VPN gateway. + - Required: No - Type: bool - Default: `False` @@ -426,6 +442,7 @@ Enable BGP routes translation for NAT on this VPN gateway. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -433,6 +450,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `isRoutingPreferenceInternet` Enable routing preference property for the public IP interface of the VPN gateway. + - Required: No - Type: bool - Default: `False` @@ -440,6 +458,7 @@ Enable routing preference property for the public IP interface of the VPN gatewa ### Parameter: `location` Location where all resources will be created. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -447,39 +466,43 @@ Location where all resources will be created. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string -### Parameter: `name` - -Name of the VPN gateway. -- Required: Yes -- Type: string - ### Parameter: `natRules` List of all the NAT Rules to associate with the gateway. + - Required: No - Type: array - Default: `[]` @@ -487,18 +510,14 @@ List of all the NAT Rules to associate with the gateway. ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object -### Parameter: `virtualHubResourceId` - -The resource ID of a virtual Hub to connect to. Note: The virtual Hub and Gateway must be deployed into the same location. -- Required: Yes -- Type: string - ### Parameter: `vpnConnections` The VPN connections to create in the VPN gateway. + - Required: No - Type: array - Default: `[]` @@ -506,6 +525,7 @@ The VPN connections to create in the VPN gateway. ### Parameter: `vpnGatewayScaleUnit` The scale unit for this VPN gateway. + - Required: No - Type: int - Default: `2` diff --git a/modules/network/vpn-gateway/nat-rule/README.md b/modules/network/vpn-gateway/nat-rule/README.md index a14fb65749..f53cf33f2f 100644 --- a/modules/network/vpn-gateway/nat-rule/README.md +++ b/modules/network/vpn-gateway/nat-rule/README.md @@ -40,9 +40,24 @@ This module deploys a VPN Gateway NAT Rule. | [`mode`](#parameter-mode) | string | The type of NAT rule for VPN NAT. IngressSnat mode (also known as Ingress Source NAT) is applicable to traffic entering the Azure hub's site-to-site VPN gateway. EgressSnat mode (also known as Egress Source NAT) is applicable to traffic leaving the Azure hub's Site-to-site VPN gateway. | | [`type`](#parameter-type) | string | The type of NAT rule for VPN NAT. Static one-to-one NAT establishes a one-to-one relationship between an internal address and an external address while Dynamic NAT assigns an IP and port based on availability. | +### Parameter: `name` + +The name of the NAT rule. + +- Required: Yes +- Type: string + +### Parameter: `vpnGatewayName` + +The name of the parent VPN gateway this NAT rule is associated with. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -50,6 +65,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `externalMappings` An address prefix range of destination IPs on the outside network that source IPs will be mapped to. In other words, your post-NAT address prefix range. + - Required: No - Type: array - Default: `[]` @@ -57,6 +73,7 @@ An address prefix range of destination IPs on the outside network that source IP ### Parameter: `internalMappings` An address prefix range of source IPs on the inside network that will be mapped to a set of external IPs. In other words, your pre-NAT address prefix range. + - Required: No - Type: array - Default: `[]` @@ -64,6 +81,7 @@ An address prefix range of source IPs on the inside network that will be mapped ### Parameter: `ipConfigurationId` A NAT rule must be configured to a specific VPN Gateway instance. This is applicable to Dynamic NAT only. Static NAT rules are automatically applied to both VPN Gateway instances. + - Required: No - Type: string - Default: `''` @@ -71,6 +89,7 @@ A NAT rule must be configured to a specific VPN Gateway instance. This is applic ### Parameter: `mode` The type of NAT rule for VPN NAT. IngressSnat mode (also known as Ingress Source NAT) is applicable to traffic entering the Azure hub's site-to-site VPN gateway. EgressSnat mode (also known as Egress Source NAT) is applicable to traffic leaving the Azure hub's Site-to-site VPN gateway. + - Required: No - Type: string - Default: `''` @@ -83,15 +102,10 @@ The type of NAT rule for VPN NAT. IngressSnat mode (also known as Ingress Source ] ``` -### Parameter: `name` - -The name of the NAT rule. -- Required: Yes -- Type: string - ### Parameter: `type` The type of NAT rule for VPN NAT. Static one-to-one NAT establishes a one-to-one relationship between an internal address and an external address while Dynamic NAT assigns an IP and port based on availability. + - Required: No - Type: string - Default: `''` @@ -104,12 +118,6 @@ The type of NAT rule for VPN NAT. Static one-to-one NAT establishes a one-to-one ] ``` -### Parameter: `vpnGatewayName` - -The name of the parent VPN gateway this NAT rule is associated with. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/network/vpn-gateway/vpn-connection/README.md b/modules/network/vpn-gateway/vpn-connection/README.md index d533488822..5b7275f37e 100644 --- a/modules/network/vpn-gateway/vpn-connection/README.md +++ b/modules/network/vpn-gateway/vpn-connection/README.md @@ -50,9 +50,24 @@ This module deploys a VPN Gateway VPN Connection. | [`vpnConnectionProtocolType`](#parameter-vpnconnectionprotocoltype) | string | Gateway connection protocol. | | [`vpnLinkConnections`](#parameter-vpnlinkconnections) | array | List of all VPN site link connections to the gateway. | +### Parameter: `name` + +The name of the VPN connection. + +- Required: Yes +- Type: string + +### Parameter: `vpnGatewayName` + +The name of the parent VPN gateway this VPN connection is associated with. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `connectionBandwidth` Expected bandwidth in MBPS. + - Required: No - Type: int - Default: `10` @@ -60,6 +75,7 @@ Expected bandwidth in MBPS. ### Parameter: `enableBgp` Enable BGP flag. + - Required: No - Type: bool - Default: `False` @@ -67,6 +83,7 @@ Enable BGP flag. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -74,6 +91,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `enableInternetSecurity` Enable internet security. + - Required: No - Type: bool - Default: `False` @@ -81,6 +99,7 @@ Enable internet security. ### Parameter: `enableRateLimiting` Enable rate limiting. + - Required: No - Type: bool - Default: `False` @@ -88,19 +107,15 @@ Enable rate limiting. ### Parameter: `ipsecPolicies` The IPSec policies to be considered by this connection. + - Required: No - Type: array - Default: `[]` -### Parameter: `name` - -The name of the VPN connection. -- Required: Yes -- Type: string - ### Parameter: `remoteVpnSiteResourceId` Reference to a VPN site to link to. + - Required: No - Type: string - Default: `''` @@ -108,6 +123,7 @@ Reference to a VPN site to link to. ### Parameter: `routingConfiguration` Routing configuration indicating the associated and propagated route tables for this connection. + - Required: No - Type: object - Default: `{}` @@ -115,6 +131,7 @@ Routing configuration indicating the associated and propagated route tables for ### Parameter: `routingWeight` Routing weight for VPN connection. + - Required: No - Type: int - Default: `0` @@ -122,6 +139,7 @@ Routing weight for VPN connection. ### Parameter: `sharedKey` SharedKey for the VPN connection. + - Required: No - Type: securestring - Default: `''` @@ -129,6 +147,7 @@ SharedKey for the VPN connection. ### Parameter: `trafficSelectorPolicies` The traffic selector policies to be considered by this connection. + - Required: No - Type: array - Default: `[]` @@ -136,6 +155,7 @@ The traffic selector policies to be considered by this connection. ### Parameter: `useLocalAzureIpAddress` Use local Azure IP to initiate connection. + - Required: No - Type: bool - Default: `False` @@ -143,6 +163,7 @@ Use local Azure IP to initiate connection. ### Parameter: `usePolicyBasedTrafficSelectors` Enable policy-based traffic selectors. + - Required: No - Type: bool - Default: `False` @@ -150,6 +171,7 @@ Enable policy-based traffic selectors. ### Parameter: `vpnConnectionProtocolType` Gateway connection protocol. + - Required: No - Type: string - Default: `'IKEv2'` @@ -161,15 +183,10 @@ Gateway connection protocol. ] ``` -### Parameter: `vpnGatewayName` - -The name of the parent VPN gateway this VPN connection is associated with. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `vpnLinkConnections` List of all VPN site link connections to the gateway. + - Required: No - Type: array - Default: `[]` diff --git a/modules/network/vpn-site/README.md b/modules/network/vpn-site/README.md index d905533985..bc0947729e 100644 --- a/modules/network/vpn-site/README.md +++ b/modules/network/vpn-site/README.md @@ -483,9 +483,24 @@ module vpnSite 'br:bicep/modules/network.vpn-site:1.0.0' = { | [`tags`](#parameter-tags) | object | Tags of the resource. | | [`vpnSiteLinks`](#parameter-vpnsitelinks) | array | List of all VPN site links. | +### Parameter: `name` + +Name of the VPN Site. + +- Required: Yes +- Type: string + +### Parameter: `virtualWanId` + +Resource ID of the virtual WAN to link to. + +- Required: Yes +- Type: string + ### Parameter: `addressPrefixes` An array of IP address ranges that can be used by subnets of the virtual network. Required if no bgpProperties or VPNSiteLinks are configured. + - Required: No - Type: array - Default: `[]` @@ -493,6 +508,7 @@ An array of IP address ranges that can be used by subnets of the virtual network ### Parameter: `bgpProperties` BGP settings details. Note: This is a deprecated property, please use the corresponding VpnSiteLinks property instead. Required if no addressPrefixes or VPNSiteLinks are configured. + - Required: No - Type: object - Default: `{}` @@ -500,6 +516,7 @@ BGP settings details. Note: This is a deprecated property, please use the corres ### Parameter: `deviceProperties` List of properties of the device. + - Required: No - Type: object - Default: `{}` @@ -507,6 +524,7 @@ List of properties of the device. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -514,6 +532,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `ipAddress` The IP-address for the VPN-site. Note: This is a deprecated property, please use the corresponding VpnSiteLinks property instead. + - Required: No - Type: string - Default: `''` @@ -521,6 +540,7 @@ The IP-address for the VPN-site. Note: This is a deprecated property, please use ### Parameter: `isSecuritySite` IsSecuritySite flag. + - Required: No - Type: bool - Default: `False` @@ -528,6 +548,7 @@ IsSecuritySite flag. ### Parameter: `location` Location where all resources will be created. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -535,39 +556,43 @@ Location where all resources will be created. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string -### Parameter: `name` - -Name of the VPN Site. -- Required: Yes -- Type: string - ### Parameter: `o365Policy` The Office365 breakout policy. + - Required: No - Type: object - Default: `{}` @@ -575,86 +600,103 @@ The Office365 breakout policy. ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object -### Parameter: `virtualWanId` - -Resource ID of the virtual WAN to link to. -- Required: Yes -- Type: string - ### Parameter: `vpnSiteLinks` List of all VPN site links. + - Required: No - Type: array - Default: `[]` diff --git a/modules/operational-insights/workspace/README.md b/modules/operational-insights/workspace/README.md index cced023771..817891fcc3 100644 --- a/modules/operational-insights/workspace/README.md +++ b/modules/operational-insights/workspace/README.md @@ -1501,9 +1501,25 @@ module workspace 'br:bicep/modules/operational-insights.workspace:1.0.0' = { | [`tags`](#parameter-tags) | object | Tags of the resource. | | [`useResourcePermissions`](#parameter-useresourcepermissions) | bool | Set to 'true' to use resource or workspace permissions and 'false' (or leave empty) to require workspace permissions. | +### Parameter: `name` + +Name of the Log Analytics workspace. + +- Required: Yes +- Type: string + +### Parameter: `linkedStorageAccounts` + +List of Storage Accounts to be linked. Required if 'forceCmkForQuery' is set to 'true' and 'savedSearches' is not empty. + +- Required: No +- Type: array +- Default: `[]` + ### Parameter: `dailyQuotaGb` The workspace daily quota for ingestion. + - Required: No - Type: int - Default: `-1` @@ -1511,6 +1527,7 @@ The workspace daily quota for ingestion. ### Parameter: `dataExports` LAW data export instances to be deployed. + - Required: No - Type: array - Default: `[]` @@ -1518,6 +1535,7 @@ LAW data export instances to be deployed. ### Parameter: `dataRetention` Number of days data will be retained for. + - Required: No - Type: int - Default: `365` @@ -1525,6 +1543,7 @@ Number of days data will be retained for. ### Parameter: `dataSources` LAW data sources to configure. + - Required: No - Type: array - Default: `[]` @@ -1532,114 +1551,90 @@ LAW data sources to configure. ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.metricCategories` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | - -### Parameter: `diagnosticSettings.metricCategories.category` - -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. - -- Required: Yes -- Type: string - - ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -1647,6 +1642,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -1654,6 +1650,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `forceCmkForQuery` Indicates whether customer managed storage is mandatory for query management. + - Required: No - Type: bool - Default: `True` @@ -1661,6 +1658,7 @@ Indicates whether customer managed storage is mandatory for query management. ### Parameter: `gallerySolutions` List of gallerySolutions to be created in the log analytics workspace. + - Required: No - Type: array - Default: `[]` @@ -1668,13 +1666,7 @@ List of gallerySolutions to be created in the log analytics workspace. ### Parameter: `linkedServices` List of services to be linked. -- Required: No -- Type: array -- Default: `[]` - -### Parameter: `linkedStorageAccounts` -List of Storage Accounts to be linked. Required if 'forceCmkForQuery' is set to 'true' and 'savedSearches' is not empty. - Required: No - Type: array - Default: `[]` @@ -1682,6 +1674,7 @@ List of Storage Accounts to be linked. Required if 'forceCmkForQuery' is set to ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -1689,26 +1682,35 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -1716,38 +1718,35 @@ Optional. Specify the name of lock. ### Parameter: `managedIdentities` The managed identity definition for this resource. Only one type of identity is supported: system-assigned or user-assigned, but not both. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | No | bool | Optional. Enables system assigned managed identity on the resource. | -| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | No | array | Optional. The resource ID(s) to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | bool | Enables system assigned managed identity on the resource. | +| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. | ### Parameter: `managedIdentities.systemAssigned` -Optional. Enables system assigned managed identity on the resource. +Enables system assigned managed identity on the resource. - Required: No - Type: bool ### Parameter: `managedIdentities.userAssignedResourceIds` -Optional. The resource ID(s) to assign to the resource. +The resource ID(s) to assign to the resource. - Required: No - Type: array -### Parameter: `name` - -Name of the Log Analytics workspace. -- Required: Yes -- Type: string - ### Parameter: `publicNetworkAccessForIngestion` The network access type for accessing Log Analytics ingestion. + - Required: No - Type: string - Default: `'Enabled'` @@ -1762,6 +1761,7 @@ The network access type for accessing Log Analytics ingestion. ### Parameter: `publicNetworkAccessForQuery` The network access type for accessing Log Analytics query. + - Required: No - Type: string - Default: `'Enabled'` @@ -1776,74 +1776,96 @@ The network access type for accessing Log Analytics query. ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `savedSearches` Kusto Query Language searches to save. + - Required: No - Type: array - Default: `[]` @@ -1851,6 +1873,7 @@ Kusto Query Language searches to save. ### Parameter: `skuCapacityReservationLevel` The capacity reservation level in GB for this workspace, when CapacityReservation sku is selected. Must be in increments of 100 between 100 and 5000. + - Required: No - Type: int - Default: `100` @@ -1858,6 +1881,7 @@ The capacity reservation level in GB for this workspace, when CapacityReservatio ### Parameter: `skuName` The name of the SKU. + - Required: No - Type: string - Default: `'PerGB2018'` @@ -1878,6 +1902,7 @@ The name of the SKU. ### Parameter: `storageInsightsConfigs` List of storage accounts to be read by the workspace. + - Required: No - Type: array - Default: `[]` @@ -1885,6 +1910,7 @@ List of storage accounts to be read by the workspace. ### Parameter: `tables` LAW custom tables to be deployed. + - Required: No - Type: array - Default: `[]` @@ -1892,12 +1918,14 @@ LAW custom tables to be deployed. ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object ### Parameter: `useResourcePermissions` Set to 'true' to use resource or workspace permissions and 'false' (or leave empty) to require workspace permissions. + - Required: No - Type: bool - Default: `False` diff --git a/modules/operational-insights/workspace/data-export/README.md b/modules/operational-insights/workspace/data-export/README.md index 71d77ffb7f..1e9ab320e3 100644 --- a/modules/operational-insights/workspace/data-export/README.md +++ b/modules/operational-insights/workspace/data-export/README.md @@ -38,9 +38,24 @@ This module deploys a Log Analytics Workspace Data Export. | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via the Customer Usage Attribution ID (GUID). | | [`tableNames`](#parameter-tablenames) | array | An array of tables to export, for example: ['Heartbeat', 'SecurityEvent']. | +### Parameter: `name` + +The data export rule name. + +- Required: Yes +- Type: string + +### Parameter: `workspaceName` + +The name of the parent workspaces. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `destination` Destination properties. + - Required: No - Type: object - Default: `{}` @@ -48,6 +63,7 @@ Destination properties. ### Parameter: `enable` Active when enabled. + - Required: No - Type: bool - Default: `False` @@ -55,29 +71,19 @@ Active when enabled. ### Parameter: `enableDefaultTelemetry` Enable telemetry via the Customer Usage Attribution ID (GUID). + - Required: No - Type: bool - Default: `True` -### Parameter: `name` - -The data export rule name. -- Required: Yes -- Type: string - ### Parameter: `tableNames` An array of tables to export, for example: ['Heartbeat', 'SecurityEvent']. + - Required: No - Type: array - Default: `[]` -### Parameter: `workspaceName` - -The name of the parent workspaces. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/operational-insights/workspace/data-source/README.md b/modules/operational-insights/workspace/data-source/README.md index 99c4331190..c06337774d 100644 --- a/modules/operational-insights/workspace/data-source/README.md +++ b/modules/operational-insights/workspace/data-source/README.md @@ -48,9 +48,45 @@ This module deploys a Log Analytics Workspace Data Source. | [`syslogSeverities`](#parameter-syslogseverities) | array | Severities to configure when kind is LinuxSyslog. | | [`tags`](#parameter-tags) | object | Tags to configure in the resource. | +### Parameter: `kind` + +The kind of the DataSource. + +- Required: No +- Type: string +- Default: `'AzureActivityLog'` +- Allowed: + ```Bicep + [ + 'AzureActivityLog' + 'IISLogs' + 'LinuxPerformanceCollection' + 'LinuxPerformanceObject' + 'LinuxSyslog' + 'LinuxSyslogCollection' + 'WindowsEvent' + 'WindowsPerformanceCounter' + ] + ``` + +### Parameter: `name` + +Name of the solution. + +- Required: Yes +- Type: string + +### Parameter: `logAnalyticsWorkspaceName` + +The name of the parent Log Analytics workspace. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `counterName` Counter name to configure when kind is WindowsPerformanceCounter. + - Required: No - Type: string - Default: `''` @@ -58,6 +94,7 @@ Counter name to configure when kind is WindowsPerformanceCounter. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -65,6 +102,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `eventLogName` Windows event log name to configure when kind is WindowsEvent. + - Required: No - Type: string - Default: `''` @@ -72,6 +110,7 @@ Windows event log name to configure when kind is WindowsEvent. ### Parameter: `eventTypes` Windows event types to configure when kind is WindowsEvent. + - Required: No - Type: array - Default: `[]` @@ -79,6 +118,7 @@ Windows event types to configure when kind is WindowsEvent. ### Parameter: `instanceName` Name of the instance to configure when kind is WindowsPerformanceCounter or LinuxPerformanceObject. + - Required: No - Type: string - Default: `'*'` @@ -86,52 +126,23 @@ Name of the instance to configure when kind is WindowsPerformanceCounter or Linu ### Parameter: `intervalSeconds` Interval in seconds to configure when kind is WindowsPerformanceCounter or LinuxPerformanceObject. + - Required: No - Type: int - Default: `60` -### Parameter: `kind` - -The kind of the DataSource. -- Required: No -- Type: string -- Default: `'AzureActivityLog'` -- Allowed: - ```Bicep - [ - 'AzureActivityLog' - 'IISLogs' - 'LinuxPerformanceCollection' - 'LinuxPerformanceObject' - 'LinuxSyslog' - 'LinuxSyslogCollection' - 'WindowsEvent' - 'WindowsPerformanceCounter' - ] - ``` - ### Parameter: `linkedResourceId` Resource ID of the resource to be linked. + - Required: No - Type: string - Default: `''` -### Parameter: `logAnalyticsWorkspaceName` - -The name of the parent Log Analytics workspace. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - -### Parameter: `name` - -Name of the solution. -- Required: Yes -- Type: string - ### Parameter: `objectName` Name of the object to configure when kind is WindowsPerformanceCounter or LinuxPerformanceObject. + - Required: No - Type: string - Default: `''` @@ -139,6 +150,7 @@ Name of the object to configure when kind is WindowsPerformanceCounter or LinuxP ### Parameter: `performanceCounters` List of counters to configure when the kind is LinuxPerformanceObject. + - Required: No - Type: array - Default: `[]` @@ -146,6 +158,7 @@ List of counters to configure when the kind is LinuxPerformanceObject. ### Parameter: `state` State to configure when kind is IISLogs or LinuxSyslogCollection or LinuxPerformanceCollection. + - Required: No - Type: string - Default: `''` @@ -153,6 +166,7 @@ State to configure when kind is IISLogs or LinuxSyslogCollection or LinuxPerform ### Parameter: `syslogName` System log to configure when kind is LinuxSyslog. + - Required: No - Type: string - Default: `''` @@ -160,6 +174,7 @@ System log to configure when kind is LinuxSyslog. ### Parameter: `syslogSeverities` Severities to configure when kind is LinuxSyslog. + - Required: No - Type: array - Default: `[]` @@ -167,6 +182,7 @@ Severities to configure when kind is LinuxSyslog. ### Parameter: `tags` Tags to configure in the resource. + - Required: No - Type: object diff --git a/modules/operational-insights/workspace/linked-service/README.md b/modules/operational-insights/workspace/linked-service/README.md index c30872ecce..e9eef72244 100644 --- a/modules/operational-insights/workspace/linked-service/README.md +++ b/modules/operational-insights/workspace/linked-service/README.md @@ -38,41 +38,47 @@ This module deploys a Log Analytics Workspace Linked Service. | [`tags`](#parameter-tags) | object | Tags to configure in the resource. | | [`writeAccessResourceId`](#parameter-writeaccessresourceid) | string | The resource ID of the resource that will be linked to the workspace. This should be used for linking resources which require write access. | -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` - -### Parameter: `logAnalyticsWorkspaceName` - -The name of the parent Log Analytics workspace. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `name` Name of the link. + - Required: Yes - Type: string ### Parameter: `resourceId` The resource ID of the resource that will be linked to the workspace. This should be used for linking resources which require read access. + - Required: No - Type: string - Default: `''` +### Parameter: `logAnalyticsWorkspaceName` + +The name of the parent Log Analytics workspace. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` + ### Parameter: `tags` Tags to configure in the resource. + - Required: No - Type: object ### Parameter: `writeAccessResourceId` The resource ID of the resource that will be linked to the workspace. This should be used for linking resources which require write access. + - Required: No - Type: string - Default: `''` diff --git a/modules/operational-insights/workspace/linked-storage-account/README.md b/modules/operational-insights/workspace/linked-storage-account/README.md index 97a318c405..983a98fe21 100644 --- a/modules/operational-insights/workspace/linked-storage-account/README.md +++ b/modules/operational-insights/workspace/linked-storage-account/README.md @@ -36,22 +36,10 @@ This module deploys a Log Analytics Workspace Linked Storage Account. | :-- | :-- | :-- | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` - -### Parameter: `logAnalyticsWorkspaceName` - -The name of the parent Log Analytics workspace. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `name` Name of the link. + - Required: Yes - Type: string - Allowed: @@ -67,9 +55,25 @@ Name of the link. ### Parameter: `resourceId` The resource ID of the resource that will be linked to the workspace. This should be used for linking resources which require read access. + - Required: Yes - Type: string +### Parameter: `logAnalyticsWorkspaceName` + +The name of the parent Log Analytics workspace. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` + ## Outputs diff --git a/modules/operational-insights/workspace/saved-search/README.md b/modules/operational-insights/workspace/saved-search/README.md index 6d8fabc766..848c79064d 100644 --- a/modules/operational-insights/workspace/saved-search/README.md +++ b/modules/operational-insights/workspace/saved-search/README.md @@ -46,18 +46,42 @@ This module deploys a Log Analytics Workspace Saved Search. ### Parameter: `category` Query category. + - Required: Yes - Type: string ### Parameter: `displayName` Display name for the search. + +- Required: Yes +- Type: string + +### Parameter: `name` + +Name of the saved search. + +- Required: Yes +- Type: string + +### Parameter: `query` + +Kusto Query to be stored. + +- Required: Yes +- Type: string + +### Parameter: `logAnalyticsWorkspaceName` + +The name of the parent Log Analytics workspace. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -65,6 +89,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `etag` The ETag of the saved search. To override an existing saved search, use "*" or specify the current Etag. + - Required: No - Type: string - Default: `'*'` @@ -72,6 +97,7 @@ The ETag of the saved search. To override an existing saved search, use "*" or s ### Parameter: `functionAlias` The function alias if query serves as a function. + - Required: No - Type: string - Default: `''` @@ -79,31 +105,15 @@ The function alias if query serves as a function. ### Parameter: `functionParameters` The optional function parameters if query serves as a function. Value should be in the following format: "param-name1:type1 = default_value1, param-name2:type2 = default_value2". For more examples and proper syntax please refer to /azure/kusto/query/functions/user-defined-functions. + - Required: No - Type: string - Default: `''` -### Parameter: `logAnalyticsWorkspaceName` - -The name of the parent Log Analytics workspace. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - -### Parameter: `name` - -Name of the saved search. -- Required: Yes -- Type: string - -### Parameter: `query` - -Kusto Query to be stored. -- Required: Yes -- Type: string - ### Parameter: `tags` Tags to configure in the resource. + - Required: No - Type: array - Default: `[]` @@ -111,6 +121,7 @@ Tags to configure in the resource. ### Parameter: `version` The version number of the query language. + - Required: No - Type: int - Default: `2` diff --git a/modules/operational-insights/workspace/storage-insight-config/README.md b/modules/operational-insights/workspace/storage-insight-config/README.md index 1e589388ee..5f3b984a87 100644 --- a/modules/operational-insights/workspace/storage-insight-config/README.md +++ b/modules/operational-insights/workspace/storage-insight-config/README.md @@ -39,9 +39,24 @@ This module deploys a Log Analytics Workspace Storage Insight Config. | [`tables`](#parameter-tables) | array | The names of the Azure tables that the workspace should read. | | [`tags`](#parameter-tags) | object | Tags to configure in the resource. | +### Parameter: `storageAccountResourceId` + +The Azure Resource Manager ID of the storage account resource. + +- Required: Yes +- Type: string + +### Parameter: `logAnalyticsWorkspaceName` + +The name of the parent Log Analytics workspace. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `containers` The names of the blob containers that the workspace should read. + - Required: No - Type: array - Default: `[]` @@ -49,32 +64,23 @@ The names of the blob containers that the workspace should read. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` -### Parameter: `logAnalyticsWorkspaceName` - -The name of the parent Log Analytics workspace. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `name` The name of the storage insights config. + - Required: No - Type: string - Default: `[format('{0}-stinsconfig', last(split(parameters('storageAccountResourceId'), '/')))]` -### Parameter: `storageAccountResourceId` - -The Azure Resource Manager ID of the storage account resource. -- Required: Yes -- Type: string - ### Parameter: `tables` The names of the Azure tables that the workspace should read. + - Required: No - Type: array - Default: `[]` @@ -82,6 +88,7 @@ The names of the Azure tables that the workspace should read. ### Parameter: `tags` Tags to configure in the resource. + - Required: No - Type: object diff --git a/modules/operational-insights/workspace/table/README.md b/modules/operational-insights/workspace/table/README.md index eb3e62a8d1..5ad6220105 100644 --- a/modules/operational-insights/workspace/table/README.md +++ b/modules/operational-insights/workspace/table/README.md @@ -41,22 +41,32 @@ This module deploys a Log Analytics Workspace Table. | [`searchResults`](#parameter-searchresults) | object | Parameters of the search job that initiated this table. | | [`totalRetentionInDays`](#parameter-totalretentionindays) | int | The table total retention in days, between 4 and 2555. Setting this property to -1 will default to table retention. | +### Parameter: `name` + +The name of the table. + +- Required: Yes +- Type: string + +### Parameter: `workspaceName` + +The name of the parent workspaces. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `enableDefaultTelemetry` Enable telemetry via the Customer Usage Attribution ID (GUID). + - Required: No - Type: bool - Default: `True` -### Parameter: `name` - -The name of the table. -- Required: Yes -- Type: string - ### Parameter: `plan` Instruct the system how to handle and charge the logs ingested to this table. + - Required: No - Type: string - Default: `'Analytics'` @@ -71,6 +81,7 @@ Instruct the system how to handle and charge the logs ingested to this table. ### Parameter: `restoredLogs` Restore parameters. + - Required: No - Type: object - Default: `{}` @@ -78,6 +89,7 @@ Restore parameters. ### Parameter: `retentionInDays` The table retention in days, between 4 and 730. Setting this property to -1 will default to the workspace retention. + - Required: No - Type: int - Default: `-1` @@ -85,6 +97,7 @@ The table retention in days, between 4 and 730. Setting this property to -1 will ### Parameter: `schema` Table's schema. + - Required: No - Type: object - Default: `{}` @@ -92,6 +105,7 @@ Table's schema. ### Parameter: `searchResults` Parameters of the search job that initiated this table. + - Required: No - Type: object - Default: `{}` @@ -99,16 +113,11 @@ Parameters of the search job that initiated this table. ### Parameter: `totalRetentionInDays` The table total retention in days, between 4 and 2555. Setting this property to -1 will default to table retention. + - Required: No - Type: int - Default: `-1` -### Parameter: `workspaceName` - -The name of the parent workspaces. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/operations-management/solution/README.md b/modules/operations-management/solution/README.md index 6927388c0e..460d47533d 100644 --- a/modules/operations-management/solution/README.md +++ b/modules/operations-management/solution/README.md @@ -215,9 +215,24 @@ module solution 'br:bicep/modules/operations-management.solution:1.0.0' = { | [`product`](#parameter-product) | string | The product of the deployed solution. For Microsoft published gallery solution it should be `OMSGallery` and the target solution resource product will be composed as `OMSGallery/{name}`. For third party solution, it can be anything. This is case sensitive. | | [`publisher`](#parameter-publisher) | string | The publisher name of the deployed solution. For Microsoft published gallery solution, it is `Microsoft`. | +### Parameter: `logAnalyticsWorkspaceName` + +Name of the Log Analytics workspace where the solution will be deployed/enabled. + +- Required: Yes +- Type: string + +### Parameter: `name` + +Name of the solution. For Microsoft published gallery solution the target solution resource name will be composed as `{name}({logAnalyticsWorkspaceName})`. + +- Required: Yes +- Type: string + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -225,25 +240,15 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` -### Parameter: `logAnalyticsWorkspaceName` - -Name of the Log Analytics workspace where the solution will be deployed/enabled. -- Required: Yes -- Type: string - -### Parameter: `name` - -Name of the solution. For Microsoft published gallery solution the target solution resource name will be composed as `{name}({logAnalyticsWorkspaceName})`. -- Required: Yes -- Type: string - ### Parameter: `product` The product of the deployed solution. For Microsoft published gallery solution it should be `OMSGallery` and the target solution resource product will be composed as `OMSGallery/{name}`. For third party solution, it can be anything. This is case sensitive. + - Required: No - Type: string - Default: `'OMSGallery'` @@ -251,6 +256,7 @@ The product of the deployed solution. For Microsoft published gallery solution i ### Parameter: `publisher` The publisher name of the deployed solution. For Microsoft published gallery solution, it is `Microsoft`. + - Required: No - Type: string - Default: `'Microsoft'` diff --git a/modules/policy-insights/remediation/README.md b/modules/policy-insights/remediation/README.md index c22cb0aede..23000704d6 100644 --- a/modules/policy-insights/remediation/README.md +++ b/modules/policy-insights/remediation/README.md @@ -448,9 +448,24 @@ module remediation 'br:bicep/modules/policy-insights.remediation:1.0.0' = { | [`resourceGroupName`](#parameter-resourcegroupname) | string | The target scope for the remediation. The name of the resource group for the policy assignment. | | [`subscriptionId`](#parameter-subscriptionid) | string | The target scope for the remediation. The subscription ID of the subscription for the policy assignment. | +### Parameter: `name` + +Specifies the name of the policy remediation. + +- Required: Yes +- Type: string + +### Parameter: `policyAssignmentId` + +The resource ID of the policy assignment that should be remediated. + +- Required: Yes +- Type: string + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -458,6 +473,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `failureThresholdPercentage` The remediation failure threshold settings. A number between 0.0 to 1.0 representing the percentage failure threshold. The remediation will fail if the percentage of failed remediation operations (i.e. failed deployments) exceeds this threshold. 0 means that the remediation will stop after the first failure. 1 means that the remediation will not stop even if all deployments fail. + - Required: No - Type: string - Default: `'1'` @@ -465,6 +481,7 @@ The remediation failure threshold settings. A number between 0.0 to 1.0 represen ### Parameter: `filtersLocations` The filters that will be applied to determine which resources to remediate. + - Required: No - Type: array - Default: `[]` @@ -472,6 +489,7 @@ The filters that will be applied to determine which resources to remediate. ### Parameter: `location` Location deployment metadata. + - Required: No - Type: string - Default: `[deployment().location]` @@ -479,32 +497,23 @@ Location deployment metadata. ### Parameter: `managementGroupId` The target scope for the remediation. The name of the management group for the policy assignment. If not provided, will use the current scope for deployment. + - Required: No - Type: string - Default: `[managementGroup().name]` -### Parameter: `name` - -Specifies the name of the policy remediation. -- Required: Yes -- Type: string - ### Parameter: `parallelDeployments` Determines how many resources to remediate at any given time. Can be used to increase or reduce the pace of the remediation. Can be between 1-30. Higher values will cause the remediation to complete more quickly, but increase the risk of throttling. If not provided, the default parallel deployments value is used. + - Required: No - Type: int - Default: `10` -### Parameter: `policyAssignmentId` - -The resource ID of the policy assignment that should be remediated. -- Required: Yes -- Type: string - ### Parameter: `policyDefinitionReferenceId` The policy definition reference ID of the individual definition that should be remediated. Required when the policy assignment being remediated assigns a policy set definition. + - Required: No - Type: string - Default: `''` @@ -512,6 +521,7 @@ The policy definition reference ID of the individual definition that should be r ### Parameter: `resourceCount` Determines the max number of resources that can be remediated by the remediation job. Can be between 1-50000. If not provided, the default resource count is used. + - Required: No - Type: int - Default: `500` @@ -519,6 +529,7 @@ Determines the max number of resources that can be remediated by the remediation ### Parameter: `resourceDiscoveryMode` The way resources to remediate are discovered. Defaults to ExistingNonCompliant if not specified. + - Required: No - Type: string - Default: `'ExistingNonCompliant'` @@ -533,6 +544,7 @@ The way resources to remediate are discovered. Defaults to ExistingNonCompliant ### Parameter: `resourceGroupName` The target scope for the remediation. The name of the resource group for the policy assignment. + - Required: No - Type: string - Default: `''` @@ -540,6 +552,7 @@ The target scope for the remediation. The name of the resource group for the pol ### Parameter: `subscriptionId` The target scope for the remediation. The subscription ID of the subscription for the policy assignment. + - Required: No - Type: string - Default: `''` diff --git a/modules/policy-insights/remediation/management-group/README.md b/modules/policy-insights/remediation/management-group/README.md index f93cf15102..a3fe72ecf2 100644 --- a/modules/policy-insights/remediation/management-group/README.md +++ b/modules/policy-insights/remediation/management-group/README.md @@ -37,9 +37,24 @@ This module deploys a Policy Insights Remediation on a Management Group scope. | [`resourceCount`](#parameter-resourcecount) | int | Determines the max number of resources that can be remediated by the remediation job. Can be between 1-50000. If not provided, the default resource count is used. | | [`resourceDiscoveryMode`](#parameter-resourcediscoverymode) | string | The way resources to remediate are discovered. Defaults to ExistingNonCompliant if not specified. | +### Parameter: `name` + +Specifies the name of the policy remediation. + +- Required: Yes +- Type: string + +### Parameter: `policyAssignmentId` + +The resource ID of the policy assignment that should be remediated. + +- Required: Yes +- Type: string + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -47,6 +62,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `failureThresholdPercentage` The remediation failure threshold settings. A number between 0.0 to 1.0 representing the percentage failure threshold. The remediation will fail if the percentage of failed remediation operations (i.e. failed deployments) exceeds this threshold. 0 means that the remediation will stop after the first failure. 1 means that the remediation will not stop even if all deployments fail. + - Required: No - Type: string - Default: `'1'` @@ -54,6 +70,7 @@ The remediation failure threshold settings. A number between 0.0 to 1.0 represen ### Parameter: `filtersLocations` The filters that will be applied to determine which resources to remediate. + - Required: No - Type: array - Default: `[]` @@ -61,32 +78,23 @@ The filters that will be applied to determine which resources to remediate. ### Parameter: `location` Location deployment metadata. + - Required: No - Type: string - Default: `[deployment().location]` -### Parameter: `name` - -Specifies the name of the policy remediation. -- Required: Yes -- Type: string - ### Parameter: `parallelDeployments` Determines how many resources to remediate at any given time. Can be used to increase or reduce the pace of the remediation. Can be between 1-30. Higher values will cause the remediation to complete more quickly, but increase the risk of throttling. If not provided, the default parallel deployments value is used. + - Required: No - Type: int - Default: `10` -### Parameter: `policyAssignmentId` - -The resource ID of the policy assignment that should be remediated. -- Required: Yes -- Type: string - ### Parameter: `policyDefinitionReferenceId` The policy definition reference ID of the individual definition that should be remediated. Required when the policy assignment being remediated assigns a policy set definition. + - Required: No - Type: string - Default: `''` @@ -94,6 +102,7 @@ The policy definition reference ID of the individual definition that should be r ### Parameter: `resourceCount` Determines the max number of resources that can be remediated by the remediation job. Can be between 1-50000. If not provided, the default resource count is used. + - Required: No - Type: int - Default: `500` @@ -101,6 +110,7 @@ Determines the max number of resources that can be remediated by the remediation ### Parameter: `resourceDiscoveryMode` The way resources to remediate are discovered. Defaults to ExistingNonCompliant if not specified. + - Required: No - Type: string - Default: `'ExistingNonCompliant'` diff --git a/modules/policy-insights/remediation/resource-group/README.md b/modules/policy-insights/remediation/resource-group/README.md index 4878811b31..9f60629423 100644 --- a/modules/policy-insights/remediation/resource-group/README.md +++ b/modules/policy-insights/remediation/resource-group/README.md @@ -37,9 +37,24 @@ This module deploys a Policy Insights Remediation on a Resource Group scope. | [`resourceCount`](#parameter-resourcecount) | int | Determines the max number of resources that can be remediated by the remediation job. Can be between 1-50000. If not provided, the default resource count is used. | | [`resourceDiscoveryMode`](#parameter-resourcediscoverymode) | string | The way resources to remediate are discovered. Defaults to ExistingNonCompliant if not specified. | +### Parameter: `name` + +Specifies the name of the policy remediation. + +- Required: Yes +- Type: string + +### Parameter: `policyAssignmentId` + +The resource ID of the policy assignment that should be remediated. + +- Required: Yes +- Type: string + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -47,6 +62,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `failureThresholdPercentage` The remediation failure threshold settings. A number between 0.0 to 1.0 representing the percentage failure threshold. The remediation will fail if the percentage of failed remediation operations (i.e. failed deployments) exceeds this threshold. 0 means that the remediation will stop after the first failure. 1 means that the remediation will not stop even if all deployments fail. + - Required: No - Type: string - Default: `'1'` @@ -54,6 +70,7 @@ The remediation failure threshold settings. A number between 0.0 to 1.0 represen ### Parameter: `filtersLocations` The filters that will be applied to determine which resources to remediate. + - Required: No - Type: array - Default: `[]` @@ -61,32 +78,23 @@ The filters that will be applied to determine which resources to remediate. ### Parameter: `location` Location deployment metadata. + - Required: No - Type: string - Default: `[resourceGroup().location]` -### Parameter: `name` - -Specifies the name of the policy remediation. -- Required: Yes -- Type: string - ### Parameter: `parallelDeployments` Determines how many resources to remediate at any given time. Can be used to increase or reduce the pace of the remediation. Can be between 1-30. Higher values will cause the remediation to complete more quickly, but increase the risk of throttling. If not provided, the default parallel deployments value is used. + - Required: No - Type: int - Default: `10` -### Parameter: `policyAssignmentId` - -The resource ID of the policy assignment that should be remediated. -- Required: Yes -- Type: string - ### Parameter: `policyDefinitionReferenceId` The policy definition reference ID of the individual definition that should be remediated. Required when the policy assignment being remediated assigns a policy set definition. + - Required: No - Type: string - Default: `''` @@ -94,6 +102,7 @@ The policy definition reference ID of the individual definition that should be r ### Parameter: `resourceCount` Determines the max number of resources that can be remediated by the remediation job. Can be between 1-50000. If not provided, the default resource count is used. + - Required: No - Type: int - Default: `500` @@ -101,6 +110,7 @@ Determines the max number of resources that can be remediated by the remediation ### Parameter: `resourceDiscoveryMode` The way resources to remediate are discovered. Defaults to ExistingNonCompliant if not specified. + - Required: No - Type: string - Default: `'ExistingNonCompliant'` diff --git a/modules/policy-insights/remediation/subscription/README.md b/modules/policy-insights/remediation/subscription/README.md index b121a0f8d5..6b9a9811c8 100644 --- a/modules/policy-insights/remediation/subscription/README.md +++ b/modules/policy-insights/remediation/subscription/README.md @@ -37,9 +37,24 @@ This module deploys a Policy Insights Remediation on a Subscription scope. | [`resourceCount`](#parameter-resourcecount) | int | Determines the max number of resources that can be remediated by the remediation job. Can be between 1-50000. If not provided, the default resource count is used. | | [`resourceDiscoveryMode`](#parameter-resourcediscoverymode) | string | The way resources to remediate are discovered. Defaults to ExistingNonCompliant if not specified. | +### Parameter: `name` + +Specifies the name of the policy remediation. + +- Required: Yes +- Type: string + +### Parameter: `policyAssignmentId` + +The resource ID of the policy assignment that should be remediated. + +- Required: Yes +- Type: string + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -47,6 +62,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `failureThresholdPercentage` The remediation failure threshold settings. A number between 0.0 to 1.0 representing the percentage failure threshold. The remediation will fail if the percentage of failed remediation operations (i.e. failed deployments) exceeds this threshold. 0 means that the remediation will stop after the first failure. 1 means that the remediation will not stop even if all deployments fail. + - Required: No - Type: string - Default: `'1'` @@ -54,6 +70,7 @@ The remediation failure threshold settings. A number between 0.0 to 1.0 represen ### Parameter: `filtersLocations` The filters that will be applied to determine which resources to remediate. + - Required: No - Type: array - Default: `[]` @@ -61,32 +78,23 @@ The filters that will be applied to determine which resources to remediate. ### Parameter: `location` Location deployment metadata. + - Required: No - Type: string - Default: `[deployment().location]` -### Parameter: `name` - -Specifies the name of the policy remediation. -- Required: Yes -- Type: string - ### Parameter: `parallelDeployments` Determines how many resources to remediate at any given time. Can be used to increase or reduce the pace of the remediation. Can be between 1-30. Higher values will cause the remediation to complete more quickly, but increase the risk of throttling. If not provided, the default parallel deployments value is used. + - Required: No - Type: int - Default: `10` -### Parameter: `policyAssignmentId` - -The resource ID of the policy assignment that should be remediated. -- Required: Yes -- Type: string - ### Parameter: `policyDefinitionReferenceId` The policy definition reference ID of the individual definition that should be remediated. Required when the policy assignment being remediated assigns a policy set definition. + - Required: No - Type: string - Default: `''` @@ -94,6 +102,7 @@ The policy definition reference ID of the individual definition that should be r ### Parameter: `resourceCount` Determines the max number of resources that can be remediated by the remediation job. Can be between 1-50000. If not provided, the default resource count is used. + - Required: No - Type: int - Default: `500` @@ -101,6 +110,7 @@ Determines the max number of resources that can be remediated by the remediation ### Parameter: `resourceDiscoveryMode` The way resources to remediate are discovered. Defaults to ExistingNonCompliant if not specified. + - Required: No - Type: string - Default: `'ExistingNonCompliant'` diff --git a/modules/power-bi-dedicated/capacity/README.md b/modules/power-bi-dedicated/capacity/README.md index 93a0348544..01010cbef4 100644 --- a/modules/power-bi-dedicated/capacity/README.md +++ b/modules/power-bi-dedicated/capacity/README.md @@ -310,9 +310,31 @@ module capacity 'br:bicep/modules/power-bi-dedicated.capacity:1.0.0' = { | [`skuTier`](#parameter-skutier) | string | SkuCapacity of the resource. | | [`tags`](#parameter-tags) | object | Tags of the resource. | +### Parameter: `members` + +Members of the resource. + +- Required: Yes +- Type: array + +### Parameter: `name` + +Name of the PowerBI Embedded. + +- Required: Yes +- Type: string + +### Parameter: `skuCapacity` + +SkuCapacity of the resource. + +- Required: Yes +- Type: int + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -320,6 +342,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` Location for all Resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -327,39 +350,43 @@ Location for all Resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string -### Parameter: `members` - -Members of the resource. -- Required: Yes -- Type: array - ### Parameter: `mode` Mode of the resource. + - Required: No - Type: string - Default: `'Gen2'` @@ -371,89 +398,99 @@ Mode of the resource. ] ``` -### Parameter: `name` - -Name of the PowerBI Embedded. -- Required: Yes -- Type: string - ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string - -### Parameter: `skuCapacity` - -SkuCapacity of the resource. -- Required: Yes -- Type: int +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `skuName` SkuCapacity of the resource. + - Required: No - Type: string - Default: `'A1'` @@ -472,6 +509,7 @@ SkuCapacity of the resource. ### Parameter: `skuTier` SkuCapacity of the resource. + - Required: No - Type: string - Default: `'PBIE_Azure'` @@ -487,6 +525,7 @@ SkuCapacity of the resource. ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object diff --git a/modules/purview/account/README.md b/modules/purview/account/README.md index a77bb25aa2..eb5056c784 100644 --- a/modules/purview/account/README.md +++ b/modules/purview/account/README.md @@ -697,9 +697,17 @@ module account 'br:bicep/modules/purview.account:1.0.0' = { | [`storageQueuePrivateEndpoints`](#parameter-storagequeueprivateendpoints) | array | Configuration details for Purview Managed Storage Account queue private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Make sure the service property is set to 'queue'. | | [`tags`](#parameter-tags) | object | Tags of the resource. | +### Parameter: `name` + +Name of the Purview Account. + +- Required: Yes +- Type: string + ### Parameter: `accountPrivateEndpoints` Configuration details for Purview Account private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Make sure the service property is set to 'account'. + - Required: No - Type: array - Default: `[]` @@ -707,114 +715,90 @@ Configuration details for Purview Account private endpoints. For security reason ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.metricCategories` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | - -### Parameter: `diagnosticSettings.metricCategories.category` - -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. - -- Required: Yes -- Type: string - - ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -822,6 +806,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -829,6 +814,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `eventHubPrivateEndpoints` Configuration details for Purview Managed Event Hub namespace private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Make sure the service property is set to 'namespace'. + - Required: No - Type: array - Default: `[]` @@ -836,6 +822,7 @@ Configuration details for Purview Managed Event Hub namespace private endpoints. ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -843,26 +830,35 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -870,17 +866,19 @@ Optional. Specify the name of lock. ### Parameter: `managedIdentities` The managed identity definition for this resource. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | Yes | array | Optional. The resource ID(s) to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. | ### Parameter: `managedIdentities.userAssignedResourceIds` -Optional. The resource ID(s) to assign to the resource. +The resource ID(s) to assign to the resource. - Required: Yes - Type: array @@ -888,19 +886,15 @@ Optional. The resource ID(s) to assign to the resource. ### Parameter: `managedResourceGroupName` The Managed Resource Group Name. A managed Storage Account, and an Event Hubs will be created in the selected subscription for catalog ingestion scenarios. Default is 'managed-rg-'. + - Required: No - Type: string - Default: `[format('managed-rg-{0}', parameters('name'))]` -### Parameter: `name` - -Name of the Purview Account. -- Required: Yes -- Type: string - ### Parameter: `portalPrivateEndpoints` Configuration details for Purview Portal private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Make sure the service property is set to 'portal'. + - Required: No - Type: array - Default: `[]` @@ -908,6 +902,7 @@ Configuration details for Purview Portal private endpoints. For security reasons ### Parameter: `publicNetworkAccess` Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. + - Required: No - Type: string - Default: `'NotSpecified'` @@ -923,74 +918,96 @@ Whether or not public network access is allowed for this resource. For security ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `storageBlobPrivateEndpoints` Configuration details for Purview Managed Storage Account blob private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Make sure the service property is set to 'blob'. + - Required: No - Type: array - Default: `[]` @@ -998,6 +1015,7 @@ Configuration details for Purview Managed Storage Account blob private endpoints ### Parameter: `storageQueuePrivateEndpoints` Configuration details for Purview Managed Storage Account queue private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Make sure the service property is set to 'queue'. + - Required: No - Type: array - Default: `[]` @@ -1005,6 +1023,7 @@ Configuration details for Purview Managed Storage Account queue private endpoint ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object diff --git a/modules/recovery-services/vault/README.md b/modules/recovery-services/vault/README.md index 8eb9e2c57d..def4d8dcf7 100644 --- a/modules/recovery-services/vault/README.md +++ b/modules/recovery-services/vault/README.md @@ -1671,9 +1671,17 @@ module vault 'br:bicep/modules/recovery-services.vault:1.0.0' = { | [`securitySettings`](#parameter-securitysettings) | object | Security Settings of the vault. | | [`tags`](#parameter-tags) | object | Tags of the Recovery Service Vault resource. | +### Parameter: `name` + +Name of the Azure Recovery Service Vault. + +- Required: Yes +- Type: string + ### Parameter: `backupConfig` The backup configuration. + - Required: No - Type: object - Default: `{}` @@ -1681,6 +1689,7 @@ The backup configuration. ### Parameter: `backupPolicies` List of all backup policies. + - Required: No - Type: array - Default: `[]` @@ -1688,6 +1697,7 @@ List of all backup policies. ### Parameter: `backupStorageConfig` The storage configuration for the Azure Recovery Service Vault. + - Required: No - Type: object - Default: `{}` @@ -1695,114 +1705,90 @@ The storage configuration for the Azure Recovery Service Vault. ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.metricCategories` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | - -### Parameter: `diagnosticSettings.metricCategories.category` - -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. - -- Required: Yes -- Type: string - - ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -1810,6 +1796,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -1817,6 +1804,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -1824,26 +1812,35 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -1851,25 +1848,27 @@ Optional. Specify the name of lock. ### Parameter: `managedIdentities` The managed identity definition for this resource. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | No | bool | Optional. Enables system assigned managed identity on the resource. | -| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | No | array | Optional. The resource ID(s) to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | bool | Enables system assigned managed identity on the resource. | +| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. | ### Parameter: `managedIdentities.systemAssigned` -Optional. Enables system assigned managed identity on the resource. +Enables system assigned managed identity on the resource. - Required: No - Type: bool ### Parameter: `managedIdentities.userAssignedResourceIds` -Optional. The resource ID(s) to assign to the resource. +The resource ID(s) to assign to the resource. - Required: No - Type: array @@ -1877,210 +1876,255 @@ Optional. The resource ID(s) to assign to the resource. ### Parameter: `monitoringSettings` Monitoring Settings of the vault. + - Required: No - Type: object - Default: `{}` -### Parameter: `name` - -Name of the Azure Recovery Service Vault. -- Required: Yes -- Type: string - ### Parameter: `privateEndpoints` Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | No | array | Optional. Application security groups in which the private endpoint IP configuration is included. | -| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | No | array | Optional. Custom DNS configurations. | -| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | No | string | Optional. The custom name of the network interface attached to the private endpoint. | -| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | No | bool | Optional. Enable/Disable usage telemetry for module. | -| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | No | array | Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | -| [`location`](#parameter-privateendpointslocation) | No | string | Optional. The location to deploy the private endpoint to. | -| [`lock`](#parameter-privateendpointslock) | No | object | Optional. Specify the type of lock. | -| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | No | array | Optional. Manual PrivateLink Service Connections. | -| [`name`](#parameter-privateendpointsname) | No | string | Optional. The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | No | string | Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | -| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | No | array | Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | -| [`roleAssignments`](#parameter-privateendpointsroleassignments) | No | array | Optional. Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | No | string | Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | -| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | Yes | string | Required. Resource ID of the subnet where the endpoint needs to be created. | -| [`tags`](#parameter-privateendpointstags) | No | object | Optional. Tags to be applied on all resources/resource groups in this deployment. | - -### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` - -Optional. Application security groups in which the private endpoint IP configuration is included. +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | string | Resource ID of the subnet where the endpoint needs to be created. | -- Required: No -- Type: array +**Optional parameters** -### Parameter: `privateEndpoints.customDnsConfigs` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | array | Application security groups in which the private endpoint IP configuration is included. | +| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | array | Custom DNS configurations. | +| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | +| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | +| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | +| [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | +| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | +| [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | +| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | +| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | +| [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | +| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | +| [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | -Optional. Custom DNS configurations. +### Parameter: `privateEndpoints.subnetResourceId` -- Required: No -- Type: array +Resource ID of the subnet where the endpoint needs to be created. -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | No | string | Required. Fqdn that resolves to private endpoint ip address. | -| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | Yes | array | Required. A list of private ip addresses of the private endpoint. | +- Required: Yes +- Type: string -### Parameter: `privateEndpoints.customDnsConfigs.fqdn` +### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` -Required. Fqdn that resolves to private endpoint ip address. +Application security groups in which the private endpoint IP configuration is included. - Required: No -- Type: string +- Type: array -### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` +### Parameter: `privateEndpoints.customDnsConfigs` -Required. A list of private ip addresses of the private endpoint. +Custom DNS configurations. -- Required: Yes +- Required: No - Type: array - ### Parameter: `privateEndpoints.customNetworkInterfaceName` -Optional. The custom name of the network interface attached to the private endpoint. +The custom name of the network interface attached to the private endpoint. - Required: No - Type: string ### Parameter: `privateEndpoints.enableTelemetry` -Optional. Enable/Disable usage telemetry for module. +Enable/Disable usage telemetry for module. - Required: No - Type: bool ### Parameter: `privateEndpoints.ipConfigurations` -Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. +A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`name`](#parameter-privateendpointsipconfigurationsname) | Yes | string | Required. The name of the resource that is unique within a resource group. | -| [`properties`](#parameter-privateendpointsipconfigurationsproperties) | Yes | object | Required. Properties of private endpoint IP configurations. | - -### Parameter: `privateEndpoints.ipConfigurations.name` +### Parameter: `privateEndpoints.location` -Required. The name of the resource that is unique within a resource group. +The location to deploy the private endpoint to. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties` +### Parameter: `privateEndpoints.lock` -Required. Properties of private endpoint IP configurations. +Specify the type of lock. -- Required: Yes +- Required: No - Type: object -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | Yes | string | Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. | -| [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | Yes | string | Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. | -| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | Yes | string | Required. A private ip address obtained from the private endpoint's subnet. | +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-privateendpointslockkind) | string | Specify the type of lock. | +| [`name`](#parameter-privateendpointslockname) | string | Specify the name of lock. | -### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` +### Parameter: `privateEndpoints.lock.kind` -Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. +Specify the type of lock. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` -### Parameter: `privateEndpoints.ipConfigurations.properties.memberName` +### Parameter: `privateEndpoints.lock.name` -Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. +Specify the name of lock. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` +### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` -Required. A private ip address obtained from the private endpoint's subnet. +Manual PrivateLink Service Connections. -- Required: Yes -- Type: string +- Required: No +- Type: array +### Parameter: `privateEndpoints.name` +The name of the private endpoint. -### Parameter: `privateEndpoints.location` +- Required: No +- Type: string -Optional. The location to deploy the private endpoint to. +### Parameter: `privateEndpoints.privateDnsZoneGroupName` + +The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. - Required: No - Type: string -### Parameter: `privateEndpoints.lock` +### Parameter: `privateEndpoints.privateDnsZoneResourceIds` -Optional. Specify the type of lock. +The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. - Required: No -- Type: object +- Type: array -### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` +### Parameter: `privateEndpoints.roleAssignments` -Optional. Manual PrivateLink Service Connections. +Array of role assignments to create. - Required: No - Type: array -### Parameter: `privateEndpoints.name` +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-privateendpointsroleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-privateendpointsroleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-privateendpointsroleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-privateendpointsroleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-privateendpointsroleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-privateendpointsroleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-privateendpointsroleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | + +### Parameter: `privateEndpoints.roleAssignments.principalId` -Optional. The name of the private endpoint. +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.roleAssignments.roleDefinitionIdOrName` + +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.roleAssignments.condition` + +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `privateEndpoints.privateDnsZoneGroupName` +### Parameter: `privateEndpoints.roleAssignments.conditionVersion` -Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `privateEndpoints.privateDnsZoneResourceIds` +### Parameter: `privateEndpoints.roleAssignments.delegatedManagedIdentityResourceId` -Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. +The Resource Id of the delegated managed identity resource. - Required: No -- Type: array +- Type: string -### Parameter: `privateEndpoints.roleAssignments` +### Parameter: `privateEndpoints.roleAssignments.description` -Optional. Array of role assignments to create. +The description of the role assignment. - Required: No -- Type: array +- Type: string -### Parameter: `privateEndpoints.service` +### Parameter: `privateEndpoints.roleAssignments.principalType` -Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". +The principal type of the assigned principal ID. - Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` -### Parameter: `privateEndpoints.subnetResourceId` +### Parameter: `privateEndpoints.service` -Required. Resource ID of the subnet where the endpoint needs to be created. +The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". -- Required: Yes +- Required: No - Type: string ### Parameter: `privateEndpoints.tags` -Optional. Tags to be applied on all resources/resource groups in this deployment. +Tags to be applied on all resources/resource groups in this deployment. - Required: No - Type: object @@ -2088,6 +2132,7 @@ Optional. Tags to be applied on all resources/resource groups in this deployment ### Parameter: `protectionContainers` List of all protection containers. + - Required: No - Type: array - Default: `[]` @@ -2095,6 +2140,7 @@ List of all protection containers. ### Parameter: `publicNetworkAccess` Whether or not public network access is allowed for this resource. For security reasons it should be disabled. + - Required: No - Type: string - Default: `'Disabled'` @@ -2109,6 +2155,7 @@ Whether or not public network access is allowed for this resource. For security ### Parameter: `replicationAlertSettings` Replication alert settings. + - Required: No - Type: object - Default: `{}` @@ -2116,6 +2163,7 @@ Replication alert settings. ### Parameter: `replicationFabrics` List of all replication fabrics. + - Required: No - Type: array - Default: `[]` @@ -2123,6 +2171,7 @@ List of all replication fabrics. ### Parameter: `replicationPolicies` List of all replication policies. + - Required: No - Type: array - Default: `[]` @@ -2130,74 +2179,96 @@ List of all replication policies. ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `securitySettings` Security Settings of the vault. + - Required: No - Type: object - Default: `{}` @@ -2205,6 +2276,7 @@ Security Settings of the vault. ### Parameter: `tags` Tags of the Recovery Service Vault resource. + - Required: No - Type: object diff --git a/modules/recovery-services/vault/backup-config/README.md b/modules/recovery-services/vault/backup-config/README.md index aec1ccbf4b..f9a077c8f8 100644 --- a/modules/recovery-services/vault/backup-config/README.md +++ b/modules/recovery-services/vault/backup-config/README.md @@ -37,9 +37,17 @@ This module deploys a Recovery Services Vault Backup Config. | [`storageType`](#parameter-storagetype) | string | Storage type. | | [`storageTypeState`](#parameter-storagetypestate) | string | Once a machine is registered against a resource, the storageTypeState is always Locked. | +### Parameter: `recoveryVaultName` + +The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -47,6 +55,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `enhancedSecurityState` Enable this setting to protect hybrid backups against accidental deletes and add additional layer of authentication for critical operations. + - Required: No - Type: string - Default: `'Enabled'` @@ -61,6 +70,7 @@ Enable this setting to protect hybrid backups against accidental deletes and add ### Parameter: `isSoftDeleteFeatureStateEditable` Is soft delete feature state editable. + - Required: No - Type: bool - Default: `True` @@ -68,19 +78,15 @@ Is soft delete feature state editable. ### Parameter: `name` Name of the Azure Recovery Service Vault Backup Policy. + - Required: No - Type: string - Default: `'vaultconfig'` -### Parameter: `recoveryVaultName` - -The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `resourceGuardOperationRequests` ResourceGuard Operation Requests. + - Required: No - Type: array - Default: `[]` @@ -88,6 +94,7 @@ ResourceGuard Operation Requests. ### Parameter: `softDeleteFeatureState` Enable this setting to protect backup data for Azure VM, SQL Server in Azure VM and SAP HANA in Azure VM from accidental deletes. + - Required: No - Type: string - Default: `'Enabled'` @@ -102,6 +109,7 @@ Enable this setting to protect backup data for Azure VM, SQL Server in Azure VM ### Parameter: `storageModelType` Storage type. + - Required: No - Type: string - Default: `'GeoRedundant'` @@ -118,6 +126,7 @@ Storage type. ### Parameter: `storageType` Storage type. + - Required: No - Type: string - Default: `'GeoRedundant'` @@ -134,6 +143,7 @@ Storage type. ### Parameter: `storageTypeState` Once a machine is registered against a resource, the storageTypeState is always Locked. + - Required: No - Type: string - Default: `'Locked'` diff --git a/modules/recovery-services/vault/backup-fabric/protection-container/README.md b/modules/recovery-services/vault/backup-fabric/protection-container/README.md index 98712cd47b..16d53d84a2 100644 --- a/modules/recovery-services/vault/backup-fabric/protection-container/README.md +++ b/modules/recovery-services/vault/backup-fabric/protection-container/README.md @@ -42,9 +42,24 @@ This module deploys a Recovery Services Vault Protection Container. | [`protectedItems`](#parameter-protecteditems) | array | Protected items to register in the container. | | [`sourceResourceId`](#parameter-sourceresourceid) | string | Resource ID of the target resource for the Protection Container. | +### Parameter: `name` + +Name of the Azure Recovery Service Vault Protection Container. + +- Required: Yes +- Type: string + +### Parameter: `recoveryVaultName` + +The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `backupManagementType` Backup management type to execute the current Protection Container job. + - Required: No - Type: string - Default: `''` @@ -67,6 +82,7 @@ Backup management type to execute the current Protection Container job. ### Parameter: `containerType` Type of the container. + - Required: No - Type: string - Default: `''` @@ -89,6 +105,7 @@ Type of the container. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -96,6 +113,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `friendlyName` Friendly name of the Protection Container. + - Required: No - Type: string - Default: `''` @@ -103,32 +121,23 @@ Friendly name of the Protection Container. ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` -### Parameter: `name` - -Name of the Azure Recovery Service Vault Protection Container. -- Required: Yes -- Type: string - ### Parameter: `protectedItems` Protected items to register in the container. + - Required: No - Type: array - Default: `[]` -### Parameter: `recoveryVaultName` - -The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `sourceResourceId` Resource ID of the target resource for the Protection Container. + - Required: No - Type: string - Default: `''` diff --git a/modules/recovery-services/vault/backup-fabric/protection-container/protected-item/README.md b/modules/recovery-services/vault/backup-fabric/protection-container/protected-item/README.md index 2c15bf89ea..0c9eda13b5 100644 --- a/modules/recovery-services/vault/backup-fabric/protection-container/protected-item/README.md +++ b/modules/recovery-services/vault/backup-fabric/protection-container/protected-item/README.md @@ -40,35 +40,24 @@ This module deploys a Recovery Services Vault Protection Container Protected Ite | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`location`](#parameter-location) | string | Location for all resources. | -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` - -### Parameter: `location` - -Location for all resources. -- Required: No -- Type: string -- Default: `[resourceGroup().location]` - ### Parameter: `name` Name of the resource. + - Required: Yes - Type: string ### Parameter: `policyId` ID of the backup policy with which this item is backed up. + - Required: Yes - Type: string ### Parameter: `protectedItemType` The backup item type. + - Required: Yes - Type: string - Allowed: @@ -87,23 +76,42 @@ The backup item type. ] ``` +### Parameter: `sourceResourceId` + +Resource ID of the resource to back up. + +- Required: Yes +- Type: string + ### Parameter: `protectionContainerName` Name of the Azure Recovery Service Vault Protection Container. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string ### Parameter: `recoveryVaultName` The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string -### Parameter: `sourceResourceId` +### Parameter: `enableDefaultTelemetry` -Resource ID of the resource to back up. -- Required: Yes +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location for all resources. + +- Required: No - Type: string +- Default: `[resourceGroup().location]` ## Outputs diff --git a/modules/recovery-services/vault/backup-policy/README.md b/modules/recovery-services/vault/backup-policy/README.md index c769d8ce08..a76148c582 100644 --- a/modules/recovery-services/vault/backup-policy/README.md +++ b/modules/recovery-services/vault/backup-policy/README.md @@ -36,31 +36,35 @@ This module deploys a Recovery Services Vault Backup Policy. | :-- | :-- | :-- | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` - ### Parameter: `name` Name of the Azure Recovery Service Vault Backup Policy. + - Required: Yes - Type: string ### Parameter: `properties` Configuration of the Azure Recovery Service Vault Backup Policy. + - Required: Yes - Type: object ### Parameter: `recoveryVaultName` The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` + ## Outputs diff --git a/modules/recovery-services/vault/backup-storage-config/README.md b/modules/recovery-services/vault/backup-storage-config/README.md index e049b9e89d..3d0b89984c 100644 --- a/modules/recovery-services/vault/backup-storage-config/README.md +++ b/modules/recovery-services/vault/backup-storage-config/README.md @@ -32,9 +32,17 @@ This module deploys a Recovery Service Vault Backup Storage Configuration. | [`name`](#parameter-name) | string | The name of the backup storage config. | | [`storageModelType`](#parameter-storagemodeltype) | string | Change Vault Storage Type (Works if vault has not registered any backup instance). | +### Parameter: `recoveryVaultName` + +The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `crossRegionRestoreFlag` Opt in details of Cross Region Restore feature. + - Required: No - Type: bool - Default: `True` @@ -42,6 +50,7 @@ Opt in details of Cross Region Restore feature. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -49,19 +58,15 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `name` The name of the backup storage config. + - Required: No - Type: string - Default: `'vaultstorageconfig'` -### Parameter: `recoveryVaultName` - -The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `storageModelType` Change Vault Storage Type (Works if vault has not registered any backup instance). + - Required: No - Type: string - Default: `'GeoRedundant'` diff --git a/modules/recovery-services/vault/replication-alert-setting/README.md b/modules/recovery-services/vault/replication-alert-setting/README.md index d0067568b8..d8c489809d 100644 --- a/modules/recovery-services/vault/replication-alert-setting/README.md +++ b/modules/recovery-services/vault/replication-alert-setting/README.md @@ -33,9 +33,17 @@ This module deploys a Recovery Services Vault Replication Alert Settings. | [`name`](#parameter-name) | string | The name of the replication Alert Setting. | | [`sendToOwners`](#parameter-sendtoowners) | string | The value indicating whether to send email to subscription administrator. | +### Parameter: `recoveryVaultName` + +The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `customEmailAddresses` Comma separated list of custom email address for sending alert emails. + - Required: No - Type: array - Default: `[]` @@ -43,6 +51,7 @@ Comma separated list of custom email address for sending alert emails. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -50,6 +59,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `locale` The locale for the email notification. + - Required: No - Type: string - Default: `''` @@ -57,19 +67,15 @@ The locale for the email notification. ### Parameter: `name` The name of the replication Alert Setting. + - Required: No - Type: string - Default: `'defaultAlertSetting'` -### Parameter: `recoveryVaultName` - -The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `sendToOwners` The value indicating whether to send email to subscription administrator. + - Required: No - Type: string - Default: `'Send'` diff --git a/modules/recovery-services/vault/replication-fabric/README.md b/modules/recovery-services/vault/replication-fabric/README.md index 8213e34c2a..5b2a425fc5 100644 --- a/modules/recovery-services/vault/replication-fabric/README.md +++ b/modules/recovery-services/vault/replication-fabric/README.md @@ -41,36 +41,41 @@ This module deploys a Replication Fabric for Azure to Azure disaster recovery sc | [`name`](#parameter-name) | string | The name of the fabric. | | [`replicationContainers`](#parameter-replicationcontainers) | array | Replication containers to create. | -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` - ### Parameter: `location` The recovery location the fabric represents. + - Required: No - Type: string - Default: `[resourceGroup().location]` +### Parameter: `recoveryVaultName` + +The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` + ### Parameter: `name` The name of the fabric. + - Required: No - Type: string - Default: `[parameters('location')]` -### Parameter: `recoveryVaultName` - -The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `replicationContainers` Replication containers to create. + - Required: No - Type: array - Default: `[]` diff --git a/modules/recovery-services/vault/replication-fabric/replication-protection-container/README.md b/modules/recovery-services/vault/replication-fabric/replication-protection-container/README.md index 841d221908..6869b51b00 100644 --- a/modules/recovery-services/vault/replication-fabric/replication-protection-container/README.md +++ b/modules/recovery-services/vault/replication-fabric/replication-protection-container/README.md @@ -40,38 +40,43 @@ This module deploys a Recovery Services Vault Replication Protection Container. | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`replicationContainerMappings`](#parameter-replicationcontainermappings) | array | Replication containers mappings to create. | -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` - ### Parameter: `name` The name of the replication container. + - Required: Yes - Type: string ### Parameter: `recoveryVaultName` The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + +### Parameter: `replicationFabricName` + +The name of the parent Replication Fabric. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` + ### Parameter: `replicationContainerMappings` Replication containers mappings to create. + - Required: No - Type: array - Default: `[]` -### Parameter: `replicationFabricName` - -The name of the parent Replication Fabric. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/recovery-services/vault/replication-fabric/replication-protection-container/replication-protection-container-mapping/README.md b/modules/recovery-services/vault/replication-fabric/replication-protection-container/replication-protection-container-mapping/README.md index e409532d3e..f353db55e2 100644 --- a/modules/recovery-services/vault/replication-fabric/replication-protection-container/replication-protection-container-mapping/README.md +++ b/modules/recovery-services/vault/replication-fabric/replication-protection-container/replication-protection-container-mapping/README.md @@ -39,9 +39,31 @@ This module deploys a Recovery Services Vault (RSV) Replication Protection Conta | [`targetContainerName`](#parameter-targetcontainername) | string | Name of the target container. Must be specified if targetProtectionContainerId is not. If targetProtectionContainerId is specified, this parameter will be ignored. | | [`targetProtectionContainerId`](#parameter-targetprotectioncontainerid) | string | Resource ID of the target Replication container. Must be specified if targetContainerName is not. If specified, targetContainerFabricName and targetContainerName will be ignored. | +### Parameter: `recoveryVaultName` + +The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + +### Parameter: `replicationFabricName` + +The name of the parent Replication Fabric. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + +### Parameter: `sourceProtectionContainerName` + +The name of the parent source Replication container. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -49,6 +71,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `name` The name of the replication container mapping. If not provided, it will be automatically generated as `-`. + - Required: No - Type: string - Default: `''` @@ -56,6 +79,7 @@ The name of the replication container mapping. If not provided, it will be autom ### Parameter: `policyId` Resource ID of the replication policy. If defined, policyName will be ignored. + - Required: No - Type: string - Default: `''` @@ -63,31 +87,15 @@ Resource ID of the replication policy. If defined, policyName will be ignored. ### Parameter: `policyName` Name of the replication policy. Will be ignored if policyId is also specified. + - Required: No - Type: string - Default: `''` -### Parameter: `recoveryVaultName` - -The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - -### Parameter: `replicationFabricName` - -The name of the parent Replication Fabric. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - -### Parameter: `sourceProtectionContainerName` - -The name of the parent source Replication container. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `targetContainerFabricName` Name of the fabric containing the target container. If targetProtectionContainerId is specified, this parameter will be ignored. + - Required: No - Type: string - Default: `[parameters('replicationFabricName')]` @@ -95,6 +103,7 @@ Name of the fabric containing the target container. If targetProtectionContainer ### Parameter: `targetContainerName` Name of the target container. Must be specified if targetProtectionContainerId is not. If targetProtectionContainerId is specified, this parameter will be ignored. + - Required: No - Type: string - Default: `''` @@ -102,6 +111,7 @@ Name of the target container. Must be specified if targetProtectionContainerId i ### Parameter: `targetProtectionContainerId` Resource ID of the target Replication container. Must be specified if targetContainerName is not. If specified, targetContainerFabricName and targetContainerName will be ignored. + - Required: No - Type: string - Default: `''` diff --git a/modules/recovery-services/vault/replication-policy/README.md b/modules/recovery-services/vault/replication-policy/README.md index 5a36589e2b..d7b8fab197 100644 --- a/modules/recovery-services/vault/replication-policy/README.md +++ b/modules/recovery-services/vault/replication-policy/README.md @@ -41,9 +41,24 @@ This module deploys a Recovery Services Vault Replication Policy for Disaster Re | [`multiVmSyncStatus`](#parameter-multivmsyncstatus) | string | A value indicating whether multi-VM sync has to be enabled. | | [`recoveryPointHistory`](#parameter-recoverypointhistory) | int | The duration in minutes until which the recovery points need to be stored. | +### Parameter: `name` + +The name of the replication policy. + +- Required: Yes +- Type: string + +### Parameter: `recoveryVaultName` + +The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `appConsistentFrequencyInMinutes` The app consistent snapshot frequency (in minutes). + - Required: No - Type: int - Default: `60` @@ -51,6 +66,7 @@ The app consistent snapshot frequency (in minutes). ### Parameter: `crashConsistentFrequencyInMinutes` The crash consistent snapshot frequency (in minutes). + - Required: No - Type: int - Default: `5` @@ -58,6 +74,7 @@ The crash consistent snapshot frequency (in minutes). ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -65,6 +82,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `multiVmSyncStatus` A value indicating whether multi-VM sync has to be enabled. + - Required: No - Type: string - Default: `'Enable'` @@ -76,25 +94,14 @@ A value indicating whether multi-VM sync has to be enabled. ] ``` -### Parameter: `name` - -The name of the replication policy. -- Required: Yes -- Type: string - ### Parameter: `recoveryPointHistory` The duration in minutes until which the recovery points need to be stored. + - Required: No - Type: int - Default: `1440` -### Parameter: `recoveryVaultName` - -The name of the parent Azure Recovery Service Vault. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/relay/namespace/README.md b/modules/relay/namespace/README.md index 32864ab014..3bd4e855c5 100644 --- a/modules/relay/namespace/README.md +++ b/modules/relay/namespace/README.md @@ -783,9 +783,17 @@ module namespace 'br:bicep/modules/relay.namespace:1.0.0' = { | [`tags`](#parameter-tags) | object | Tags of the resource. | | [`wcfRelays`](#parameter-wcfrelays) | array | The wcf relays to create in the relay namespace. | +### Parameter: `name` + +Name of the Relay Namespace. + +- Required: Yes +- Type: string + ### Parameter: `authorizationRules` Authorization Rules for the Relay namespace. + - Required: No - Type: array - Default: @@ -805,114 +813,90 @@ Authorization Rules for the Relay namespace. ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.metricCategories` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | - -### Parameter: `diagnosticSettings.metricCategories.category` - -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. - -- Required: Yes -- Type: string - - ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -920,6 +904,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -927,6 +912,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `hybridConnections` The hybrid connections to create in the relay namespace. + - Required: No - Type: array - Default: `[]` @@ -934,6 +920,7 @@ The hybrid connections to create in the relay namespace. ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -941,39 +928,43 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string -### Parameter: `name` - -Name of the Relay Namespace. -- Required: Yes -- Type: string - ### Parameter: `networkRuleSets` Configure networking options for Relay. This object contains IPs/Subnets to allow or restrict access to private endpoints only. For security reasons, it is recommended to configure this object on the Namespace. + - Required: No - Type: object - Default: `{}` @@ -981,197 +972,247 @@ Configure networking options for Relay. This object contains IPs/Subnets to allo ### Parameter: `privateEndpoints` Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | No | array | Optional. Application security groups in which the private endpoint IP configuration is included. | -| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | No | array | Optional. Custom DNS configurations. | -| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | No | string | Optional. The custom name of the network interface attached to the private endpoint. | -| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | No | bool | Optional. Enable/Disable usage telemetry for module. | -| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | No | array | Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | -| [`location`](#parameter-privateendpointslocation) | No | string | Optional. The location to deploy the private endpoint to. | -| [`lock`](#parameter-privateendpointslock) | No | object | Optional. Specify the type of lock. | -| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | No | array | Optional. Manual PrivateLink Service Connections. | -| [`name`](#parameter-privateendpointsname) | No | string | Optional. The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | No | string | Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | -| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | No | array | Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | -| [`roleAssignments`](#parameter-privateendpointsroleassignments) | No | array | Optional. Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | No | string | Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | -| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | Yes | string | Required. Resource ID of the subnet where the endpoint needs to be created. | -| [`tags`](#parameter-privateendpointstags) | No | object | Optional. Tags to be applied on all resources/resource groups in this deployment. | - -### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` - -Optional. Application security groups in which the private endpoint IP configuration is included. +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | string | Resource ID of the subnet where the endpoint needs to be created. | -- Required: No -- Type: array +**Optional parameters** -### Parameter: `privateEndpoints.customDnsConfigs` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | array | Application security groups in which the private endpoint IP configuration is included. | +| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | array | Custom DNS configurations. | +| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | +| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | +| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | +| [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | +| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | +| [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | +| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | +| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | +| [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | +| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | +| [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | -Optional. Custom DNS configurations. +### Parameter: `privateEndpoints.subnetResourceId` -- Required: No -- Type: array +Resource ID of the subnet where the endpoint needs to be created. -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | No | string | Required. Fqdn that resolves to private endpoint ip address. | -| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | Yes | array | Required. A list of private ip addresses of the private endpoint. | +- Required: Yes +- Type: string -### Parameter: `privateEndpoints.customDnsConfigs.fqdn` +### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` -Required. Fqdn that resolves to private endpoint ip address. +Application security groups in which the private endpoint IP configuration is included. - Required: No -- Type: string +- Type: array -### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` +### Parameter: `privateEndpoints.customDnsConfigs` -Required. A list of private ip addresses of the private endpoint. +Custom DNS configurations. -- Required: Yes +- Required: No - Type: array - ### Parameter: `privateEndpoints.customNetworkInterfaceName` -Optional. The custom name of the network interface attached to the private endpoint. +The custom name of the network interface attached to the private endpoint. - Required: No - Type: string ### Parameter: `privateEndpoints.enableTelemetry` -Optional. Enable/Disable usage telemetry for module. +Enable/Disable usage telemetry for module. - Required: No - Type: bool ### Parameter: `privateEndpoints.ipConfigurations` -Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. +A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`name`](#parameter-privateendpointsipconfigurationsname) | Yes | string | Required. The name of the resource that is unique within a resource group. | -| [`properties`](#parameter-privateendpointsipconfigurationsproperties) | Yes | object | Required. Properties of private endpoint IP configurations. | - -### Parameter: `privateEndpoints.ipConfigurations.name` +### Parameter: `privateEndpoints.location` -Required. The name of the resource that is unique within a resource group. +The location to deploy the private endpoint to. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties` +### Parameter: `privateEndpoints.lock` -Required. Properties of private endpoint IP configurations. +Specify the type of lock. -- Required: Yes +- Required: No - Type: object -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | Yes | string | Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. | -| [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | Yes | string | Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. | -| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | Yes | string | Required. A private ip address obtained from the private endpoint's subnet. | +**Optional parameters** -### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-privateendpointslockkind) | string | Specify the type of lock. | +| [`name`](#parameter-privateendpointslockname) | string | Specify the name of lock. | -Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. +### Parameter: `privateEndpoints.lock.kind` -- Required: Yes +Specify the type of lock. + +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` -### Parameter: `privateEndpoints.ipConfigurations.properties.memberName` +### Parameter: `privateEndpoints.lock.name` -Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. +Specify the name of lock. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` +### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` -Required. A private ip address obtained from the private endpoint's subnet. +Manual PrivateLink Service Connections. -- Required: Yes -- Type: string +- Required: No +- Type: array +### Parameter: `privateEndpoints.name` +The name of the private endpoint. -### Parameter: `privateEndpoints.location` +- Required: No +- Type: string -Optional. The location to deploy the private endpoint to. +### Parameter: `privateEndpoints.privateDnsZoneGroupName` + +The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. - Required: No - Type: string -### Parameter: `privateEndpoints.lock` +### Parameter: `privateEndpoints.privateDnsZoneResourceIds` -Optional. Specify the type of lock. +The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. - Required: No -- Type: object +- Type: array -### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` +### Parameter: `privateEndpoints.roleAssignments` -Optional. Manual PrivateLink Service Connections. +Array of role assignments to create. - Required: No - Type: array -### Parameter: `privateEndpoints.name` +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-privateendpointsroleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-privateendpointsroleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-privateendpointsroleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-privateendpointsroleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-privateendpointsroleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-privateendpointsroleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-privateendpointsroleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | + +### Parameter: `privateEndpoints.roleAssignments.principalId` -Optional. The name of the private endpoint. +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.roleAssignments.roleDefinitionIdOrName` + +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.roleAssignments.condition` + +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `privateEndpoints.privateDnsZoneGroupName` +### Parameter: `privateEndpoints.roleAssignments.conditionVersion` -Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `privateEndpoints.privateDnsZoneResourceIds` +### Parameter: `privateEndpoints.roleAssignments.delegatedManagedIdentityResourceId` -Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. +The Resource Id of the delegated managed identity resource. - Required: No -- Type: array +- Type: string -### Parameter: `privateEndpoints.roleAssignments` +### Parameter: `privateEndpoints.roleAssignments.description` -Optional. Array of role assignments to create. +The description of the role assignment. - Required: No -- Type: array +- Type: string -### Parameter: `privateEndpoints.service` +### Parameter: `privateEndpoints.roleAssignments.principalType` -Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". +The principal type of the assigned principal ID. - Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` -### Parameter: `privateEndpoints.subnetResourceId` +### Parameter: `privateEndpoints.service` -Required. Resource ID of the subnet where the endpoint needs to be created. +The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". -- Required: Yes +- Required: No - Type: string ### Parameter: `privateEndpoints.tags` -Optional. Tags to be applied on all resources/resource groups in this deployment. +Tags to be applied on all resources/resource groups in this deployment. - Required: No - Type: object @@ -1179,74 +1220,96 @@ Optional. Tags to be applied on all resources/resource groups in this deployment ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `skuName` Name of this SKU. + - Required: No - Type: string - Default: `'Standard'` @@ -1260,12 +1323,14 @@ Name of this SKU. ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object ### Parameter: `wcfRelays` The wcf relays to create in the relay namespace. + - Required: No - Type: array - Default: `[]` diff --git a/modules/relay/namespace/authorization-rule/README.md b/modules/relay/namespace/authorization-rule/README.md index 468bfb15dc..f643f25c3c 100644 --- a/modules/relay/namespace/authorization-rule/README.md +++ b/modules/relay/namespace/authorization-rule/README.md @@ -36,28 +36,32 @@ This module deploys a Relay Namespace Authorization Rule. | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`rights`](#parameter-rights) | array | The rights associated with the rule. | -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` - ### Parameter: `name` The name of the authorization rule. + - Required: Yes - Type: string ### Parameter: `namespaceName` The name of the parent Relay Namespace for the Relay Hybrid Connection. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` + ### Parameter: `rights` The rights associated with the rule. + - Required: No - Type: array - Default: `[]` diff --git a/modules/relay/namespace/hybrid-connection/README.md b/modules/relay/namespace/hybrid-connection/README.md index 338d271c3d..a205695854 100644 --- a/modules/relay/namespace/hybrid-connection/README.md +++ b/modules/relay/namespace/hybrid-connection/README.md @@ -43,9 +43,31 @@ This module deploys a Relay Namespace Hybrid Connection. | [`requiresClientAuthorization`](#parameter-requiresclientauthorization) | bool | A value indicating if this hybrid connection requires client authorization. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignments to create. | +### Parameter: `name` + +The name of the hybrid connection. + +- Required: Yes +- Type: string + +### Parameter: `userMetadata` + +The user metadata is a placeholder to store user-defined string data for the hybrid connection endpoint. For example, it can be used to store descriptive data, such as a list of teams and their contact information. Also, user-defined configuration settings can be stored. + +- Required: Yes +- Type: string + +### Parameter: `namespaceName` + +The name of the parent Relay Namespace for the Relay Hybrid Connection. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `authorizationRules` Authorization Rules for the Relay Hybrid Connection. + - Required: No - Type: array - Default: @@ -77,6 +99,7 @@ Authorization Rules for the Relay Hybrid Connection. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -84,45 +107,43 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string -### Parameter: `name` - -The name of the hybrid connection. -- Required: Yes -- Type: string - -### Parameter: `namespaceName` - -The name of the parent Relay Namespace for the Relay Hybrid Connection. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `requiresClientAuthorization` A value indicating if this hybrid connection requires client authorization. + - Required: No - Type: bool - Default: `True` @@ -130,76 +151,91 @@ A value indicating if this hybrid connection requires client authorization. ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | - -### Parameter: `roleAssignments.condition` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +**Optional parameters** -- Required: No -- Type: string +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.principalId` -Optional. Version of the condition. +The principal ID of the principal (user/group/identity) to assign the role to. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. The Resource Id of the delegated managed identity resource. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.condition` -Optional. The description of the role assignment. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.conditionVersion` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +Version of the condition. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Optional. The principal type of the assigned principal ID. +The Resource Id of the delegated managed identity resource. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.description` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The description of the role assignment. -- Required: Yes +- Required: No - Type: string -### Parameter: `userMetadata` +### Parameter: `roleAssignments.principalType` -The user metadata is a placeholder to store user-defined string data for the hybrid connection endpoint. For example, it can be used to store descriptive data, such as a list of teams and their contact information. Also, user-defined configuration settings can be stored. -- Required: Yes +The principal type of the assigned principal ID. + +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ## Outputs diff --git a/modules/relay/namespace/hybrid-connection/authorization-rule/README.md b/modules/relay/namespace/hybrid-connection/authorization-rule/README.md index 369f7fd917..37b834a50c 100644 --- a/modules/relay/namespace/hybrid-connection/authorization-rule/README.md +++ b/modules/relay/namespace/hybrid-connection/authorization-rule/README.md @@ -37,34 +37,39 @@ This module deploys a Hybrid Connection Authorization Rule. | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`rights`](#parameter-rights) | array | The rights associated with the rule. | -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` +### Parameter: `name` -### Parameter: `hybridConnectionName` +The name of the authorization rule. -The name of the parent Relay Namespace Hybrid Connection. Required if the template is used in a standalone deployment. - Required: Yes - Type: string -### Parameter: `name` +### Parameter: `hybridConnectionName` + +The name of the parent Relay Namespace Hybrid Connection. Required if the template is used in a standalone deployment. -The name of the authorization rule. - Required: Yes - Type: string ### Parameter: `namespaceName` The name of the parent Relay Namespace. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` + ### Parameter: `rights` The rights associated with the rule. + - Required: No - Type: array - Default: `[]` diff --git a/modules/relay/namespace/network-rule-set/README.md b/modules/relay/namespace/network-rule-set/README.md index 6e4c2dcf28..d055e8ae60 100644 --- a/modules/relay/namespace/network-rule-set/README.md +++ b/modules/relay/namespace/network-rule-set/README.md @@ -32,9 +32,17 @@ This module deploys a Relay Namespace Network Rule Set. | [`ipRules`](#parameter-iprules) | array | List of IpRules. It will not be set if publicNetworkAccess is "Disabled". Otherwise, when used, defaultAction will be set to "Deny". | | [`publicNetworkAccess`](#parameter-publicnetworkaccess) | string | This determines if traffic is allowed over public network. Default is "Enabled". If set to "Disabled", traffic to this namespace will be restricted over Private Endpoints only and network rules will not be applied. | +### Parameter: `namespaceName` + +The name of the parent Relay Namespace for the Relay Network Rule Set. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `defaultAction` Default Action for Network Rule Set. Default is "Allow". It will not be set if publicNetworkAccess is "Disabled". Otherwise, it will be set to "Deny" if ipRules or virtualNetworkRules are being used. + - Required: No - Type: string - Default: `'Allow'` @@ -49,6 +57,7 @@ Default Action for Network Rule Set. Default is "Allow". It will not be set if p ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -56,19 +65,15 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `ipRules` List of IpRules. It will not be set if publicNetworkAccess is "Disabled". Otherwise, when used, defaultAction will be set to "Deny". + - Required: No - Type: array - Default: `[]` -### Parameter: `namespaceName` - -The name of the parent Relay Namespace for the Relay Network Rule Set. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `publicNetworkAccess` This determines if traffic is allowed over public network. Default is "Enabled". If set to "Disabled", traffic to this namespace will be restricted over Private Endpoints only and network rules will not be applied. + - Required: No - Type: string - Default: `'Enabled'` diff --git a/modules/relay/namespace/wcf-relay/README.md b/modules/relay/namespace/wcf-relay/README.md index 9fd1f1fa89..ed68177d9a 100644 --- a/modules/relay/namespace/wcf-relay/README.md +++ b/modules/relay/namespace/wcf-relay/README.md @@ -45,9 +45,38 @@ This module deploys a Relay Namespace WCF Relay. | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignments to create. | | [`userMetadata`](#parameter-usermetadata) | string | User-defined string data for the WCF Relay. | +### Parameter: `name` + +Name of the WCF Relay. + +- Required: Yes +- Type: string + +### Parameter: `relayType` + +Type of WCF Relay. + +- Required: Yes +- Type: string +- Allowed: + ```Bicep + [ + 'Http' + 'NetTcp' + ] + ``` + +### Parameter: `namespaceName` + +The name of the parent Relay Namespace for the WCF Relay. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `authorizationRules` Authorization Rules for the WCF Relay. + - Required: No - Type: array - Default: @@ -79,6 +108,7 @@ Authorization Rules for the WCF Relay. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -86,58 +116,43 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string -### Parameter: `name` - -Name of the WCF Relay. -- Required: Yes -- Type: string - -### Parameter: `namespaceName` - -The name of the parent Relay Namespace for the WCF Relay. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - -### Parameter: `relayType` - -Type of WCF Relay. -- Required: Yes -- Type: string -- Allowed: - ```Bicep - [ - 'Http' - 'NetTcp' - ] - ``` - ### Parameter: `requiresClientAuthorization` A value indicating if this relay requires client authorization. + - Required: No - Type: bool - Default: `True` @@ -145,6 +160,7 @@ A value indicating if this relay requires client authorization. ### Parameter: `requiresTransportSecurity` A value indicating if this relay requires transport security. + - Required: No - Type: bool - Default: `True` @@ -152,74 +168,96 @@ A value indicating if this relay requires transport security. ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `userMetadata` User-defined string data for the WCF Relay. + - Required: No - Type: string - Default: `''` diff --git a/modules/relay/namespace/wcf-relay/authorization-rule/README.md b/modules/relay/namespace/wcf-relay/authorization-rule/README.md index 0cd03c7520..387de82c37 100644 --- a/modules/relay/namespace/wcf-relay/authorization-rule/README.md +++ b/modules/relay/namespace/wcf-relay/authorization-rule/README.md @@ -37,28 +37,39 @@ This module deploys a WCF Relay Authorization Rule. | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`rights`](#parameter-rights) | array | The rights associated with the rule. | -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` - ### Parameter: `name` The name of the authorization rule. + - Required: Yes - Type: string ### Parameter: `namespaceName` The name of the parent Relay Namespace. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + +### Parameter: `wcfRelayName` + +The name of the parent Relay Namespace WCF Relay. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` + ### Parameter: `rights` The rights associated with the rule. + - Required: No - Type: array - Default: `[]` @@ -71,12 +82,6 @@ The rights associated with the rule. ] ``` -### Parameter: `wcfRelayName` - -The name of the parent Relay Namespace WCF Relay. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/resource-graph/query/README.md b/modules/resource-graph/query/README.md index 6060bb18ea..7aeba279c1 100644 --- a/modules/resource-graph/query/README.md +++ b/modules/resource-graph/query/README.md @@ -295,9 +295,24 @@ module query 'br:bicep/modules/resource-graph.query:1.0.0' = { | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignments to create. | | [`tags`](#parameter-tags) | object | Tags of the resource. | +### Parameter: `name` + +Name of the Resource Graph Query. + +- Required: Yes +- Type: string + +### Parameter: `query` + +KQL query that will be graph. + +- Required: Yes +- Type: string + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -305,6 +320,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -312,45 +328,43 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string -### Parameter: `name` - -Name of the Resource Graph Query. -- Required: Yes -- Type: string - -### Parameter: `query` - -KQL query that will be graph. -- Required: Yes -- Type: string - ### Parameter: `queryDescription` The description of a graph query. + - Required: No - Type: string - Default: `''` @@ -358,74 +372,96 @@ The description of a graph query. ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +**Optional parameters** -### Parameter: `roleAssignments.condition` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | + +### Parameter: `roleAssignments.principalId` -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +The principal ID of the principal (user/group/identity) to assign the role to. -- Required: No +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object diff --git a/modules/resources/deployment-script/README.md b/modules/resources/deployment-script/README.md index c29d1ede15..0b21b880f7 100644 --- a/modules/resources/deployment-script/README.md +++ b/modules/resources/deployment-script/README.md @@ -305,9 +305,17 @@ module deploymentScript 'br:bicep/modules/resources.deployment-script:1.0.0' = { | :-- | :-- | :-- | | [`baseTime`](#parameter-basetime) | string | Do not provide a value! This date value is used to make sure the script run every time the template is deployed. | +### Parameter: `name` + +Display name of the script to be run. + +- Required: Yes +- Type: string + ### Parameter: `arguments` Command-line arguments to pass to the script. Arguments are separated by spaces. + - Required: No - Type: string - Default: `''` @@ -315,6 +323,7 @@ Command-line arguments to pass to the script. Arguments are separated by spaces. ### Parameter: `azCliVersion` Azure CLI module version to be used. + - Required: No - Type: string - Default: `''` @@ -322,20 +331,15 @@ Azure CLI module version to be used. ### Parameter: `azPowerShellVersion` Azure PowerShell module version to be used. -- Required: No -- Type: string -- Default: `'3.0'` -### Parameter: `baseTime` - -Do not provide a value! This date value is used to make sure the script run every time the template is deployed. - Required: No - Type: string -- Default: `[utcNow('yyyy-MM-dd-HH-mm-ss')]` +- Default: `'3.0'` ### Parameter: `cleanupPreference` The clean up preference when the script execution gets in a terminal state. Specify the preference on when to delete the deployment script resources. The default value is Always, which means the deployment script resources are deleted despite the terminal state (Succeeded, Failed, canceled). + - Required: No - Type: string - Default: `'Always'` @@ -351,6 +355,7 @@ The clean up preference when the script execution gets in a terminal state. Spec ### Parameter: `containerGroupName` Container group name, if not specified then the name will get auto-generated. Not specifying a 'containerGroupName' indicates the system to generate a unique name which might end up flagging an Azure Policy as non-compliant. Use 'containerGroupName' when you have an Azure Policy that expects a specific naming convention or when you want to fully control the name. 'containerGroupName' property must be between 1 and 63 characters long, must contain only lowercase letters, numbers, and dashes and it cannot start or end with a dash and consecutive dashes are not allowed. + - Required: No - Type: string - Default: `''` @@ -358,6 +363,7 @@ Container group name, if not specified then the name will get auto-generated. No ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -365,6 +371,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `environmentVariables` The environment variables to pass over to the script. The list is passed as an object with a key name "secureList" and the value is the list of environment variables (array). The list must have a 'name' and a 'value' or a 'secretValue' property for each object. + - Required: No - Type: secureObject - Default: `{}` @@ -372,6 +379,7 @@ The environment variables to pass over to the script. The list is passed as an o ### Parameter: `kind` Type of the script. AzurePowerShell, AzureCLI. + - Required: No - Type: string - Default: `'AzurePowerShell'` @@ -386,6 +394,7 @@ Type of the script. AzurePowerShell, AzureCLI. ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -393,26 +402,35 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -420,30 +438,27 @@ Optional. Specify the name of lock. ### Parameter: `managedIdentities` The managed identity definition for this resource. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | Yes | array | Optional. The resource ID(s) to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. | ### Parameter: `managedIdentities.userAssignedResourceIds` -Optional. The resource ID(s) to assign to the resource. +The resource ID(s) to assign to the resource. - Required: Yes - Type: array -### Parameter: `name` - -Display name of the script to be run. -- Required: Yes -- Type: string - ### Parameter: `primaryScriptUri` Uri for the external script. This is the entry point for the external script. To run an internal script, use the scriptContent instead. + - Required: No - Type: string - Default: `''` @@ -451,6 +466,7 @@ Uri for the external script. This is the entry point for the external script. To ### Parameter: `retentionInterval` Interval for which the service retains the script resource after it reaches a terminal state. Resource will be deleted when this duration expires. Duration is based on ISO 8601 pattern (for example P7D means one week). + - Required: No - Type: string - Default: `'P1D'` @@ -458,6 +474,7 @@ Interval for which the service retains the script resource after it reaches a te ### Parameter: `runOnce` When set to false, script will run every time the template is deployed. When set to true, the script will only run once. + - Required: No - Type: bool - Default: `False` @@ -465,6 +482,7 @@ When set to false, script will run every time the template is deployed. When set ### Parameter: `scriptContent` Script body. Max length: 32000 characters. To run an external script, use primaryScriptURI instead. + - Required: No - Type: string - Default: `''` @@ -472,6 +490,7 @@ Script body. Max length: 32000 characters. To run an external script, use primar ### Parameter: `storageAccountResourceId` The resource ID of the storage account to use for this deployment script. If none is provided, the deployment script uses a temporary, managed storage account. + - Required: No - Type: string - Default: `''` @@ -479,6 +498,7 @@ The resource ID of the storage account to use for this deployment script. If non ### Parameter: `supportingScriptUris` List of supporting files for the external script (defined in primaryScriptUri). Does not work with internal scripts (code defined in scriptContent). + - Required: No - Type: array - Default: `[]` @@ -486,16 +506,26 @@ List of supporting files for the external script (defined in primaryScriptUri). ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object ### Parameter: `timeout` Maximum allowed script execution time specified in ISO 8601 format. Default value is PT1H - 1 hour; 'PT30M' - 30 minutes; 'P5D' - 5 days; 'P1Y' 1 year. + - Required: No - Type: string - Default: `'PT1H'` +### Parameter: `baseTime` + +Do not provide a value! This date value is used to make sure the script run every time the template is deployed. + +- Required: No +- Type: string +- Default: `[utcNow('yyyy-MM-dd-HH-mm-ss')]` + ## Outputs diff --git a/modules/resources/resource-group/README.md b/modules/resources/resource-group/README.md index 7f77ff124e..3bd54c57d1 100644 --- a/modules/resources/resource-group/README.md +++ b/modules/resources/resource-group/README.md @@ -274,9 +274,17 @@ module resourceGroup 'br:bicep/modules/resources.resource-group:1.0.0' = { | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignments to create. | | [`tags`](#parameter-tags) | object | Tags of the storage account resource. | +### Parameter: `name` + +The name of the Resource Group. + +- Required: Yes +- Type: string + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -284,6 +292,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` Location of the Resource Group. It uses the deployment's location when not provided. + - Required: No - Type: string - Default: `[deployment().location]` @@ -291,26 +300,35 @@ Location of the Resource Group. It uses the deployment's location when not provi ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -318,87 +336,104 @@ Optional. Specify the name of lock. ### Parameter: `managedBy` The ID of the resource that manages this resource group. + - Required: No - Type: string - Default: `''` -### Parameter: `name` - -The name of the Resource Group. -- Required: Yes -- Type: string - ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `tags` Tags of the storage account resource. + - Required: No - Type: object diff --git a/modules/resources/tags/README.md b/modules/resources/tags/README.md index c65be02ed4..e117c4ec48 100644 --- a/modules/resources/tags/README.md +++ b/modules/resources/tags/README.md @@ -195,6 +195,7 @@ module tags 'br:bicep/modules/resources.tags:1.0.0' = { ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -202,6 +203,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` Location deployment metadata. + - Required: No - Type: string - Default: `[deployment().location]` @@ -209,6 +211,7 @@ Location deployment metadata. ### Parameter: `onlyUpdate` Instead of overwriting the existing tags, combine them with the new tags. + - Required: No - Type: bool - Default: `False` @@ -216,6 +219,7 @@ Instead of overwriting the existing tags, combine them with the new tags. ### Parameter: `resourceGroupName` Name of the Resource Group to assign the tags to. If no Resource Group name is provided, and Subscription ID is provided, the module deploys at subscription level, therefore assigns the provided tags to the subscription. + - Required: No - Type: string - Default: `''` @@ -223,6 +227,7 @@ Name of the Resource Group to assign the tags to. If no Resource Group name is p ### Parameter: `subscriptionId` Subscription ID of the subscription to assign the tags to. If no Resource Group name is provided, the module deploys at subscription level, therefore assigns the provided tags to the subscription. + - Required: No - Type: string - Default: `[subscription().id]` @@ -230,6 +235,7 @@ Subscription ID of the subscription to assign the tags to. If no Resource Group ### Parameter: `tags` Tags for the resource group. If not provided, removes existing tags. + - Required: No - Type: object diff --git a/modules/resources/tags/resource-group/README.md b/modules/resources/tags/resource-group/README.md index a89c83c006..bb606d2fb6 100644 --- a/modules/resources/tags/resource-group/README.md +++ b/modules/resources/tags/resource-group/README.md @@ -28,6 +28,7 @@ This module deploys a Resource Tag on a Resource Group scope. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -35,6 +36,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `onlyUpdate` Instead of overwriting the existing tags, combine them with the new tags. + - Required: No - Type: bool - Default: `False` @@ -42,6 +44,7 @@ Instead of overwriting the existing tags, combine them with the new tags. ### Parameter: `tags` Tags for the resource group. If not provided, removes existing tags. + - Required: No - Type: object diff --git a/modules/resources/tags/subscription/README.md b/modules/resources/tags/subscription/README.md index 352c754d72..67ef585df7 100644 --- a/modules/resources/tags/subscription/README.md +++ b/modules/resources/tags/subscription/README.md @@ -29,6 +29,7 @@ This module deploys a Resource Tag on a Subscription scope. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -36,6 +37,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` Location deployment metadata. + - Required: No - Type: string - Default: `[deployment().location]` @@ -43,6 +45,7 @@ Location deployment metadata. ### Parameter: `onlyUpdate` Instead of overwriting the existing tags, combine them with the new tags. + - Required: No - Type: bool - Default: `False` @@ -50,6 +53,7 @@ Instead of overwriting the existing tags, combine them with the new tags. ### Parameter: `tags` Tags for the resource group. If not provided, removes existing tags. + - Required: No - Type: object diff --git a/modules/search/search-service/README.md b/modules/search/search-service/README.md index e9fb57b2d2..ed4c89fdfc 100644 --- a/modules/search/search-service/README.md +++ b/modules/search/search-service/README.md @@ -622,9 +622,17 @@ module searchService 'br:bicep/modules/search.search-service:1.0.0' = { | [`sku`](#parameter-sku) | string | Defines the SKU of an Azure Cognitive Search Service, which determines price tier and capacity limits. | | [`tags`](#parameter-tags) | object | Tags to help categorize the resource in the Azure portal. | +### Parameter: `name` + +The name of the Azure Cognitive Search service to create or update. Search service names must only contain lowercase letters, digits or dashes, cannot use dash as the first two or last one characters, cannot contain consecutive dashes, and must be between 2 and 60 characters in length. Search service names must be globally unique since they are part of the service URI (https://.search.windows.net). You cannot change the service name after the service is created. + +- Required: Yes +- Type: string + ### Parameter: `authOptions` Defines the options for how the data plane API of a Search service authenticates requests. Must remain an empty object {} if 'disableLocalAuth' is set to true. + - Required: No - Type: object - Default: `{}` @@ -632,6 +640,7 @@ Defines the options for how the data plane API of a Search service authenticates ### Parameter: `cmkEnforcement` Describes a policy that determines how resources within the search service are to be encrypted with Customer Managed Keys. + - Required: No - Type: string - Default: `'Unspecified'` @@ -647,114 +656,90 @@ Describes a policy that determines how resources within the search service are t ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.metricCategories` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | - -### Parameter: `diagnosticSettings.metricCategories.category` - -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. - -- Required: Yes -- Type: string - - ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -762,6 +747,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `disableLocalAuth` When set to true, calls to the search service will not be permitted to utilize API keys for authentication. This cannot be set to true if 'authOptions' are defined. + - Required: No - Type: bool - Default: `True` @@ -769,6 +755,7 @@ When set to true, calls to the search service will not be permitted to utilize A ### Parameter: `enableDefaultTelemetry` Enable telemetry via the Customer Usage Attribution ID (GUID). + - Required: No - Type: bool - Default: `True` @@ -776,6 +763,7 @@ Enable telemetry via the Customer Usage Attribution ID (GUID). ### Parameter: `hostingMode` Applicable only for the standard3 SKU. You can set this property to enable up to 3 high density partitions that allow up to 1000 indexes, which is much higher than the maximum indexes allowed for any other SKU. For the standard3 SKU, the value is either 'default' or 'highDensity'. For all other SKUs, this value must be 'default'. + - Required: No - Type: string - Default: `'default'` @@ -790,6 +778,7 @@ Applicable only for the standard3 SKU. You can set this property to enable up to ### Parameter: `location` Location for all Resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -797,26 +786,35 @@ Location for all Resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -824,30 +822,27 @@ Optional. Specify the name of lock. ### Parameter: `managedIdentities` The managed identity definition for this resource. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | No | bool | Optional. Enables system assigned managed identity on the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | bool | Enables system assigned managed identity on the resource. | ### Parameter: `managedIdentities.systemAssigned` -Optional. Enables system assigned managed identity on the resource. +Enables system assigned managed identity on the resource. - Required: No - Type: bool -### Parameter: `name` - -The name of the Azure Cognitive Search service to create or update. Search service names must only contain lowercase letters, digits or dashes, cannot use dash as the first two or last one characters, cannot contain consecutive dashes, and must be between 2 and 60 characters in length. Search service names must be globally unique since they are part of the service URI (https://.search.windows.net). You cannot change the service name after the service is created. -- Required: Yes -- Type: string - ### Parameter: `networkRuleSet` Network specific rules that determine how the Azure Cognitive Search service may be reached. + - Required: No - Type: object - Default: `{}` @@ -855,6 +850,7 @@ Network specific rules that determine how the Azure Cognitive Search service may ### Parameter: `partitionCount` The number of partitions in the search service; if specified, it can be 1, 2, 3, 4, 6, or 12. Values greater than 1 are only valid for standard SKUs. For 'standard3' services with hostingMode set to 'highDensity', the allowed values are between 1 and 3. + - Required: No - Type: int - Default: `1` @@ -862,197 +858,247 @@ The number of partitions in the search service; if specified, it can be 1, 2, 3, ### Parameter: `privateEndpoints` Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | No | array | Optional. Application security groups in which the private endpoint IP configuration is included. | -| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | No | array | Optional. Custom DNS configurations. | -| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | No | string | Optional. The custom name of the network interface attached to the private endpoint. | -| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | No | bool | Optional. Enable/Disable usage telemetry for module. | -| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | No | array | Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | -| [`location`](#parameter-privateendpointslocation) | No | string | Optional. The location to deploy the private endpoint to. | -| [`lock`](#parameter-privateendpointslock) | No | object | Optional. Specify the type of lock. | -| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | No | array | Optional. Manual PrivateLink Service Connections. | -| [`name`](#parameter-privateendpointsname) | No | string | Optional. The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | No | string | Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | -| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | No | array | Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | -| [`roleAssignments`](#parameter-privateendpointsroleassignments) | No | array | Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| [`service`](#parameter-privateendpointsservice) | No | string | Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | -| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | Yes | string | Required. Resource ID of the subnet where the endpoint needs to be created. | -| [`tags`](#parameter-privateendpointstags) | No | object | Optional. Tags to be applied on all resources/resource groups in this deployment. | - -### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` - -Optional. Application security groups in which the private endpoint IP configuration is included. +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | string | Resource ID of the subnet where the endpoint needs to be created. | -- Required: No -- Type: array +**Optional parameters** -### Parameter: `privateEndpoints.customDnsConfigs` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | array | Application security groups in which the private endpoint IP configuration is included. | +| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | array | Custom DNS configurations. | +| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | +| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | +| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | +| [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | +| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | +| [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | +| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | +| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | +| [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | +| [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | -Optional. Custom DNS configurations. +### Parameter: `privateEndpoints.subnetResourceId` -- Required: No -- Type: array +Resource ID of the subnet where the endpoint needs to be created. -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | No | string | Required. Fqdn that resolves to private endpoint ip address. | -| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | Yes | array | Required. A list of private ip addresses of the private endpoint. | +- Required: Yes +- Type: string -### Parameter: `privateEndpoints.customDnsConfigs.fqdn` +### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` -Required. Fqdn that resolves to private endpoint ip address. +Application security groups in which the private endpoint IP configuration is included. - Required: No -- Type: string +- Type: array -### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` +### Parameter: `privateEndpoints.customDnsConfigs` -Required. A list of private ip addresses of the private endpoint. +Custom DNS configurations. -- Required: Yes +- Required: No - Type: array - ### Parameter: `privateEndpoints.customNetworkInterfaceName` -Optional. The custom name of the network interface attached to the private endpoint. +The custom name of the network interface attached to the private endpoint. - Required: No - Type: string ### Parameter: `privateEndpoints.enableTelemetry` -Optional. Enable/Disable usage telemetry for module. +Enable/Disable usage telemetry for module. - Required: No - Type: bool ### Parameter: `privateEndpoints.ipConfigurations` -Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. +A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`name`](#parameter-privateendpointsipconfigurationsname) | Yes | string | Required. The name of the resource that is unique within a resource group. | -| [`properties`](#parameter-privateendpointsipconfigurationsproperties) | Yes | object | Required. Properties of private endpoint IP configurations. | - -### Parameter: `privateEndpoints.ipConfigurations.name` +### Parameter: `privateEndpoints.location` -Required. The name of the resource that is unique within a resource group. +The location to deploy the private endpoint to. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties` +### Parameter: `privateEndpoints.lock` -Required. Properties of private endpoint IP configurations. +Specify the type of lock. -- Required: Yes +- Required: No - Type: object -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | Yes | string | Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. | -| [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | Yes | string | Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. | -| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | Yes | string | Required. A private ip address obtained from the private endpoint's subnet. | +**Optional parameters** -### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-privateendpointslockkind) | string | Specify the type of lock. | +| [`name`](#parameter-privateendpointslockname) | string | Specify the name of lock. | -Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. +### Parameter: `privateEndpoints.lock.kind` -- Required: Yes +Specify the type of lock. + +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` -### Parameter: `privateEndpoints.ipConfigurations.properties.memberName` +### Parameter: `privateEndpoints.lock.name` -Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. +Specify the name of lock. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` +### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` -Required. A private ip address obtained from the private endpoint's subnet. +Manual PrivateLink Service Connections. -- Required: Yes -- Type: string +- Required: No +- Type: array +### Parameter: `privateEndpoints.name` +The name of the private endpoint. -### Parameter: `privateEndpoints.location` +- Required: No +- Type: string + +### Parameter: `privateEndpoints.privateDnsZoneGroupName` -Optional. The location to deploy the private endpoint to. +The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. - Required: No - Type: string -### Parameter: `privateEndpoints.lock` +### Parameter: `privateEndpoints.privateDnsZoneResourceIds` -Optional. Specify the type of lock. +The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. - Required: No -- Type: object +- Type: array -### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` +### Parameter: `privateEndpoints.roleAssignments` -Optional. Manual PrivateLink Service Connections. +Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. - Required: No - Type: array -### Parameter: `privateEndpoints.name` +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-privateendpointsroleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-privateendpointsroleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-privateendpointsroleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-privateendpointsroleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-privateendpointsroleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-privateendpointsroleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-privateendpointsroleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | + +### Parameter: `privateEndpoints.roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.roleAssignments.roleDefinitionIdOrName` -Optional. The name of the private endpoint. +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.roleAssignments.condition` + +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `privateEndpoints.privateDnsZoneGroupName` +### Parameter: `privateEndpoints.roleAssignments.conditionVersion` -Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `privateEndpoints.privateDnsZoneResourceIds` +### Parameter: `privateEndpoints.roleAssignments.delegatedManagedIdentityResourceId` -Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. +The Resource Id of the delegated managed identity resource. - Required: No -- Type: array +- Type: string -### Parameter: `privateEndpoints.roleAssignments` +### Parameter: `privateEndpoints.roleAssignments.description` -Optional. Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The description of the role assignment. - Required: No -- Type: array +- Type: string -### Parameter: `privateEndpoints.service` +### Parameter: `privateEndpoints.roleAssignments.principalType` -Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". +The principal type of the assigned principal ID. - Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` -### Parameter: `privateEndpoints.subnetResourceId` +### Parameter: `privateEndpoints.service` -Required. Resource ID of the subnet where the endpoint needs to be created. +The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". -- Required: Yes +- Required: No - Type: string ### Parameter: `privateEndpoints.tags` -Optional. Tags to be applied on all resources/resource groups in this deployment. +Tags to be applied on all resources/resource groups in this deployment. - Required: No - Type: object @@ -1060,6 +1106,7 @@ Optional. Tags to be applied on all resources/resource groups in this deployment ### Parameter: `publicNetworkAccess` This value can be set to 'enabled' to avoid breaking changes on existing customer resources and templates. If set to 'disabled', traffic over public interface is not allowed, and private endpoint connections would be the exclusive access method. + - Required: No - Type: string - Default: `'enabled'` @@ -1074,6 +1121,7 @@ This value can be set to 'enabled' to avoid breaking changes on existing custome ### Parameter: `replicaCount` The number of replicas in the search service. If specified, it must be a value between 1 and 12 inclusive for standard SKUs or between 1 and 3 inclusive for basic SKU. + - Required: No - Type: int - Default: `1` @@ -1081,74 +1129,96 @@ The number of replicas in the search service. If specified, it must be a value b ### Parameter: `roleAssignments` Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The name of the role to assign. If it cannot be found you can specify the role definition ID instead. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The name of the role to assign. If it cannot be found you can specify the role definition ID instead. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `sharedPrivateLinkResources` The sharedPrivateLinkResources to create as part of the search Service. + - Required: No - Type: array - Default: `[]` @@ -1156,6 +1226,7 @@ The sharedPrivateLinkResources to create as part of the search Service. ### Parameter: `sku` Defines the SKU of an Azure Cognitive Search Service, which determines price tier and capacity limits. + - Required: No - Type: string - Default: `'standard'` @@ -1175,6 +1246,7 @@ Defines the SKU of an Azure Cognitive Search Service, which determines price tie ### Parameter: `tags` Tags to help categorize the resource in the Azure portal. + - Required: No - Type: object diff --git a/modules/search/search-service/shared-private-link-resource/README.md b/modules/search/search-service/shared-private-link-resource/README.md index 1edd330b70..3b9b383a8b 100644 --- a/modules/search/search-service/shared-private-link-resource/README.md +++ b/modules/search/search-service/shared-private-link-resource/README.md @@ -39,50 +39,57 @@ This module deploys a Search Service Private Link Resource. | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via the Customer Usage Attribution ID (GUID). | | [`resourceRegion`](#parameter-resourceregion) | string | Can be used to specify the Azure Resource Manager location of the resource to which a shared private link is to be created. This is only required for those resources whose DNS configuration are regional (such as Azure Kubernetes Service). | -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via the Customer Usage Attribution ID (GUID). -- Required: No -- Type: bool -- Default: `True` - ### Parameter: `groupId` The group ID from the provider of resource the shared private link resource is for. + - Required: Yes - Type: string ### Parameter: `name` The name of the shared private link resource managed by the Azure Cognitive Search service within the specified resource group. + - Required: Yes - Type: string ### Parameter: `privateLinkResourceId` The resource ID of the resource the shared private link resource is for. + - Required: Yes - Type: string ### Parameter: `requestMessage` The request message for requesting approval of the shared private link resource. + - Required: Yes - Type: string +### Parameter: `searchServiceName` + +The name of the parent searchServices. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via the Customer Usage Attribution ID (GUID). + +- Required: No +- Type: bool +- Default: `True` + ### Parameter: `resourceRegion` Can be used to specify the Azure Resource Manager location of the resource to which a shared private link is to be created. This is only required for those resources whose DNS configuration are regional (such as Azure Kubernetes Service). + - Required: No - Type: string - Default: `''` -### Parameter: `searchServiceName` - -The name of the parent searchServices. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/security/azure-security-center/README.md b/modules/security/azure-security-center/README.md index f3a67e036f..99689ad43b 100644 --- a/modules/security/azure-security-center/README.md +++ b/modules/security/azure-security-center/README.md @@ -190,9 +190,24 @@ module azureSecurityCenter 'br:bicep/modules/security.azure-security-center:1.0. | [`storageAccountsPricingTier`](#parameter-storageaccountspricingtier) | string | The pricing tier value for StorageAccounts. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. | | [`virtualMachinesPricingTier`](#parameter-virtualmachinespricingtier) | string | The pricing tier value for VMs. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. | +### Parameter: `scope` + +All the VMs in this scope will send their security data to the mentioned workspace unless overridden by a setting with more specific scope. + +- Required: Yes +- Type: string + +### Parameter: `workspaceId` + +The full Azure ID of the workspace to save the data in. + +- Required: Yes +- Type: string + ### Parameter: `appServicesPricingTier` The pricing tier value for AppServices. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. + - Required: No - Type: string - Default: `'Free'` @@ -207,6 +222,7 @@ The pricing tier value for AppServices. Azure Security Center is provided in two ### Parameter: `armPricingTier` The pricing tier value for ARM. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. + - Required: No - Type: string - Default: `'Free'` @@ -221,6 +237,7 @@ The pricing tier value for ARM. Azure Security Center is provided in two pricing ### Parameter: `autoProvision` Describes what kind of security agent provisioning action to take. - On or Off. + - Required: No - Type: string - Default: `'On'` @@ -235,6 +252,7 @@ Describes what kind of security agent provisioning action to take. - On or Off. ### Parameter: `containerRegistryPricingTier` The pricing tier value for ContainerRegistry. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. + - Required: No - Type: string - Default: `'Free'` @@ -249,6 +267,7 @@ The pricing tier value for ContainerRegistry. Azure Security Center is provided ### Parameter: `containersTier` The pricing tier value for containers. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. + - Required: No - Type: string - Default: `'Free'` @@ -263,6 +282,7 @@ The pricing tier value for containers. Azure Security Center is provided in two ### Parameter: `cosmosDbsTier` The pricing tier value for CosmosDbs. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. + - Required: No - Type: string - Default: `'Free'` @@ -277,6 +297,7 @@ The pricing tier value for CosmosDbs. Azure Security Center is provided in two p ### Parameter: `deviceSecurityGroupProperties` Device Security group data. + - Required: No - Type: object - Default: `{}` @@ -284,6 +305,7 @@ Device Security group data. ### Parameter: `dnsPricingTier` The pricing tier value for DNS. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. + - Required: No - Type: string - Default: `'Free'` @@ -298,6 +320,7 @@ The pricing tier value for DNS. Azure Security Center is provided in two pricing ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -305,6 +328,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `ioTSecuritySolutionProperties` Security Solution data. + - Required: No - Type: object - Default: `{}` @@ -312,6 +336,7 @@ Security Solution data. ### Parameter: `keyVaultsPricingTier` The pricing tier value for KeyVaults. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. + - Required: No - Type: string - Default: `'Free'` @@ -326,6 +351,7 @@ The pricing tier value for KeyVaults. Azure Security Center is provided in two p ### Parameter: `kubernetesServicePricingTier` The pricing tier value for KubernetesService. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. + - Required: No - Type: string - Default: `'Free'` @@ -340,6 +366,7 @@ The pricing tier value for KubernetesService. Azure Security Center is provided ### Parameter: `location` Location deployment metadata. + - Required: No - Type: string - Default: `[deployment().location]` @@ -347,6 +374,7 @@ Location deployment metadata. ### Parameter: `openSourceRelationalDatabasesTier` The pricing tier value for OpenSourceRelationalDatabases. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. + - Required: No - Type: string - Default: `'Free'` @@ -358,15 +386,10 @@ The pricing tier value for OpenSourceRelationalDatabases. Azure Security Center ] ``` -### Parameter: `scope` - -All the VMs in this scope will send their security data to the mentioned workspace unless overridden by a setting with more specific scope. -- Required: Yes -- Type: string - ### Parameter: `securityContactProperties` Security contact data. + - Required: No - Type: object - Default: `{}` @@ -374,6 +397,7 @@ Security contact data. ### Parameter: `sqlServersPricingTier` The pricing tier value for SqlServers. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. + - Required: No - Type: string - Default: `'Free'` @@ -388,6 +412,7 @@ The pricing tier value for SqlServers. Azure Security Center is provided in two ### Parameter: `sqlServerVirtualMachinesPricingTier` The pricing tier value for SqlServerVirtualMachines. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. + - Required: No - Type: string - Default: `'Free'` @@ -402,6 +427,7 @@ The pricing tier value for SqlServerVirtualMachines. Azure Security Center is pr ### Parameter: `storageAccountsPricingTier` The pricing tier value for StorageAccounts. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. + - Required: No - Type: string - Default: `'Free'` @@ -416,6 +442,7 @@ The pricing tier value for StorageAccounts. Azure Security Center is provided in ### Parameter: `virtualMachinesPricingTier` The pricing tier value for VMs. Azure Security Center is provided in two pricing tiers: free and standard, with the standard tier available with a trial period. The standard tier offers advanced security capabilities, while the free tier offers basic security features. - Free or Standard. + - Required: No - Type: string - Default: `'Free'` @@ -427,12 +454,6 @@ The pricing tier value for VMs. Azure Security Center is provided in two pricing ] ``` -### Parameter: `workspaceId` - -The full Azure ID of the workspace to save the data in. -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/service-bus/namespace/README.md b/modules/service-bus/namespace/README.md index 5c16abffb6..a2fbd72ba2 100644 --- a/modules/service-bus/namespace/README.md +++ b/modules/service-bus/namespace/README.md @@ -1203,9 +1203,17 @@ module namespace 'br:bicep/modules/service-bus.namespace:1.0.0' = { | [`topics`](#parameter-topics) | array | The topics to create in the service bus namespace. | | [`zoneRedundant`](#parameter-zoneredundant) | bool | Enabling this property creates a Premium Service Bus Namespace in regions supported availability zones. | +### Parameter: `name` + +Name of the Service Bus Namespace. + +- Required: Yes +- Type: string + ### Parameter: `alternateName` Alternate name for namespace. + - Required: No - Type: string - Default: `''` @@ -1213,6 +1221,7 @@ Alternate name for namespace. ### Parameter: `authorizationRules` Authorization Rules for the Service Bus namespace. + - Required: No - Type: array - Default: @@ -1232,41 +1241,48 @@ Authorization Rules for the Service Bus namespace. ### Parameter: `customerManagedKey` The customer managed key definition. + - Required: No - Type: object +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`keyName`](#parameter-customermanagedkeykeyname) | Yes | string | Required. The name of the customer managed key to use for encryption. | -| [`keyVaultResourceId`](#parameter-customermanagedkeykeyvaultresourceid) | Yes | string | Required. The resource ID of a key vault to reference a customer managed key for encryption from. | -| [`keyVersion`](#parameter-customermanagedkeykeyversion) | No | string | Optional. The version of the customer managed key to reference for encryption. If not provided, using 'latest'. | -| [`userAssignedIdentityResourceId`](#parameter-customermanagedkeyuserassignedidentityresourceid) | No | string | Optional. User assigned identity to use when fetching the customer managed key. Required if no system assigned identity is available for use. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`keyName`](#parameter-customermanagedkeykeyname) | string | The name of the customer managed key to use for encryption. | +| [`keyVaultResourceId`](#parameter-customermanagedkeykeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`keyVersion`](#parameter-customermanagedkeykeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, using 'latest'. | +| [`userAssignedIdentityResourceId`](#parameter-customermanagedkeyuserassignedidentityresourceid) | string | User assigned identity to use when fetching the customer managed key. Required if no system assigned identity is available for use. | ### Parameter: `customerManagedKey.keyName` -Required. The name of the customer managed key to use for encryption. +The name of the customer managed key to use for encryption. - Required: Yes - Type: string ### Parameter: `customerManagedKey.keyVaultResourceId` -Required. The resource ID of a key vault to reference a customer managed key for encryption from. +The resource ID of a key vault to reference a customer managed key for encryption from. - Required: Yes - Type: string ### Parameter: `customerManagedKey.keyVersion` -Optional. The version of the customer managed key to reference for encryption. If not provided, using 'latest'. +The version of the customer managed key to reference for encryption. If not provided, using 'latest'. - Required: No - Type: string ### Parameter: `customerManagedKey.userAssignedIdentityResourceId` -Optional. User assigned identity to use when fetching the customer managed key. Required if no system assigned identity is available for use. +User assigned identity to use when fetching the customer managed key. Required if no system assigned identity is available for use. - Required: No - Type: string @@ -1274,114 +1290,90 @@ Optional. User assigned identity to use when fetching the customer managed key. ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.metricCategories` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | - -### Parameter: `diagnosticSettings.metricCategories.category` - -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. - -- Required: Yes -- Type: string - - ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -1389,6 +1381,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `disableLocalAuth` This property disables SAS authentication for the Service Bus namespace. + - Required: No - Type: bool - Default: `True` @@ -1396,6 +1389,7 @@ This property disables SAS authentication for the Service Bus namespace. ### Parameter: `disasterRecoveryConfigs` The disaster recovery configuration. + - Required: No - Type: object - Default: `{}` @@ -1403,6 +1397,7 @@ The disaster recovery configuration. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -1410,6 +1405,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -1417,26 +1413,35 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -1444,25 +1449,27 @@ Optional. Specify the name of lock. ### Parameter: `managedIdentities` The managed identity definition for this resource. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | No | bool | Optional. Enables system assigned managed identity on the resource. | -| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | No | array | Optional. The resource ID(s) to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | bool | Enables system assigned managed identity on the resource. | +| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. | ### Parameter: `managedIdentities.systemAssigned` -Optional. Enables system assigned managed identity on the resource. +Enables system assigned managed identity on the resource. - Required: No - Type: bool ### Parameter: `managedIdentities.userAssignedResourceIds` -Optional. The resource ID(s) to assign to the resource. +The resource ID(s) to assign to the resource. - Required: No - Type: array @@ -1470,6 +1477,7 @@ Optional. The resource ID(s) to assign to the resource. ### Parameter: `migrationConfigurations` The migration configuration. + - Required: No - Type: object - Default: `{}` @@ -1477,6 +1485,7 @@ The migration configuration. ### Parameter: `minimumTlsVersion` The minimum TLS version for the cluster to support. + - Required: No - Type: string - Default: `'1.2'` @@ -1489,15 +1498,10 @@ The minimum TLS version for the cluster to support. ] ``` -### Parameter: `name` - -Name of the Service Bus Namespace. -- Required: Yes -- Type: string - ### Parameter: `networkRuleSets` Configure networking options for Premium SKU Service Bus. This object contains IPs/Subnets to allow or restrict access to private endpoints only. For security reasons, it is recommended to configure this object on the Namespace. + - Required: No - Type: object - Default: `{}` @@ -1505,6 +1509,7 @@ Configure networking options for Premium SKU Service Bus. This object contains I ### Parameter: `premiumMessagingPartitions` The number of partitions of a Service Bus namespace. This property is only applicable to Premium SKU namespaces. The default value is 1 and possible values are 1, 2 and 4. + - Required: No - Type: int - Default: `1` @@ -1512,197 +1517,247 @@ The number of partitions of a Service Bus namespace. This property is only appli ### Parameter: `privateEndpoints` Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | No | array | Optional. Application security groups in which the private endpoint IP configuration is included. | -| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | No | array | Optional. Custom DNS configurations. | -| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | No | string | Optional. The custom name of the network interface attached to the private endpoint. | -| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | No | bool | Optional. Enable/Disable usage telemetry for module. | -| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | No | array | Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | -| [`location`](#parameter-privateendpointslocation) | No | string | Optional. The location to deploy the private endpoint to. | -| [`lock`](#parameter-privateendpointslock) | No | object | Optional. Specify the type of lock. | -| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | No | array | Optional. Manual PrivateLink Service Connections. | -| [`name`](#parameter-privateendpointsname) | No | string | Optional. The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | No | string | Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | -| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | No | array | Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | -| [`roleAssignments`](#parameter-privateendpointsroleassignments) | No | array | Optional. Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | No | string | Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | -| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | Yes | string | Required. Resource ID of the subnet where the endpoint needs to be created. | -| [`tags`](#parameter-privateendpointstags) | No | object | Optional. Tags to be applied on all resources/resource groups in this deployment. | - -### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` - -Optional. Application security groups in which the private endpoint IP configuration is included. +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | string | Resource ID of the subnet where the endpoint needs to be created. | -- Required: No -- Type: array +**Optional parameters** -### Parameter: `privateEndpoints.customDnsConfigs` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | array | Application security groups in which the private endpoint IP configuration is included. | +| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | array | Custom DNS configurations. | +| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | +| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | +| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | +| [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | +| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | +| [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | +| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | +| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | +| [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | +| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | +| [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | -Optional. Custom DNS configurations. +### Parameter: `privateEndpoints.subnetResourceId` -- Required: No -- Type: array +Resource ID of the subnet where the endpoint needs to be created. -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | No | string | Required. Fqdn that resolves to private endpoint ip address. | -| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | Yes | array | Required. A list of private ip addresses of the private endpoint. | +- Required: Yes +- Type: string -### Parameter: `privateEndpoints.customDnsConfigs.fqdn` +### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` -Required. Fqdn that resolves to private endpoint ip address. +Application security groups in which the private endpoint IP configuration is included. - Required: No -- Type: string +- Type: array -### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` +### Parameter: `privateEndpoints.customDnsConfigs` -Required. A list of private ip addresses of the private endpoint. +Custom DNS configurations. -- Required: Yes +- Required: No - Type: array - ### Parameter: `privateEndpoints.customNetworkInterfaceName` -Optional. The custom name of the network interface attached to the private endpoint. +The custom name of the network interface attached to the private endpoint. - Required: No - Type: string ### Parameter: `privateEndpoints.enableTelemetry` -Optional. Enable/Disable usage telemetry for module. +Enable/Disable usage telemetry for module. - Required: No - Type: bool ### Parameter: `privateEndpoints.ipConfigurations` -Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. +A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`name`](#parameter-privateendpointsipconfigurationsname) | Yes | string | Required. The name of the resource that is unique within a resource group. | -| [`properties`](#parameter-privateendpointsipconfigurationsproperties) | Yes | object | Required. Properties of private endpoint IP configurations. | - -### Parameter: `privateEndpoints.ipConfigurations.name` +### Parameter: `privateEndpoints.location` -Required. The name of the resource that is unique within a resource group. +The location to deploy the private endpoint to. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties` +### Parameter: `privateEndpoints.lock` -Required. Properties of private endpoint IP configurations. +Specify the type of lock. -- Required: Yes +- Required: No - Type: object -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | Yes | string | Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. | -| [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | Yes | string | Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. | -| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | Yes | string | Required. A private ip address obtained from the private endpoint's subnet. | +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-privateendpointslockkind) | string | Specify the type of lock. | +| [`name`](#parameter-privateendpointslockname) | string | Specify the name of lock. | -### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` +### Parameter: `privateEndpoints.lock.kind` -Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. +Specify the type of lock. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` -### Parameter: `privateEndpoints.ipConfigurations.properties.memberName` +### Parameter: `privateEndpoints.lock.name` -Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. +Specify the name of lock. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` +### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` -Required. A private ip address obtained from the private endpoint's subnet. +Manual PrivateLink Service Connections. -- Required: Yes -- Type: string +- Required: No +- Type: array +### Parameter: `privateEndpoints.name` +The name of the private endpoint. -### Parameter: `privateEndpoints.location` +- Required: No +- Type: string + +### Parameter: `privateEndpoints.privateDnsZoneGroupName` -Optional. The location to deploy the private endpoint to. +The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. - Required: No - Type: string -### Parameter: `privateEndpoints.lock` +### Parameter: `privateEndpoints.privateDnsZoneResourceIds` -Optional. Specify the type of lock. +The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. - Required: No -- Type: object +- Type: array -### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` +### Parameter: `privateEndpoints.roleAssignments` -Optional. Manual PrivateLink Service Connections. +Array of role assignments to create. - Required: No - Type: array -### Parameter: `privateEndpoints.name` +**Required parameters** -Optional. The name of the private endpoint. +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-privateendpointsroleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-privateendpointsroleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-privateendpointsroleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-privateendpointsroleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-privateendpointsroleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-privateendpointsroleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-privateendpointsroleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | + +### Parameter: `privateEndpoints.roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.roleAssignments.roleDefinitionIdOrName` + +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.roleAssignments.condition` + +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `privateEndpoints.privateDnsZoneGroupName` +### Parameter: `privateEndpoints.roleAssignments.conditionVersion` -Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `privateEndpoints.privateDnsZoneResourceIds` +### Parameter: `privateEndpoints.roleAssignments.delegatedManagedIdentityResourceId` -Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. +The Resource Id of the delegated managed identity resource. - Required: No -- Type: array +- Type: string -### Parameter: `privateEndpoints.roleAssignments` +### Parameter: `privateEndpoints.roleAssignments.description` -Optional. Array of role assignments to create. +The description of the role assignment. - Required: No -- Type: array +- Type: string -### Parameter: `privateEndpoints.service` +### Parameter: `privateEndpoints.roleAssignments.principalType` -Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". +The principal type of the assigned principal ID. - Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` -### Parameter: `privateEndpoints.subnetResourceId` +### Parameter: `privateEndpoints.service` -Required. Resource ID of the subnet where the endpoint needs to be created. +The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". -- Required: Yes +- Required: No - Type: string ### Parameter: `privateEndpoints.tags` -Optional. Tags to be applied on all resources/resource groups in this deployment. +Tags to be applied on all resources/resource groups in this deployment. - Required: No - Type: object @@ -1710,6 +1765,7 @@ Optional. Tags to be applied on all resources/resource groups in this deployment ### Parameter: `publicNetworkAccess` Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. + - Required: No - Type: string - Default: `''` @@ -1726,6 +1782,7 @@ Whether or not public network access is allowed for this resource. For security ### Parameter: `queues` The queues to create in the service bus namespace. + - Required: No - Type: array - Default: `[]` @@ -1733,6 +1790,7 @@ The queues to create in the service bus namespace. ### Parameter: `requireInfrastructureEncryption` Enable infrastructure encryption (double encryption). Note, this setting requires the configuration of Customer-Managed-Keys (CMK) via the corresponding module parameters. + - Required: No - Type: bool - Default: `True` @@ -1740,74 +1798,96 @@ Enable infrastructure encryption (double encryption). Note, this setting require ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `skuCapacity` The specified messaging units for the tier. Only used for Premium Sku tier. + - Required: No - Type: int - Default: `1` @@ -1826,6 +1906,7 @@ The specified messaging units for the tier. Only used for Premium Sku tier. ### Parameter: `skuName` Name of this SKU. - Basic, Standard, Premium. + - Required: No - Type: string - Default: `'Basic'` @@ -1841,12 +1922,14 @@ Name of this SKU. - Basic, Standard, Premium. ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object ### Parameter: `topics` The topics to create in the service bus namespace. + - Required: No - Type: array - Default: `[]` @@ -1854,6 +1937,7 @@ The topics to create in the service bus namespace. ### Parameter: `zoneRedundant` Enabling this property creates a Premium Service Bus Namespace in regions supported availability zones. + - Required: No - Type: bool - Default: `False` diff --git a/modules/service-bus/namespace/authorization-rule/README.md b/modules/service-bus/namespace/authorization-rule/README.md index 6596ebe9bf..3df8ec2c40 100644 --- a/modules/service-bus/namespace/authorization-rule/README.md +++ b/modules/service-bus/namespace/authorization-rule/README.md @@ -36,28 +36,32 @@ This module deploys a Service Bus Namespace Authorization Rule. | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`rights`](#parameter-rights) | array | The rights associated with the rule. | -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` - ### Parameter: `name` The name of the authorization rule. + - Required: Yes - Type: string ### Parameter: `namespaceName` The name of the parent Service Bus Namespace for the Service Bus Queue. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` + ### Parameter: `rights` The rights associated with the rule. + - Required: No - Type: array - Default: `[]` diff --git a/modules/service-bus/namespace/disaster-recovery-config/README.md b/modules/service-bus/namespace/disaster-recovery-config/README.md index f018bb7277..a69152b008 100644 --- a/modules/service-bus/namespace/disaster-recovery-config/README.md +++ b/modules/service-bus/namespace/disaster-recovery-config/README.md @@ -32,9 +32,17 @@ This module deploys a Service Bus Namespace Disaster Recovery Config | [`name`](#parameter-name) | string | The name of the disaster recovery config. | | [`partnerNamespaceResourceID`](#parameter-partnernamespaceresourceid) | string | Resource ID of the Primary/Secondary event hub namespace name, which is part of GEO DR pairing. | +### Parameter: `namespaceName` + +The name of the parent Service Bus Namespace for the Service Bus Queue. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `alternateName` Primary/Secondary eventhub namespace name, which is part of GEO DR pairing. + - Required: No - Type: string - Default: `''` @@ -42,6 +50,7 @@ Primary/Secondary eventhub namespace name, which is part of GEO DR pairing. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -49,19 +58,15 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `name` The name of the disaster recovery config. + - Required: No - Type: string - Default: `'default'` -### Parameter: `namespaceName` - -The name of the parent Service Bus Namespace for the Service Bus Queue. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `partnerNamespaceResourceID` Resource ID of the Primary/Secondary event hub namespace name, which is part of GEO DR pairing. + - Required: No - Type: string - Default: `''` diff --git a/modules/service-bus/namespace/migration-configuration/README.md b/modules/service-bus/namespace/migration-configuration/README.md index 26b9a9b0dd..32ce1391b2 100644 --- a/modules/service-bus/namespace/migration-configuration/README.md +++ b/modules/service-bus/namespace/migration-configuration/README.md @@ -36,31 +36,35 @@ This module deploys a Service Bus Namespace Migration Configuration. | :-- | :-- | :-- | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` +### Parameter: `postMigrationName` -### Parameter: `namespaceName` +Name to access Standard Namespace after migration. -The name of the parent Service Bus Namespace for the Service Bus Queue. Required if the template is used in a standalone deployment. - Required: Yes - Type: string -### Parameter: `postMigrationName` +### Parameter: `targetNamespaceResourceId` + +Existing premium Namespace resource ID which has no entities, will be used for migration. -Name to access Standard Namespace after migration. - Required: Yes - Type: string -### Parameter: `targetNamespaceResourceId` +### Parameter: `namespaceName` + +The name of the parent Service Bus Namespace for the Service Bus Queue. Required if the template is used in a standalone deployment. -Existing premium Namespace resource ID which has no entities, will be used for migration. - Required: Yes - Type: string +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` + ## Outputs diff --git a/modules/service-bus/namespace/network-rule-set/README.md b/modules/service-bus/namespace/network-rule-set/README.md index 86f7241c3b..18214d606d 100644 --- a/modules/service-bus/namespace/network-rule-set/README.md +++ b/modules/service-bus/namespace/network-rule-set/README.md @@ -34,9 +34,17 @@ This module deploys a ServiceBus Namespace Network Rule Set. | [`trustedServiceAccessEnabled`](#parameter-trustedserviceaccessenabled) | bool | Value that indicates whether Trusted Service Access is enabled or not. Default is "true". It will not be set if publicNetworkAccess is "Disabled". | | [`virtualNetworkRules`](#parameter-virtualnetworkrules) | array | List virtual network rules. It will not be set if publicNetworkAccess is "Disabled". Otherwise, when used, defaultAction will be set to "Deny". | +### Parameter: `namespaceName` + +The name of the parent Service Bus Namespace for the Service Bus Network Rule Set. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `defaultAction` Default Action for Network Rule Set. Default is "Allow". It will not be set if publicNetworkAccess is "Disabled". Otherwise, it will be set to "Deny" if ipRules or virtualNetworkRules are being used. + - Required: No - Type: string - Default: `'Allow'` @@ -51,6 +59,7 @@ Default Action for Network Rule Set. Default is "Allow". It will not be set if p ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -58,19 +67,15 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `ipRules` List of IpRules. It will not be set if publicNetworkAccess is "Disabled". Otherwise, when used, defaultAction will be set to "Deny". + - Required: No - Type: array - Default: `[]` -### Parameter: `namespaceName` - -The name of the parent Service Bus Namespace for the Service Bus Network Rule Set. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `publicNetworkAccess` This determines if traffic is allowed over public network. Default is "Enabled". If set to "Disabled", traffic to this namespace will be restricted over Private Endpoints only and network rules will not be applied. + - Required: No - Type: string - Default: `'Enabled'` @@ -85,6 +90,7 @@ This determines if traffic is allowed over public network. Default is "Enabled". ### Parameter: `trustedServiceAccessEnabled` Value that indicates whether Trusted Service Access is enabled or not. Default is "true". It will not be set if publicNetworkAccess is "Disabled". + - Required: No - Type: bool - Default: `True` @@ -92,6 +98,7 @@ Value that indicates whether Trusted Service Access is enabled or not. Default i ### Parameter: `virtualNetworkRules` List virtual network rules. It will not be set if publicNetworkAccess is "Disabled". Otherwise, when used, defaultAction will be set to "Deny". + - Required: No - Type: array - Default: `[]` diff --git a/modules/service-bus/namespace/queue/README.md b/modules/service-bus/namespace/queue/README.md index 852c05c23f..f9c6d2da7a 100644 --- a/modules/service-bus/namespace/queue/README.md +++ b/modules/service-bus/namespace/queue/README.md @@ -57,9 +57,24 @@ This module deploys a Service Bus Namespace Queue. | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignments to create. | | [`status`](#parameter-status) | string | Enumerates the possible values for the status of a messaging entity. - Active, Disabled, Restoring, SendDisabled, ReceiveDisabled, Creating, Deleting, Renaming, Unknown. | +### Parameter: `name` + +Name of the Service Bus Queue. + +- Required: Yes +- Type: string + +### Parameter: `namespaceName` + +The name of the parent Service Bus Namespace for the Service Bus Queue. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `authorizationRules` Authorization Rules for the Service Bus Queue. + - Required: No - Type: array - Default: @@ -81,6 +96,7 @@ Authorization Rules for the Service Bus Queue. ### Parameter: `autoDeleteOnIdle` ISO 8061 timeSpan idle interval after which the queue is automatically deleted. The minimum duration is 5 minutes (PT5M). + - Required: No - Type: string - Default: `''` @@ -88,6 +104,7 @@ ISO 8061 timeSpan idle interval after which the queue is automatically deleted. ### Parameter: `deadLetteringOnMessageExpiration` A value that indicates whether this queue has dead letter support when a message expires. + - Required: No - Type: bool - Default: `True` @@ -95,6 +112,7 @@ A value that indicates whether this queue has dead letter support when a message ### Parameter: `defaultMessageTimeToLive` ISO 8601 default message timespan to live value. This is the duration after which the message expires, starting from when the message is sent to Service Bus. This is the default value used when TimeToLive is not set on a message itself. + - Required: No - Type: string - Default: `'P14D'` @@ -102,6 +120,7 @@ ISO 8601 default message timespan to live value. This is the duration after whic ### Parameter: `duplicateDetectionHistoryTimeWindow` ISO 8601 timeSpan structure that defines the duration of the duplicate detection history. The default value is 10 minutes. + - Required: No - Type: string - Default: `'PT10M'` @@ -109,6 +128,7 @@ ISO 8601 timeSpan structure that defines the duration of the duplicate detection ### Parameter: `enableBatchedOperations` Value that indicates whether server-side batched operations are enabled. + - Required: No - Type: bool - Default: `True` @@ -116,6 +136,7 @@ Value that indicates whether server-side batched operations are enabled. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -123,6 +144,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `enableExpress` A value that indicates whether Express Entities are enabled. An express queue holds a message in memory temporarily before writing it to persistent storage. + - Required: No - Type: bool - Default: `False` @@ -130,6 +152,7 @@ A value that indicates whether Express Entities are enabled. An express queue ho ### Parameter: `enablePartitioning` A value that indicates whether the queue is to be partitioned across multiple message brokers. + - Required: No - Type: bool - Default: `False` @@ -137,6 +160,7 @@ A value that indicates whether the queue is to be partitioned across multiple me ### Parameter: `forwardDeadLetteredMessagesTo` Queue/Topic name to forward the Dead Letter message. + - Required: No - Type: string - Default: `''` @@ -144,6 +168,7 @@ Queue/Topic name to forward the Dead Letter message. ### Parameter: `forwardTo` Queue/Topic name to forward the messages. + - Required: No - Type: string - Default: `''` @@ -151,26 +176,35 @@ Queue/Topic name to forward the messages. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -178,6 +212,7 @@ Optional. Specify the name of lock. ### Parameter: `lockDuration` ISO 8601 timespan duration of a peek-lock; that is, the amount of time that the message is locked for other receivers. The maximum value for LockDuration is 5 minutes; the default value is 1 minute. + - Required: No - Type: string - Default: `'PT1M'` @@ -185,6 +220,7 @@ ISO 8601 timespan duration of a peek-lock; that is, the amount of time that the ### Parameter: `maxDeliveryCount` The maximum delivery count. A message is automatically deadlettered after this number of deliveries. default value is 10. + - Required: No - Type: int - Default: `10` @@ -192,6 +228,7 @@ The maximum delivery count. A message is automatically deadlettered after this n ### Parameter: `maxMessageSizeInKilobytes` Maximum size (in KB) of the message payload that can be accepted by the queue. This property is only used in Premium today and default is 1024. + - Required: No - Type: int - Default: `1024` @@ -199,25 +236,15 @@ Maximum size (in KB) of the message payload that can be accepted by the queue. T ### Parameter: `maxSizeInMegabytes` The maximum size of the queue in megabytes, which is the size of memory allocated for the queue. Default is 1024. + - Required: No - Type: int - Default: `1024` -### Parameter: `name` - -Name of the Service Bus Queue. -- Required: Yes -- Type: string - -### Parameter: `namespaceName` - -The name of the parent Service Bus Namespace for the Service Bus Queue. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `requiresDuplicateDetection` A value indicating if this queue requires duplicate detection. + - Required: No - Type: bool - Default: `False` @@ -225,6 +252,7 @@ A value indicating if this queue requires duplicate detection. ### Parameter: `requiresSession` A value that indicates whether the queue supports the concept of sessions. + - Required: No - Type: bool - Default: `False` @@ -232,74 +260,96 @@ A value that indicates whether the queue supports the concept of sessions. ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +**Optional parameters** -### Parameter: `roleAssignments.condition` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | + +### Parameter: `roleAssignments.principalId` -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +The principal ID of the principal (user/group/identity) to assign the role to. -- Required: No +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `status` Enumerates the possible values for the status of a messaging entity. - Active, Disabled, Restoring, SendDisabled, ReceiveDisabled, Creating, Deleting, Renaming, Unknown. + - Required: No - Type: string - Default: `'Active'` diff --git a/modules/service-bus/namespace/queue/authorization-rule/README.md b/modules/service-bus/namespace/queue/authorization-rule/README.md index c607332987..85306aedc9 100644 --- a/modules/service-bus/namespace/queue/authorization-rule/README.md +++ b/modules/service-bus/namespace/queue/authorization-rule/README.md @@ -37,34 +37,39 @@ This module deploys a Service Bus Namespace Queue Authorization Rule. | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`rights`](#parameter-rights) | array | The rights associated with the rule. | -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` - ### Parameter: `name` The name of the service bus namepace queue. + - Required: Yes - Type: string ### Parameter: `namespaceName` The name of the parent Service Bus Namespace. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string ### Parameter: `queueName` The name of the parent Service Bus Namespace Queue. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` + ### Parameter: `rights` The rights associated with the rule. + - Required: No - Type: array - Default: `[]` diff --git a/modules/service-bus/namespace/topic/README.md b/modules/service-bus/namespace/topic/README.md index 69c13d5acf..f81f109519 100644 --- a/modules/service-bus/namespace/topic/README.md +++ b/modules/service-bus/namespace/topic/README.md @@ -52,9 +52,24 @@ This module deploys a Service Bus Namespace Topic. | [`status`](#parameter-status) | string | Enumerates the possible values for the status of a messaging entity. - Active, Disabled, Restoring, SendDisabled, ReceiveDisabled, Creating, Deleting, Renaming, Unknown. | | [`supportOrdering`](#parameter-supportordering) | bool | Value that indicates whether the topic supports ordering. | +### Parameter: `name` + +Name of the Service Bus Topic. + +- Required: Yes +- Type: string + +### Parameter: `namespaceName` + +The name of the parent Service Bus Namespace for the Service Bus Topic. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `authorizationRules` Authorization Rules for the Service Bus Topic. + - Required: No - Type: array - Default: @@ -76,6 +91,7 @@ Authorization Rules for the Service Bus Topic. ### Parameter: `autoDeleteOnIdle` ISO 8601 timespan idle interval after which the topic is automatically deleted. The minimum duration is 5 minutes. + - Required: No - Type: string - Default: `'PT5M'` @@ -83,6 +99,7 @@ ISO 8601 timespan idle interval after which the topic is automatically deleted. ### Parameter: `defaultMessageTimeToLive` ISO 8601 default message timespan to live value. This is the duration after which the message expires, starting from when the message is sent to Service Bus. This is the default value used when TimeToLive is not set on a message itself. + - Required: No - Type: string - Default: `'P14D'` @@ -90,6 +107,7 @@ ISO 8601 default message timespan to live value. This is the duration after whic ### Parameter: `duplicateDetectionHistoryTimeWindow` ISO 8601 timeSpan structure that defines the duration of the duplicate detection history. The default value is 10 minutes. + - Required: No - Type: string - Default: `'PT10M'` @@ -97,6 +115,7 @@ ISO 8601 timeSpan structure that defines the duration of the duplicate detection ### Parameter: `enableBatchedOperations` Value that indicates whether server-side batched operations are enabled. + - Required: No - Type: bool - Default: `True` @@ -104,6 +123,7 @@ Value that indicates whether server-side batched operations are enabled. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -111,6 +131,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `enableExpress` A value that indicates whether Express Entities are enabled. An express topic holds a message in memory temporarily before writing it to persistent storage. + - Required: No - Type: bool - Default: `False` @@ -118,6 +139,7 @@ A value that indicates whether Express Entities are enabled. An express topic ho ### Parameter: `enablePartitioning` A value that indicates whether the topic is to be partitioned across multiple message brokers. + - Required: No - Type: bool - Default: `False` @@ -125,26 +147,35 @@ A value that indicates whether the topic is to be partitioned across multiple me ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -152,6 +183,7 @@ Optional. Specify the name of lock. ### Parameter: `maxMessageSizeInKilobytes` Maximum size (in KB) of the message payload that can be accepted by the topic. This property is only used in Premium today and default is 1024. + - Required: No - Type: int - Default: `1024` @@ -159,25 +191,15 @@ Maximum size (in KB) of the message payload that can be accepted by the topic. T ### Parameter: `maxSizeInMegabytes` The maximum size of the topic in megabytes, which is the size of memory allocated for the topic. Default is 1024. + - Required: No - Type: int - Default: `1024` -### Parameter: `name` - -Name of the Service Bus Topic. -- Required: Yes -- Type: string - -### Parameter: `namespaceName` - -The name of the parent Service Bus Namespace for the Service Bus Topic. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `requiresDuplicateDetection` A value indicating if this topic requires duplicate detection. + - Required: No - Type: bool - Default: `False` @@ -185,74 +207,96 @@ A value indicating if this topic requires duplicate detection. ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `status` Enumerates the possible values for the status of a messaging entity. - Active, Disabled, Restoring, SendDisabled, ReceiveDisabled, Creating, Deleting, Renaming, Unknown. + - Required: No - Type: string - Default: `'Active'` @@ -274,6 +318,7 @@ Enumerates the possible values for the status of a messaging entity. - Active, D ### Parameter: `supportOrdering` Value that indicates whether the topic supports ordering. + - Required: No - Type: bool - Default: `False` diff --git a/modules/service-bus/namespace/topic/authorization-rule/README.md b/modules/service-bus/namespace/topic/authorization-rule/README.md index 583c624576..c235204944 100644 --- a/modules/service-bus/namespace/topic/authorization-rule/README.md +++ b/modules/service-bus/namespace/topic/authorization-rule/README.md @@ -37,28 +37,39 @@ This module deploys a Service Bus Namespace Topic Authorization Rule. | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`rights`](#parameter-rights) | array | The rights associated with the rule. | -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` - ### Parameter: `name` The name of the service bus namespace topic. + - Required: Yes - Type: string ### Parameter: `namespaceName` The name of the parent Service Bus Namespace. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + +### Parameter: `topicName` + +The name of the parent Service Bus Namespace Topic. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` + ### Parameter: `rights` The rights associated with the rule. + - Required: No - Type: array - Default: `[]` @@ -71,12 +82,6 @@ The rights associated with the rule. ] ``` -### Parameter: `topicName` - -The name of the parent Service Bus Namespace Topic. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/service-fabric/cluster/README.md b/modules/service-fabric/cluster/README.md index 15c49a3dcc..1cad50d156 100644 --- a/modules/service-fabric/cluster/README.md +++ b/modules/service-fabric/cluster/README.md @@ -1115,9 +1115,48 @@ module cluster 'br:bicep/modules/service-fabric.cluster:1.0.0' = { | [`vmssZonalUpgradeMode`](#parameter-vmsszonalupgrademode) | string | This property defines the upgrade mode for the virtual machine scale set, it is mandatory if a node type with multiple Availability Zones is added. | | [`waveUpgradePaused`](#parameter-waveupgradepaused) | bool | Boolean to pause automatic runtime version upgrades to the cluster. | +### Parameter: `managementEndpoint` + +The http management endpoint of the cluster. + +- Required: Yes +- Type: string + +### Parameter: `name` + +Name of the Service Fabric cluster. + +- Required: Yes +- Type: string + +### Parameter: `nodeTypes` + +The list of node types in the cluster. + +- Required: Yes +- Type: array + +### Parameter: `reliabilityLevel` + +The reliability level sets the replica set size of system services. Learn about ReliabilityLevel (https://learn.microsoft.com/en-us/azure/service-fabric/service-fabric-cluster-capacity). - None - Run the System services with a target replica set count of 1. This should only be used for test clusters. - Bronze - Run the System services with a target replica set count of 3. This should only be used for test clusters. - Silver - Run the System services with a target replica set count of 5. - Gold - Run the System services with a target replica set count of 7. - Platinum - Run the System services with a target replica set count of 9. + +- Required: Yes +- Type: string +- Allowed: + ```Bicep + [ + 'Bronze' + 'Gold' + 'None' + 'Platinum' + 'Silver' + ] + ``` + ### Parameter: `addOnFeatures` The list of add-on features to enable in the cluster. + - Required: No - Type: array - Default: `[]` @@ -1134,6 +1173,7 @@ The list of add-on features to enable in the cluster. ### Parameter: `applicationTypes` Array of Service Fabric cluster application types. + - Required: No - Type: array - Default: `[]` @@ -1141,6 +1181,7 @@ Array of Service Fabric cluster application types. ### Parameter: `azureActiveDirectory` The settings to enable AAD authentication on the cluster. + - Required: No - Type: object - Default: `{}` @@ -1148,6 +1189,7 @@ The settings to enable AAD authentication on the cluster. ### Parameter: `certificate` Describes the certificate details like thumbprint of the primary certificate, thumbprint of the secondary certificate and the local certificate store location. + - Required: No - Type: object - Default: `{}` @@ -1155,6 +1197,7 @@ Describes the certificate details like thumbprint of the primary certificate, th ### Parameter: `certificateCommonNames` Describes a list of server certificates referenced by common name that are used to secure the cluster. + - Required: No - Type: object - Default: `{}` @@ -1162,6 +1205,7 @@ Describes a list of server certificates referenced by common name that are used ### Parameter: `clientCertificateCommonNames` The list of client certificates referenced by common name that are allowed to manage the cluster. + - Required: No - Type: array - Default: `[]` @@ -1169,6 +1213,7 @@ The list of client certificates referenced by common name that are allowed to ma ### Parameter: `clientCertificateThumbprints` The list of client certificates referenced by thumbprint that are allowed to manage the cluster. + - Required: No - Type: array - Default: `[]` @@ -1176,6 +1221,7 @@ The list of client certificates referenced by thumbprint that are allowed to man ### Parameter: `clusterCodeVersion` The Service Fabric runtime version of the cluster. This property can only by set the user when upgradeMode is set to "Manual". To get list of available Service Fabric versions for new clusters use ClusterVersion API. To get the list of available version for existing clusters use availableClusterVersions. + - Required: No - Type: string - Default: `''` @@ -1183,6 +1229,7 @@ The Service Fabric runtime version of the cluster. This property can only by set ### Parameter: `diagnosticsStorageAccountConfig` The storage account information for storing Service Fabric diagnostic logs. + - Required: No - Type: object - Default: `{}` @@ -1190,6 +1237,7 @@ The storage account information for storing Service Fabric diagnostic logs. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -1197,6 +1245,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `eventStoreServiceEnabled` Indicates if the event store service is enabled. + - Required: No - Type: bool - Default: `False` @@ -1204,6 +1253,7 @@ Indicates if the event store service is enabled. ### Parameter: `fabricSettings` The list of custom fabric settings to configure the cluster. + - Required: No - Type: array - Default: `[]` @@ -1211,6 +1261,7 @@ The list of custom fabric settings to configure the cluster. ### Parameter: `infrastructureServiceManager` Indicates if infrastructure service manager is enabled. + - Required: No - Type: bool - Default: `False` @@ -1218,6 +1269,7 @@ Indicates if infrastructure service manager is enabled. ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -1225,81 +1277,59 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string -### Parameter: `managementEndpoint` - -The http management endpoint of the cluster. -- Required: Yes -- Type: string - ### Parameter: `maxUnusedVersionsToKeep` Number of unused versions per application type to keep. + - Required: No - Type: int - Default: `3` -### Parameter: `name` - -Name of the Service Fabric cluster. -- Required: Yes -- Type: string - -### Parameter: `nodeTypes` - -The list of node types in the cluster. -- Required: Yes -- Type: array - ### Parameter: `notifications` Indicates a list of notification channels for cluster events. + - Required: No - Type: array - Default: `[]` -### Parameter: `reliabilityLevel` - -The reliability level sets the replica set size of system services. Learn about ReliabilityLevel (https://learn.microsoft.com/en-us/azure/service-fabric/service-fabric-cluster-capacity). - None - Run the System services with a target replica set count of 1. This should only be used for test clusters. - Bronze - Run the System services with a target replica set count of 3. This should only be used for test clusters. - Silver - Run the System services with a target replica set count of 5. - Gold - Run the System services with a target replica set count of 7. - Platinum - Run the System services with a target replica set count of 9. -- Required: Yes -- Type: string -- Allowed: - ```Bicep - [ - 'Bronze' - 'Gold' - 'None' - 'Platinum' - 'Silver' - ] - ``` - ### Parameter: `reverseProxyCertificate` Describes the certificate details. + - Required: No - Type: object - Default: `{}` @@ -1307,6 +1337,7 @@ Describes the certificate details. ### Parameter: `reverseProxyCertificateCommonNames` Describes a list of server certificates referenced by common name that are used to secure the cluster. + - Required: No - Type: object - Default: `{}` @@ -1314,74 +1345,96 @@ Describes a list of server certificates referenced by common name that are used ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `sfZonalUpgradeMode` This property controls the logical grouping of VMs in upgrade domains (UDs). This property cannot be modified if a node type with multiple Availability Zones is already present in the cluster. + - Required: No - Type: string - Default: `'Hierarchical'` @@ -1396,12 +1449,14 @@ This property controls the logical grouping of VMs in upgrade domains (UDs). Thi ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object ### Parameter: `upgradeDescription` Describes the policy used when upgrading the cluster. + - Required: No - Type: object - Default: `{}` @@ -1409,6 +1464,7 @@ Describes the policy used when upgrading the cluster. ### Parameter: `upgradeMode` The upgrade mode of the cluster when new Service Fabric runtime version is available. + - Required: No - Type: string - Default: `'Automatic'` @@ -1423,6 +1479,7 @@ The upgrade mode of the cluster when new Service Fabric runtime version is avail ### Parameter: `upgradePauseEndTimestampUtc` Indicates the end date and time to pause automatic runtime version upgrades on the cluster for an specific period of time on the cluster (UTC). + - Required: No - Type: string - Default: `''` @@ -1430,6 +1487,7 @@ Indicates the end date and time to pause automatic runtime version upgrades on t ### Parameter: `upgradePauseStartTimestampUtc` Indicates the start date and time to pause automatic runtime version upgrades on the cluster for an specific period of time on the cluster (UTC). + - Required: No - Type: string - Default: `''` @@ -1437,6 +1495,7 @@ Indicates the start date and time to pause automatic runtime version upgrades on ### Parameter: `upgradeWave` Indicates when new cluster runtime version upgrades will be applied after they are released. By default is Wave0. + - Required: No - Type: string - Default: `'Wave0'` @@ -1452,6 +1511,7 @@ Indicates when new cluster runtime version upgrades will be applied after they a ### Parameter: `vmImage` The VM image VMSS has been configured with. Generic names such as Windows or Linux can be used. + - Required: No - Type: string - Default: `''` @@ -1459,6 +1519,7 @@ The VM image VMSS has been configured with. Generic names such as Windows or Lin ### Parameter: `vmssZonalUpgradeMode` This property defines the upgrade mode for the virtual machine scale set, it is mandatory if a node type with multiple Availability Zones is added. + - Required: No - Type: string - Default: `'Hierarchical'` @@ -1473,6 +1534,7 @@ This property defines the upgrade mode for the virtual machine scale set, it is ### Parameter: `waveUpgradePaused` Boolean to pause automatic runtime version upgrades to the cluster. + - Required: No - Type: bool - Default: `False` diff --git a/modules/service-fabric/cluster/application-type/README.md b/modules/service-fabric/cluster/application-type/README.md index 41f0879037..c2334d1daa 100644 --- a/modules/service-fabric/cluster/application-type/README.md +++ b/modules/service-fabric/cluster/application-type/README.md @@ -31,9 +31,17 @@ This module deploys a Service Fabric Cluster Application Type. | [`name`](#parameter-name) | string | Application type name. | | [`tags`](#parameter-tags) | object | Tags of the resource. | +### Parameter: `serviceFabricClusterName` + +The name of the parent Service Fabric cluster. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -41,19 +49,15 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `name` Application type name. + - Required: No - Type: string - Default: `'defaultApplicationType'` -### Parameter: `serviceFabricClusterName` - -The name of the parent Service Fabric cluster. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object diff --git a/modules/signal-r-service/signal-r/README.md b/modules/signal-r-service/signal-r/README.md index a50cb51919..94f615ac14 100644 --- a/modules/signal-r-service/signal-r/README.md +++ b/modules/signal-r-service/signal-r/README.md @@ -497,9 +497,17 @@ module signalR 'br:bicep/modules/signal-r-service.signal-r:1.0.0' = { | [`tags`](#parameter-tags) | object | The tags of the resource. | | [`upstreamTemplatesToEnable`](#parameter-upstreamtemplatestoenable) | array | Upstream templates to enable. For more information, see https://learn.microsoft.com/en-us/azure/templates/microsoft.signalrservice/2022-02-01/signalr?pivots=deployment-language-bicep#upstreamtemplate. | +### Parameter: `name` + +The name of the SignalR Service resource. + +- Required: Yes +- Type: string + ### Parameter: `allowedOrigins` The allowed origin settings of the resource. + - Required: No - Type: array - Default: @@ -512,6 +520,7 @@ The allowed origin settings of the resource. ### Parameter: `capacity` The unit count of the resource. + - Required: No - Type: int - Default: `1` @@ -519,6 +528,7 @@ The unit count of the resource. ### Parameter: `clientCertEnabled` Request client certificate during TLS handshake if enabled. + - Required: No - Type: bool - Default: `False` @@ -526,6 +536,7 @@ Request client certificate during TLS handshake if enabled. ### Parameter: `disableAadAuth` The disable Azure AD auth settings of the resource. + - Required: No - Type: bool - Default: `False` @@ -533,6 +544,7 @@ The disable Azure AD auth settings of the resource. ### Parameter: `disableLocalAuth` The disable local auth settings of the resource. + - Required: No - Type: bool - Default: `True` @@ -540,6 +552,7 @@ The disable local auth settings of the resource. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -547,6 +560,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `features` The features settings of the resource, `ServiceMode` is the only required feature. See https://learn.microsoft.com/en-us/azure/templates/microsoft.signalrservice/signalr?pivots=deployment-language-bicep#signalrfeature for more information. + - Required: No - Type: array - Default: @@ -562,6 +576,7 @@ The features settings of the resource, `ServiceMode` is the only required featur ### Parameter: `kind` The kind of the service. + - Required: No - Type: string - Default: `'SignalR'` @@ -576,6 +591,7 @@ The kind of the service. ### Parameter: `liveTraceCatagoriesToEnable` Control permission for data plane traffic coming from public networks while private endpoint is enabled. + - Required: No - Type: array - Default: @@ -596,6 +612,7 @@ Control permission for data plane traffic coming from public networks while priv ### Parameter: `location` The location for the resource. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -603,39 +620,43 @@ The location for the resource. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string -### Parameter: `name` - -The name of the SignalR Service resource. -- Required: Yes -- Type: string - ### Parameter: `networkAcls` Networks ACLs, this value contains IPs to allow and/or Subnet information. Can only be set if the 'SKU' is not 'Free_F1'. For security reasons, it is recommended to set the DefaultAction Deny. + - Required: No - Type: object - Default: `{}` @@ -643,197 +664,247 @@ Networks ACLs, this value contains IPs to allow and/or Subnet information. Can o ### Parameter: `privateEndpoints` Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | No | array | Optional. Application security groups in which the private endpoint IP configuration is included. | -| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | No | array | Optional. Custom DNS configurations. | -| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | No | string | Optional. The custom name of the network interface attached to the private endpoint. | -| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | No | bool | Optional. Enable/Disable usage telemetry for module. | -| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | No | array | Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | -| [`location`](#parameter-privateendpointslocation) | No | string | Optional. The location to deploy the private endpoint to. | -| [`lock`](#parameter-privateendpointslock) | No | object | Optional. Specify the type of lock. | -| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | No | array | Optional. Manual PrivateLink Service Connections. | -| [`name`](#parameter-privateendpointsname) | No | string | Optional. The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | No | string | Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | -| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | No | array | Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | -| [`roleAssignments`](#parameter-privateendpointsroleassignments) | No | array | Optional. Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | No | string | Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | -| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | Yes | string | Required. Resource ID of the subnet where the endpoint needs to be created. | -| [`tags`](#parameter-privateendpointstags) | No | object | Optional. Tags to be applied on all resources/resource groups in this deployment. | - -### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | string | Resource ID of the subnet where the endpoint needs to be created. | -Optional. Application security groups in which the private endpoint IP configuration is included. +**Optional parameters** -- Required: No -- Type: array +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | array | Application security groups in which the private endpoint IP configuration is included. | +| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | array | Custom DNS configurations. | +| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | +| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | +| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | +| [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | +| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | +| [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | +| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | +| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | +| [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | +| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | +| [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | -### Parameter: `privateEndpoints.customDnsConfigs` +### Parameter: `privateEndpoints.subnetResourceId` -Optional. Custom DNS configurations. +Resource ID of the subnet where the endpoint needs to be created. -- Required: No -- Type: array - -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | No | string | Required. Fqdn that resolves to private endpoint ip address. | -| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | Yes | array | Required. A list of private ip addresses of the private endpoint. | +- Required: Yes +- Type: string -### Parameter: `privateEndpoints.customDnsConfigs.fqdn` +### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` -Required. Fqdn that resolves to private endpoint ip address. +Application security groups in which the private endpoint IP configuration is included. - Required: No -- Type: string +- Type: array -### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` +### Parameter: `privateEndpoints.customDnsConfigs` -Required. A list of private ip addresses of the private endpoint. +Custom DNS configurations. -- Required: Yes +- Required: No - Type: array - ### Parameter: `privateEndpoints.customNetworkInterfaceName` -Optional. The custom name of the network interface attached to the private endpoint. +The custom name of the network interface attached to the private endpoint. - Required: No - Type: string ### Parameter: `privateEndpoints.enableTelemetry` -Optional. Enable/Disable usage telemetry for module. +Enable/Disable usage telemetry for module. - Required: No - Type: bool ### Parameter: `privateEndpoints.ipConfigurations` -Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. +A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`name`](#parameter-privateendpointsipconfigurationsname) | Yes | string | Required. The name of the resource that is unique within a resource group. | -| [`properties`](#parameter-privateendpointsipconfigurationsproperties) | Yes | object | Required. Properties of private endpoint IP configurations. | - -### Parameter: `privateEndpoints.ipConfigurations.name` +### Parameter: `privateEndpoints.location` -Required. The name of the resource that is unique within a resource group. +The location to deploy the private endpoint to. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties` +### Parameter: `privateEndpoints.lock` -Required. Properties of private endpoint IP configurations. +Specify the type of lock. -- Required: Yes +- Required: No - Type: object -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | Yes | string | Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. | -| [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | Yes | string | Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. | -| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | Yes | string | Required. A private ip address obtained from the private endpoint's subnet. | +**Optional parameters** -### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-privateendpointslockkind) | string | Specify the type of lock. | +| [`name`](#parameter-privateendpointslockname) | string | Specify the name of lock. | -Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. +### Parameter: `privateEndpoints.lock.kind` -- Required: Yes +Specify the type of lock. + +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` -### Parameter: `privateEndpoints.ipConfigurations.properties.memberName` +### Parameter: `privateEndpoints.lock.name` -Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. +Specify the name of lock. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` +### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` -Required. A private ip address obtained from the private endpoint's subnet. +Manual PrivateLink Service Connections. -- Required: Yes -- Type: string +- Required: No +- Type: array +### Parameter: `privateEndpoints.name` +The name of the private endpoint. -### Parameter: `privateEndpoints.location` +- Required: No +- Type: string -Optional. The location to deploy the private endpoint to. +### Parameter: `privateEndpoints.privateDnsZoneGroupName` + +The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. - Required: No - Type: string -### Parameter: `privateEndpoints.lock` +### Parameter: `privateEndpoints.privateDnsZoneResourceIds` -Optional. Specify the type of lock. +The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. - Required: No -- Type: object +- Type: array -### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` +### Parameter: `privateEndpoints.roleAssignments` -Optional. Manual PrivateLink Service Connections. +Array of role assignments to create. - Required: No - Type: array -### Parameter: `privateEndpoints.name` +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-privateendpointsroleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-privateendpointsroleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-privateendpointsroleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-privateendpointsroleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-privateendpointsroleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-privateendpointsroleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-privateendpointsroleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | + +### Parameter: `privateEndpoints.roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.roleAssignments.roleDefinitionIdOrName` + +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + +- Required: Yes +- Type: string -Optional. The name of the private endpoint. +### Parameter: `privateEndpoints.roleAssignments.condition` + +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `privateEndpoints.privateDnsZoneGroupName` +### Parameter: `privateEndpoints.roleAssignments.conditionVersion` -Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `privateEndpoints.privateDnsZoneResourceIds` +### Parameter: `privateEndpoints.roleAssignments.delegatedManagedIdentityResourceId` -Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. +The Resource Id of the delegated managed identity resource. - Required: No -- Type: array +- Type: string -### Parameter: `privateEndpoints.roleAssignments` +### Parameter: `privateEndpoints.roleAssignments.description` -Optional. Array of role assignments to create. +The description of the role assignment. - Required: No -- Type: array +- Type: string -### Parameter: `privateEndpoints.service` +### Parameter: `privateEndpoints.roleAssignments.principalType` -Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". +The principal type of the assigned principal ID. - Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` -### Parameter: `privateEndpoints.subnetResourceId` +### Parameter: `privateEndpoints.service` -Required. Resource ID of the subnet where the endpoint needs to be created. +The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". -- Required: Yes +- Required: No - Type: string ### Parameter: `privateEndpoints.tags` -Optional. Tags to be applied on all resources/resource groups in this deployment. +Tags to be applied on all resources/resource groups in this deployment. - Required: No - Type: object @@ -841,6 +912,7 @@ Optional. Tags to be applied on all resources/resource groups in this deployment ### Parameter: `publicNetworkAccess` Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. + - Required: No - Type: string - Default: `''` @@ -856,6 +928,7 @@ Whether or not public network access is allowed for this resource. For security ### Parameter: `resourceLogConfigurationsToEnable` Control permission for data plane traffic coming from public networks while private endpoint is enabled. + - Required: No - Type: array - Default: @@ -876,74 +949,96 @@ Control permission for data plane traffic coming from public networks while priv ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `sku` The SKU of the service. + - Required: No - Type: string - Default: `'Standard_S1'` @@ -963,12 +1058,14 @@ The SKU of the service. ### Parameter: `tags` The tags of the resource. + - Required: No - Type: object ### Parameter: `upstreamTemplatesToEnable` Upstream templates to enable. For more information, see https://learn.microsoft.com/en-us/azure/templates/microsoft.signalrservice/2022-02-01/signalr?pivots=deployment-language-bicep#upstreamtemplate. + - Required: No - Type: array - Default: `[]` diff --git a/modules/signal-r-service/web-pub-sub/README.md b/modules/signal-r-service/web-pub-sub/README.md index db8dd5f45c..7f7186177b 100644 --- a/modules/signal-r-service/web-pub-sub/README.md +++ b/modules/signal-r-service/web-pub-sub/README.md @@ -595,9 +595,17 @@ module webPubSub 'br:bicep/modules/signal-r-service.web-pub-sub:1.0.0' = { | [`sku`](#parameter-sku) | string | Pricing tier of the resource. | | [`tags`](#parameter-tags) | object | Tags of the resource. | +### Parameter: `name` + +The name of the Web PubSub Service resource. + +- Required: Yes +- Type: string + ### Parameter: `capacity` The unit count of the resource. 1 by default. + - Required: No - Type: int - Default: `1` @@ -605,6 +613,7 @@ The unit count of the resource. 1 by default. ### Parameter: `clientCertEnabled` Request client certificate during TLS handshake if enabled. + - Required: No - Type: bool - Default: `False` @@ -612,6 +621,7 @@ Request client certificate during TLS handshake if enabled. ### Parameter: `disableAadAuth` When set as true, connection with AuthType=aad won't work. + - Required: No - Type: bool - Default: `False` @@ -619,6 +629,7 @@ When set as true, connection with AuthType=aad won't work. ### Parameter: `disableLocalAuth` Disables all authentication methods other than AAD authentication. For security reasons, this value should be set to `true`. + - Required: No - Type: bool - Default: `True` @@ -626,6 +637,7 @@ Disables all authentication methods other than AAD authentication. For security ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -633,6 +645,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` The location for the resource. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -640,26 +653,35 @@ The location for the resource. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -667,38 +689,35 @@ Optional. Specify the name of lock. ### Parameter: `managedIdentities` The managed identity definition for this resource. Only one type of identity is supported: system-assigned or user-assigned, but not both. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | No | bool | Optional. Enables system assigned managed identity on the resource. | -| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | No | array | Optional. The resource ID(s) to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | bool | Enables system assigned managed identity on the resource. | +| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. | ### Parameter: `managedIdentities.systemAssigned` -Optional. Enables system assigned managed identity on the resource. +Enables system assigned managed identity on the resource. - Required: No - Type: bool ### Parameter: `managedIdentities.userAssignedResourceIds` -Optional. The resource ID(s) to assign to the resource. +The resource ID(s) to assign to the resource. - Required: No - Type: array -### Parameter: `name` - -The name of the Web PubSub Service resource. -- Required: Yes -- Type: string - ### Parameter: `networkAcls` Networks ACLs, this value contains IPs to allow and/or Subnet information. Can only be set if the 'SKU' is not 'Free_F1'. For security reasons, it is recommended to set the DefaultAction Deny. + - Required: No - Type: object - Default: `{}` @@ -706,197 +725,247 @@ Networks ACLs, this value contains IPs to allow and/or Subnet information. Can o ### Parameter: `privateEndpoints` Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | No | array | Optional. Application security groups in which the private endpoint IP configuration is included. | -| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | No | array | Optional. Custom DNS configurations. | -| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | No | string | Optional. The custom name of the network interface attached to the private endpoint. | -| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | No | bool | Optional. Enable/Disable usage telemetry for module. | -| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | No | array | Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | -| [`location`](#parameter-privateendpointslocation) | No | string | Optional. The location to deploy the private endpoint to. | -| [`lock`](#parameter-privateendpointslock) | No | object | Optional. Specify the type of lock. | -| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | No | array | Optional. Manual PrivateLink Service Connections. | -| [`name`](#parameter-privateendpointsname) | No | string | Optional. The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | No | string | Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | -| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | No | array | Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | -| [`roleAssignments`](#parameter-privateendpointsroleassignments) | No | array | Optional. Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | No | string | Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | -| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | Yes | string | Required. Resource ID of the subnet where the endpoint needs to be created. | -| [`tags`](#parameter-privateendpointstags) | No | object | Optional. Tags to be applied on all resources/resource groups in this deployment. | - -### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` - -Optional. Application security groups in which the private endpoint IP configuration is included. +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | string | Resource ID of the subnet where the endpoint needs to be created. | -- Required: No -- Type: array +**Optional parameters** -### Parameter: `privateEndpoints.customDnsConfigs` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | array | Application security groups in which the private endpoint IP configuration is included. | +| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | array | Custom DNS configurations. | +| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | +| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | +| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | +| [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | +| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | +| [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | +| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | +| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | +| [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | +| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | +| [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | -Optional. Custom DNS configurations. +### Parameter: `privateEndpoints.subnetResourceId` -- Required: No -- Type: array +Resource ID of the subnet where the endpoint needs to be created. -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | No | string | Required. Fqdn that resolves to private endpoint ip address. | -| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | Yes | array | Required. A list of private ip addresses of the private endpoint. | +- Required: Yes +- Type: string -### Parameter: `privateEndpoints.customDnsConfigs.fqdn` +### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` -Required. Fqdn that resolves to private endpoint ip address. +Application security groups in which the private endpoint IP configuration is included. - Required: No -- Type: string +- Type: array -### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` +### Parameter: `privateEndpoints.customDnsConfigs` -Required. A list of private ip addresses of the private endpoint. +Custom DNS configurations. -- Required: Yes +- Required: No - Type: array - ### Parameter: `privateEndpoints.customNetworkInterfaceName` -Optional. The custom name of the network interface attached to the private endpoint. +The custom name of the network interface attached to the private endpoint. - Required: No - Type: string ### Parameter: `privateEndpoints.enableTelemetry` -Optional. Enable/Disable usage telemetry for module. +Enable/Disable usage telemetry for module. - Required: No - Type: bool ### Parameter: `privateEndpoints.ipConfigurations` -Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. +A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`name`](#parameter-privateendpointsipconfigurationsname) | Yes | string | Required. The name of the resource that is unique within a resource group. | -| [`properties`](#parameter-privateendpointsipconfigurationsproperties) | Yes | object | Required. Properties of private endpoint IP configurations. | - -### Parameter: `privateEndpoints.ipConfigurations.name` +### Parameter: `privateEndpoints.location` -Required. The name of the resource that is unique within a resource group. +The location to deploy the private endpoint to. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties` +### Parameter: `privateEndpoints.lock` -Required. Properties of private endpoint IP configurations. +Specify the type of lock. -- Required: Yes +- Required: No - Type: object -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | Yes | string | Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. | -| [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | Yes | string | Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. | -| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | Yes | string | Required. A private ip address obtained from the private endpoint's subnet. | +**Optional parameters** -### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-privateendpointslockkind) | string | Specify the type of lock. | +| [`name`](#parameter-privateendpointslockname) | string | Specify the name of lock. | -Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. +### Parameter: `privateEndpoints.lock.kind` -- Required: Yes +Specify the type of lock. + +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` -### Parameter: `privateEndpoints.ipConfigurations.properties.memberName` +### Parameter: `privateEndpoints.lock.name` -Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. +Specify the name of lock. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` +### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` -Required. A private ip address obtained from the private endpoint's subnet. +Manual PrivateLink Service Connections. -- Required: Yes -- Type: string +- Required: No +- Type: array +### Parameter: `privateEndpoints.name` +The name of the private endpoint. -### Parameter: `privateEndpoints.location` +- Required: No +- Type: string -Optional. The location to deploy the private endpoint to. +### Parameter: `privateEndpoints.privateDnsZoneGroupName` + +The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. - Required: No - Type: string -### Parameter: `privateEndpoints.lock` +### Parameter: `privateEndpoints.privateDnsZoneResourceIds` -Optional. Specify the type of lock. +The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. - Required: No -- Type: object +- Type: array -### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` +### Parameter: `privateEndpoints.roleAssignments` -Optional. Manual PrivateLink Service Connections. +Array of role assignments to create. - Required: No - Type: array -### Parameter: `privateEndpoints.name` +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-privateendpointsroleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-privateendpointsroleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-privateendpointsroleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-privateendpointsroleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-privateendpointsroleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-privateendpointsroleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-privateendpointsroleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | + +### Parameter: `privateEndpoints.roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.roleAssignments.roleDefinitionIdOrName` + +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.roleAssignments.condition` -Optional. The name of the private endpoint. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `privateEndpoints.privateDnsZoneGroupName` +### Parameter: `privateEndpoints.roleAssignments.conditionVersion` -Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `privateEndpoints.privateDnsZoneResourceIds` +### Parameter: `privateEndpoints.roleAssignments.delegatedManagedIdentityResourceId` -Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. +The Resource Id of the delegated managed identity resource. - Required: No -- Type: array +- Type: string -### Parameter: `privateEndpoints.roleAssignments` +### Parameter: `privateEndpoints.roleAssignments.description` -Optional. Array of role assignments to create. +The description of the role assignment. - Required: No -- Type: array +- Type: string -### Parameter: `privateEndpoints.service` +### Parameter: `privateEndpoints.roleAssignments.principalType` -Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". +The principal type of the assigned principal ID. - Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` -### Parameter: `privateEndpoints.subnetResourceId` +### Parameter: `privateEndpoints.service` -Required. Resource ID of the subnet where the endpoint needs to be created. +The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". -- Required: Yes +- Required: No - Type: string ### Parameter: `privateEndpoints.tags` -Optional. Tags to be applied on all resources/resource groups in this deployment. +Tags to be applied on all resources/resource groups in this deployment. - Required: No - Type: object @@ -904,6 +973,7 @@ Optional. Tags to be applied on all resources/resource groups in this deployment ### Parameter: `publicNetworkAccess` Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. + - Required: No - Type: string - Default: `''` @@ -919,6 +989,7 @@ Whether or not public network access is allowed for this resource. For security ### Parameter: `resourceLogConfigurationsToEnable` Control permission for data plane traffic coming from public networks while private endpoint is enabled. + - Required: No - Type: array - Default: @@ -939,74 +1010,96 @@ Control permission for data plane traffic coming from public networks while priv ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `sku` Pricing tier of the resource. + - Required: No - Type: string - Default: `'Standard_S1'` @@ -1021,6 +1114,7 @@ Pricing tier of the resource. ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object diff --git a/modules/sql/managed-instance/README.md b/modules/sql/managed-instance/README.md index 1a70895914..d40d728918 100644 --- a/modules/sql/managed-instance/README.md +++ b/modules/sql/managed-instance/README.md @@ -860,18 +860,43 @@ module managedInstance 'br:bicep/modules/sql.managed-instance:1.0.0' = { ### Parameter: `administratorLogin` The username used to establish jumpbox VMs. + - Required: Yes - Type: string ### Parameter: `administratorLoginPassword` The password given to the admin user. + - Required: Yes - Type: securestring +### Parameter: `name` + +The name of the SQL managed instance. + +- Required: Yes +- Type: string + +### Parameter: `subnetId` + +The fully qualified resource ID of the subnet on which the SQL managed instance will be placed. + +- Required: Yes +- Type: string + +### Parameter: `primaryUserAssignedIdentityId` + +The resource ID of a user assigned identity to be used by default. Required if "userAssignedIdentities" is not empty. + +- Required: No +- Type: string +- Default: `''` + ### Parameter: `administratorsObj` The administrator configuration. + - Required: No - Type: object - Default: `{}` @@ -879,6 +904,7 @@ The administrator configuration. ### Parameter: `collation` Collation of the managed instance. + - Required: No - Type: string - Default: `'SQL_Latin1_General_CP1_CI_AS'` @@ -886,6 +912,7 @@ Collation of the managed instance. ### Parameter: `databases` Databases to create in this server. + - Required: No - Type: array - Default: `[]` @@ -893,114 +920,90 @@ Databases to create in this server. ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.metricCategories` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | - -### Parameter: `diagnosticSettings.metricCategories.category` - -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. - -- Required: Yes -- Type: string - - ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -1008,6 +1011,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `dnsZonePartner` The resource ID of another managed instance whose DNS zone this managed instance will share after creation. + - Required: No - Type: string - Default: `''` @@ -1015,6 +1019,7 @@ The resource ID of another managed instance whose DNS zone this managed instance ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -1022,6 +1027,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `encryptionProtectorObj` The encryption protection configuration. + - Required: No - Type: object - Default: `{}` @@ -1029,6 +1035,7 @@ The encryption protection configuration. ### Parameter: `hardwareFamily` If the service has different generations of hardware, for the same SKU, then that can be captured here. + - Required: No - Type: string - Default: `'Gen5'` @@ -1036,6 +1043,7 @@ If the service has different generations of hardware, for the same SKU, then tha ### Parameter: `instancePoolResourceId` The resource ID of the instance pool this managed server belongs to. + - Required: No - Type: string - Default: `''` @@ -1043,6 +1051,7 @@ The resource ID of the instance pool this managed server belongs to. ### Parameter: `keys` The keys to configure. + - Required: No - Type: array - Default: `[]` @@ -1050,6 +1059,7 @@ The keys to configure. ### Parameter: `licenseType` The license type. Possible values are 'LicenseIncluded' (regular price inclusive of a new SQL license) and 'BasePrice' (discounted AHB price for bringing your own SQL licenses). + - Required: No - Type: string - Default: `'LicenseIncluded'` @@ -1064,6 +1074,7 @@ The license type. Possible values are 'LicenseIncluded' (regular price inclusive ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -1071,26 +1082,35 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -1098,25 +1118,27 @@ Optional. Specify the name of lock. ### Parameter: `managedIdentities` The managed identity definition for this resource. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | No | bool | Optional. Enables system assigned managed identity on the resource. | -| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | No | array | Optional. The resource ID(s) to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | bool | Enables system assigned managed identity on the resource. | +| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. | ### Parameter: `managedIdentities.systemAssigned` -Optional. Enables system assigned managed identity on the resource. +Enables system assigned managed identity on the resource. - Required: No - Type: bool ### Parameter: `managedIdentities.userAssignedResourceIds` -Optional. The resource ID(s) to assign to the resource. +The resource ID(s) to assign to the resource. - Required: No - Type: array @@ -1124,6 +1146,7 @@ Optional. The resource ID(s) to assign to the resource. ### Parameter: `managedInstanceCreateMode` Specifies the mode of database creation. Default: Regular instance creation. Restore: Creates an instance by restoring a set of backups to specific point in time. RestorePointInTime and SourceManagedInstanceId must be specified. + - Required: No - Type: string - Default: `'Default'` @@ -1138,6 +1161,7 @@ Specifies the mode of database creation. Default: Regular instance creation. Res ### Parameter: `minimalTlsVersion` Minimal TLS version allowed. + - Required: No - Type: string - Default: `'1.2'` @@ -1151,22 +1175,10 @@ Minimal TLS version allowed. ] ``` -### Parameter: `name` - -The name of the SQL managed instance. -- Required: Yes -- Type: string - -### Parameter: `primaryUserAssignedIdentityId` - -The resource ID of a user assigned identity to be used by default. Required if "userAssignedIdentities" is not empty. -- Required: No -- Type: string -- Default: `''` - ### Parameter: `proxyOverride` Connection type used for connecting to the instance. + - Required: No - Type: string - Default: `'Proxy'` @@ -1182,6 +1194,7 @@ Connection type used for connecting to the instance. ### Parameter: `publicDataEndpointEnabled` Whether or not the public data endpoint is enabled. + - Required: No - Type: bool - Default: `False` @@ -1189,6 +1202,7 @@ Whether or not the public data endpoint is enabled. ### Parameter: `requestedBackupStorageRedundancy` The storage account type used to store backups for this database. + - Required: No - Type: string - Default: `'Geo'` @@ -1205,6 +1219,7 @@ The storage account type used to store backups for this database. ### Parameter: `restorePointInTime` Specifies the point in time (ISO8601 format) of the source database that will be restored to create the new database. + - Required: No - Type: string - Default: `''` @@ -1212,74 +1227,96 @@ Specifies the point in time (ISO8601 format) of the source database that will be ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `securityAlertPoliciesObj` The security alert policy configuration. + - Required: No - Type: object - Default: `{}` @@ -1287,6 +1324,7 @@ The security alert policy configuration. ### Parameter: `servicePrincipal` Service principal type. If using AD Authentication and applying Admin, must be set to `SystemAssigned`. Then Global Admin must allow Reader access to Azure AD for the Service Principal. + - Required: No - Type: string - Default: `'None'` @@ -1301,6 +1339,7 @@ Service principal type. If using AD Authentication and applying Admin, must be s ### Parameter: `skuName` The name of the SKU, typically, a letter + Number code, e.g. P3. + - Required: No - Type: string - Default: `'GP_Gen5'` @@ -1308,6 +1347,7 @@ The name of the SKU, typically, a letter + Number code, e.g. P3. ### Parameter: `skuTier` The tier or edition of the particular SKU, e.g. Basic, Premium. + - Required: No - Type: string - Default: `'GeneralPurpose'` @@ -1315,6 +1355,7 @@ The tier or edition of the particular SKU, e.g. Basic, Premium. ### Parameter: `sourceManagedInstanceId` The resource identifier of the source managed instance associated with create operation of this instance. + - Required: No - Type: string - Default: `''` @@ -1322,25 +1363,22 @@ The resource identifier of the source managed instance associated with create op ### Parameter: `storageSizeInGB` Storage size in GB. Minimum value: 32. Maximum value: 8192. Increments of 32 GB allowed only. + - Required: No - Type: int - Default: `32` -### Parameter: `subnetId` - -The fully qualified resource ID of the subnet on which the SQL managed instance will be placed. -- Required: Yes -- Type: string - ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object ### Parameter: `timezoneId` ID of the timezone. Allowed values are timezones supported by Windows. + - Required: No - Type: string - Default: `'UTC'` @@ -1348,6 +1386,7 @@ ID of the timezone. Allowed values are timezones supported by Windows. ### Parameter: `vCores` The number of vCores. Allowed values: 8, 16, 24, 32, 40, 64, 80. + - Required: No - Type: int - Default: `4` @@ -1355,6 +1394,7 @@ The number of vCores. Allowed values: 8, 16, 24, 32, 40, 64, 80. ### Parameter: `vulnerabilityAssessmentsObj` The vulnerability assessment configuration. + - Required: No - Type: object - Default: `{}` @@ -1362,6 +1402,7 @@ The vulnerability assessment configuration. ### Parameter: `zoneRedundant` Whether or not multi-az is enabled. + - Required: No - Type: bool - Default: `False` diff --git a/modules/sql/managed-instance/administrator/README.md b/modules/sql/managed-instance/administrator/README.md index 8382a3a1c6..b6c59f67b3 100644 --- a/modules/sql/managed-instance/administrator/README.md +++ b/modules/sql/managed-instance/administrator/README.md @@ -37,34 +37,39 @@ This module deploys a SQL Managed Instance Administrator. | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`tenantId`](#parameter-tenantid) | string | Tenant ID of the managed instance administrator. | -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` - ### Parameter: `login` Login name of the managed instance administrator. + - Required: Yes - Type: string -### Parameter: `managedInstanceName` +### Parameter: `sid` + +SID (object ID) of the managed instance administrator. -The name of the parent SQL managed instance. Required if the template is used in a standalone deployment. - Required: Yes - Type: string -### Parameter: `sid` +### Parameter: `managedInstanceName` + +The name of the parent SQL managed instance. Required if the template is used in a standalone deployment. -SID (object ID) of the managed instance administrator. - Required: Yes - Type: string +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` + ### Parameter: `tenantId` Tenant ID of the managed instance administrator. + - Required: No - Type: string - Default: `''` diff --git a/modules/sql/managed-instance/database/README.md b/modules/sql/managed-instance/database/README.md index 12e6fb4709..a7d39cc286 100644 --- a/modules/sql/managed-instance/database/README.md +++ b/modules/sql/managed-instance/database/README.md @@ -55,9 +55,72 @@ This module deploys a SQL Managed Instance Database. | [`restorableDroppedDatabaseId`](#parameter-restorabledroppeddatabaseid) | string | The restorable dropped database resource ID to restore when creating this database. | | [`tags`](#parameter-tags) | object | Tags of the resource. | +### Parameter: `name` + +The name of the SQL managed instance database. + +- Required: Yes +- Type: string + +### Parameter: `longTermRetentionBackupResourceId` + +The resource ID of the Long Term Retention backup to be used for restore of this managed database. Required if createMode is RestoreLongTermRetentionBackup. + +- Required: No +- Type: string +- Default: `''` + +### Parameter: `managedInstanceName` + +The name of the parent SQL managed instance. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + +### Parameter: `recoverableDatabaseId` + +The resource identifier of the recoverable database associated with create operation of this database. Required if createMode is Recovery. + +- Required: No +- Type: string +- Default: `''` + +### Parameter: `restorePointInTime` + +Specifies the point in time (ISO8601 format) of the source database that will be restored to create the new database. Required if createMode is PointInTimeRestore. + +- Required: No +- Type: string +- Default: `''` + +### Parameter: `sourceDatabaseId` + +The resource identifier of the source database associated with create operation of this database. Required if createMode is PointInTimeRestore. + +- Required: No +- Type: string +- Default: `''` + +### Parameter: `storageContainerSasToken` + +Specifies the storage container sas token. Required if createMode is RestoreExternalBackup. + +- Required: No +- Type: string +- Default: `''` + +### Parameter: `storageContainerUri` + +Specifies the uri of the storage container where backups for this restore are stored. Required if createMode is RestoreExternalBackup. + +- Required: No +- Type: string +- Default: `''` + ### Parameter: `backupLongTermRetentionPoliciesObj` The configuration for the backup long term retention policy definition. + - Required: No - Type: object - Default: `{}` @@ -65,6 +128,7 @@ The configuration for the backup long term retention policy definition. ### Parameter: `backupShortTermRetentionPoliciesObj` The configuration for the backup short term retention policy definition. + - Required: No - Type: object - Default: `{}` @@ -72,6 +136,7 @@ The configuration for the backup short term retention policy definition. ### Parameter: `catalogCollation` Collation of the managed instance. + - Required: No - Type: string - Default: `'SQL_Latin1_General_CP1_CI_AS'` @@ -79,6 +144,7 @@ Collation of the managed instance. ### Parameter: `collation` Collation of the managed instance database. + - Required: No - Type: string - Default: `'SQL_Latin1_General_CP1_CI_AS'` @@ -86,6 +152,7 @@ Collation of the managed instance database. ### Parameter: `createMode` Managed database create mode. PointInTimeRestore: Create a database by restoring a point in time backup of an existing database. SourceDatabaseName, SourceManagedInstanceName and PointInTime must be specified. RestoreExternalBackup: Create a database by restoring from external backup files. Collation, StorageContainerUri and StorageContainerSasToken must be specified. Recovery: Creates a database by restoring a geo-replicated backup. RecoverableDatabaseId must be specified as the recoverable database resource ID to restore. RestoreLongTermRetentionBackup: Create a database by restoring from a long term retention backup (longTermRetentionBackupResourceId required). + - Required: No - Type: string - Default: `'Default'` @@ -103,94 +170,82 @@ Managed database create mode. PointInTimeRestore: Create a database by restoring ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -198,6 +253,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -205,6 +261,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -212,87 +269,43 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. - -- Required: No -- Type: string - -### Parameter: `longTermRetentionBackupResourceId` - -The resource ID of the Long Term Retention backup to be used for restore of this managed database. Required if createMode is RestoreLongTermRetentionBackup. -- Required: No -- Type: string -- Default: `''` - -### Parameter: `managedInstanceName` - -The name of the parent SQL managed instance. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - -### Parameter: `name` - -The name of the SQL managed instance database. -- Required: Yes -- Type: string - -### Parameter: `recoverableDatabaseId` +Specify the name of lock. -The resource identifier of the recoverable database associated with create operation of this database. Required if createMode is Recovery. - Required: No - Type: string -- Default: `''` ### Parameter: `restorableDroppedDatabaseId` The restorable dropped database resource ID to restore when creating this database. -- Required: No -- Type: string -- Default: `''` - -### Parameter: `restorePointInTime` - -Specifies the point in time (ISO8601 format) of the source database that will be restored to create the new database. Required if createMode is PointInTimeRestore. -- Required: No -- Type: string -- Default: `''` - -### Parameter: `sourceDatabaseId` -The resource identifier of the source database associated with create operation of this database. Required if createMode is PointInTimeRestore. -- Required: No -- Type: string -- Default: `''` - -### Parameter: `storageContainerSasToken` - -Specifies the storage container sas token. Required if createMode is RestoreExternalBackup. -- Required: No -- Type: string -- Default: `''` - -### Parameter: `storageContainerUri` - -Specifies the uri of the storage container where backups for this restore are stored. Required if createMode is RestoreExternalBackup. - Required: No - Type: string - Default: `''` @@ -300,6 +313,7 @@ Specifies the uri of the storage container where backups for this restore are st ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object diff --git a/modules/sql/managed-instance/database/backup-long-term-retention-policy/README.md b/modules/sql/managed-instance/database/backup-long-term-retention-policy/README.md index 9456833a1b..8baceaa025 100644 --- a/modules/sql/managed-instance/database/backup-long-term-retention-policy/README.md +++ b/modules/sql/managed-instance/database/backup-long-term-retention-policy/README.md @@ -40,41 +40,47 @@ This module deploys a SQL Managed Instance Database Backup Long-Term Retention P | [`weekOfYear`](#parameter-weekofyear) | int | The week of year to take the yearly backup in an ISO 8601 format. | | [`yearlyRetention`](#parameter-yearlyretention) | string | The yearly retention policy for an LTR backup in an ISO 8601 format. | +### Parameter: `name` + +The name of the Long Term Retention backup policy. For example "default". + +- Required: Yes +- Type: string + ### Parameter: `databaseName` The name of the parent managed instance database. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + +### Parameter: `managedInstanceName` + +The name of the parent managed instance. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` -### Parameter: `managedInstanceName` - -The name of the parent managed instance. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `monthlyRetention` The monthly retention policy for an LTR backup in an ISO 8601 format. + - Required: No - Type: string - Default: `'P1Y'` -### Parameter: `name` - -The name of the Long Term Retention backup policy. For example "default". -- Required: Yes -- Type: string - ### Parameter: `weeklyRetention` The weekly retention policy for an LTR backup in an ISO 8601 format. + - Required: No - Type: string - Default: `'P1M'` @@ -82,6 +88,7 @@ The weekly retention policy for an LTR backup in an ISO 8601 format. ### Parameter: `weekOfYear` The week of year to take the yearly backup in an ISO 8601 format. + - Required: No - Type: int - Default: `5` @@ -89,6 +96,7 @@ The week of year to take the yearly backup in an ISO 8601 format. ### Parameter: `yearlyRetention` The yearly retention policy for an LTR backup in an ISO 8601 format. + - Required: No - Type: string - Default: `'P5Y'` diff --git a/modules/sql/managed-instance/database/backup-short-term-retention-policy/README.md b/modules/sql/managed-instance/database/backup-short-term-retention-policy/README.md index 85fbd84c25..b2dd3475e3 100644 --- a/modules/sql/managed-instance/database/backup-short-term-retention-policy/README.md +++ b/modules/sql/managed-instance/database/backup-short-term-retention-policy/README.md @@ -37,34 +37,39 @@ This module deploys a SQL Managed Instance Database Backup Short-Term Retention | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`retentionDays`](#parameter-retentiondays) | int | The backup retention period in days. This is how many days Point-in-Time Restore will be supported. | -### Parameter: `databaseName` +### Parameter: `name` + +The name of the Short Term Retention backup policy. For example "default". -The name of the parent SQL managed instance database. Required if the template is used in a standalone deployment. - Required: Yes - Type: string -### Parameter: `enableDefaultTelemetry` +### Parameter: `databaseName` -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` +The name of the parent SQL managed instance database. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string ### Parameter: `managedInstanceName` The name of the parent SQL managed instance. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string -### Parameter: `name` +### Parameter: `enableDefaultTelemetry` -The name of the Short Term Retention backup policy. For example "default". -- Required: Yes -- Type: string +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` ### Parameter: `retentionDays` The backup retention period in days. This is how many days Point-in-Time Restore will be supported. + - Required: No - Type: int - Default: `35` diff --git a/modules/sql/managed-instance/encryption-protector/README.md b/modules/sql/managed-instance/encryption-protector/README.md index 13cdbd792b..1d1125961d 100644 --- a/modules/sql/managed-instance/encryption-protector/README.md +++ b/modules/sql/managed-instance/encryption-protector/README.md @@ -37,9 +37,24 @@ This module deploys a SQL Managed Instance Encryption Protector. | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`serverKeyType`](#parameter-serverkeytype) | string | The encryption protector type like "ServiceManaged", "AzureKeyVault". | +### Parameter: `serverKeyName` + +The name of the SQL managed instance key. + +- Required: Yes +- Type: string + +### Parameter: `managedInstanceName` + +The name of the parent SQL managed instance. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `autoRotationEnabled` Key auto rotation opt-in flag. + - Required: No - Type: bool - Default: `False` @@ -47,25 +62,15 @@ Key auto rotation opt-in flag. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` -### Parameter: `managedInstanceName` - -The name of the parent SQL managed instance. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - -### Parameter: `serverKeyName` - -The name of the SQL managed instance key. -- Required: Yes -- Type: string - ### Parameter: `serverKeyType` The encryption protector type like "ServiceManaged", "AzureKeyVault". + - Required: No - Type: string - Default: `'ServiceManaged'` diff --git a/modules/sql/managed-instance/key/README.md b/modules/sql/managed-instance/key/README.md index 327b954416..48c0a3fe3e 100644 --- a/modules/sql/managed-instance/key/README.md +++ b/modules/sql/managed-instance/key/README.md @@ -37,28 +37,32 @@ This module deploys a SQL Managed Instance Key. | [`serverKeyType`](#parameter-serverkeytype) | string | The encryption protector type like "ServiceManaged", "AzureKeyVault". | | [`uri`](#parameter-uri) | string | The URI of the key. If the ServerKeyType is AzureKeyVault, then either the URI or the keyVaultName/keyName combination is required. | -### Parameter: `enableDefaultTelemetry` +### Parameter: `name` -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` +The name of the key. Must follow the [__] pattern. + +- Required: Yes +- Type: string ### Parameter: `managedInstanceName` The name of the parent SQL managed instance. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string -### Parameter: `name` +### Parameter: `enableDefaultTelemetry` -The name of the key. Must follow the [__] pattern. -- Required: Yes -- Type: string +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` ### Parameter: `serverKeyType` The encryption protector type like "ServiceManaged", "AzureKeyVault". + - Required: No - Type: string - Default: `'ServiceManaged'` @@ -73,6 +77,7 @@ The encryption protector type like "ServiceManaged", "AzureKeyVault". ### Parameter: `uri` The URI of the key. If the ServerKeyType is AzureKeyVault, then either the URI or the keyVaultName/keyName combination is required. + - Required: No - Type: string - Default: `''` diff --git a/modules/sql/managed-instance/security-alert-policy/README.md b/modules/sql/managed-instance/security-alert-policy/README.md index 436ccd6b78..30d21ff3a8 100644 --- a/modules/sql/managed-instance/security-alert-policy/README.md +++ b/modules/sql/managed-instance/security-alert-policy/README.md @@ -37,9 +37,24 @@ This module deploys a SQL Managed Instance Security Alert Policy. | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`state`](#parameter-state) | string | Enables advanced data security features, like recuring vulnerability assesment scans and ATP. If enabled, storage account must be provided. | +### Parameter: `name` + +The name of the security alert policy. + +- Required: Yes +- Type: string + +### Parameter: `managedInstanceName` + +The name of the parent SQL managed instance. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `emailAccountAdmins` Specifies that the schedule scan notification will be is sent to the subscription administrators. + - Required: No - Type: bool - Default: `False` @@ -47,25 +62,15 @@ Specifies that the schedule scan notification will be is sent to the subscriptio ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` -### Parameter: `managedInstanceName` - -The name of the parent SQL managed instance. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - -### Parameter: `name` - -The name of the security alert policy. -- Required: Yes -- Type: string - ### Parameter: `state` Enables advanced data security features, like recuring vulnerability assesment scans and ATP. If enabled, storage account must be provided. + - Required: No - Type: string - Default: `'Disabled'` diff --git a/modules/sql/managed-instance/vulnerability-assessment/README.md b/modules/sql/managed-instance/vulnerability-assessment/README.md index f785799af0..a231617216 100644 --- a/modules/sql/managed-instance/vulnerability-assessment/README.md +++ b/modules/sql/managed-instance/vulnerability-assessment/README.md @@ -42,9 +42,31 @@ This module deploys a SQL Managed Instance Vulnerability Assessment. | [`recurringScansIsEnabled`](#parameter-recurringscansisenabled) | bool | Recurring scans state. | | [`useStorageAccountAccessKey`](#parameter-usestorageaccountaccesskey) | bool | Use Access Key to access the storage account. The storage account cannot be behind a firewall or virtual network. If an access key is not used, the SQL MI system assigned managed identity must be assigned the Storage Blob Data Contributor role on the storage account. | +### Parameter: `name` + +The name of the vulnerability assessment. + +- Required: Yes +- Type: string + +### Parameter: `storageAccountResourceId` + +A blob storage to hold the scan results. + +- Required: Yes +- Type: string + +### Parameter: `managedInstanceName` + +The name of the parent SQL managed instance. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `createStorageRoleAssignment` Create the Storage Blob Data Contributor role assignment on the storage account. Note, the role assignment must not already exist on the storage account. + - Required: No - Type: bool - Default: `True` @@ -52,25 +74,15 @@ Create the Storage Blob Data Contributor role assignment on the storage account. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` -### Parameter: `managedInstanceName` - -The name of the parent SQL managed instance. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - -### Parameter: `name` - -The name of the vulnerability assessment. -- Required: Yes -- Type: string - ### Parameter: `recurringScansEmails` Specifies an array of email addresses to which the scan notification is sent. + - Required: No - Type: array - Default: `[]` @@ -78,6 +90,7 @@ Specifies an array of email addresses to which the scan notification is sent. ### Parameter: `recurringScansEmailSubscriptionAdmins` Specifies that the schedule scan notification will be is sent to the subscription administrators. + - Required: No - Type: bool - Default: `False` @@ -85,19 +98,15 @@ Specifies that the schedule scan notification will be is sent to the subscriptio ### Parameter: `recurringScansIsEnabled` Recurring scans state. + - Required: No - Type: bool - Default: `False` -### Parameter: `storageAccountResourceId` - -A blob storage to hold the scan results. -- Required: Yes -- Type: string - ### Parameter: `useStorageAccountAccessKey` Use Access Key to access the storage account. The storage account cannot be behind a firewall or virtual network. If an access key is not used, the SQL MI system assigned managed identity must be assigned the Storage Blob Data Contributor role on the storage account. + - Required: No - Type: bool - Default: `False` diff --git a/modules/sql/server/README.md b/modules/sql/server/README.md index c9aff2d0db..66ae1bdfeb 100644 --- a/modules/sql/server/README.md +++ b/modules/sql/server/README.md @@ -1100,9 +1100,17 @@ module server 'br:bicep/modules/sql.server:1.0.0' = { | [`virtualNetworkRules`](#parameter-virtualnetworkrules) | array | The virtual network rules to create in the server. | | [`vulnerabilityAssessmentsObj`](#parameter-vulnerabilityassessmentsobj) | object | The vulnerability assessment configuration. | +### Parameter: `name` + +The name of the server. + +- Required: Yes +- Type: string + ### Parameter: `administratorLogin` The administrator username for the server. Required if no `administrators` object for AAD authentication is provided. + - Required: No - Type: string - Default: `''` @@ -1110,6 +1118,7 @@ The administrator username for the server. Required if no `administrators` objec ### Parameter: `administratorLoginPassword` The administrator login password. Required if no `administrators` object for AAD authentication is provided. + - Required: No - Type: securestring - Default: `''` @@ -1117,13 +1126,23 @@ The administrator login password. Required if no `administrators` object for AAD ### Parameter: `administrators` The Azure Active Directory (AAD) administrator authentication. Required if no `administratorLogin` & `administratorLoginPassword` is provided. + - Required: No - Type: object - Default: `{}` +### Parameter: `primaryUserAssignedIdentityId` + +The resource ID of a user assigned identity to be used by default. Required if "userAssignedIdentities" is not empty. + +- Required: No +- Type: string +- Default: `''` + ### Parameter: `databases` The databases to create in the server. + - Required: No - Type: array - Default: `[]` @@ -1131,6 +1150,7 @@ The databases to create in the server. ### Parameter: `elasticPools` The Elastic Pools to create in the server. + - Required: No - Type: array - Default: `[]` @@ -1138,6 +1158,7 @@ The Elastic Pools to create in the server. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -1145,6 +1166,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `encryptionProtectorObj` The encryption protection configuration. + - Required: No - Type: object - Default: `{}` @@ -1152,6 +1174,7 @@ The encryption protection configuration. ### Parameter: `firewallRules` The firewall rules to create in the server. + - Required: No - Type: array - Default: `[]` @@ -1159,6 +1182,7 @@ The firewall rules to create in the server. ### Parameter: `keys` The keys to configure. + - Required: No - Type: array - Default: `[]` @@ -1166,6 +1190,7 @@ The keys to configure. ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -1173,26 +1198,35 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -1200,25 +1234,27 @@ Optional. Specify the name of lock. ### Parameter: `managedIdentities` The managed identity definition for this resource. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | No | bool | Optional. Enables system assigned managed identity on the resource. | -| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | No | array | Optional. The resource ID(s) to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | bool | Enables system assigned managed identity on the resource. | +| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. | ### Parameter: `managedIdentities.systemAssigned` -Optional. Enables system assigned managed identity on the resource. +Enables system assigned managed identity on the resource. - Required: No - Type: bool ### Parameter: `managedIdentities.userAssignedResourceIds` -Optional. The resource ID(s) to assign to the resource. +The resource ID(s) to assign to the resource. - Required: No - Type: array @@ -1226,6 +1262,7 @@ Optional. The resource ID(s) to assign to the resource. ### Parameter: `minimalTlsVersion` Minimal TLS version allowed. + - Required: No - Type: string - Default: `'1.2'` @@ -1238,213 +1275,250 @@ Minimal TLS version allowed. ] ``` -### Parameter: `name` - -The name of the server. -- Required: Yes -- Type: string - -### Parameter: `primaryUserAssignedIdentityId` - -The resource ID of a user assigned identity to be used by default. Required if "userAssignedIdentities" is not empty. -- Required: No -- Type: string -- Default: `''` - ### Parameter: `privateEndpoints` Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | No | array | Optional. Application security groups in which the private endpoint IP configuration is included. | -| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | No | array | Optional. Custom DNS configurations. | -| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | No | string | Optional. The custom name of the network interface attached to the private endpoint. | -| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | No | bool | Optional. Enable/Disable usage telemetry for module. | -| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | No | array | Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | -| [`location`](#parameter-privateendpointslocation) | No | string | Optional. The location to deploy the private endpoint to. | -| [`lock`](#parameter-privateendpointslock) | No | object | Optional. Specify the type of lock. | -| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | No | array | Optional. Manual PrivateLink Service Connections. | -| [`name`](#parameter-privateendpointsname) | No | string | Optional. The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | No | string | Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | -| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | No | array | Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | -| [`roleAssignments`](#parameter-privateendpointsroleassignments) | No | array | Optional. Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | No | string | Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | -| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | Yes | string | Required. Resource ID of the subnet where the endpoint needs to be created. | -| [`tags`](#parameter-privateendpointstags) | No | object | Optional. Tags to be applied on all resources/resource groups in this deployment. | - -### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` - -Optional. Application security groups in which the private endpoint IP configuration is included. +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | string | Resource ID of the subnet where the endpoint needs to be created. | -- Required: No -- Type: array +**Optional parameters** -### Parameter: `privateEndpoints.customDnsConfigs` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | array | Application security groups in which the private endpoint IP configuration is included. | +| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | array | Custom DNS configurations. | +| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | +| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | +| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | +| [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | +| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | +| [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | +| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | +| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | +| [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | +| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | +| [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | -Optional. Custom DNS configurations. +### Parameter: `privateEndpoints.subnetResourceId` -- Required: No -- Type: array +Resource ID of the subnet where the endpoint needs to be created. -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | No | string | Required. Fqdn that resolves to private endpoint ip address. | -| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | Yes | array | Required. A list of private ip addresses of the private endpoint. | +- Required: Yes +- Type: string -### Parameter: `privateEndpoints.customDnsConfigs.fqdn` +### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` -Required. Fqdn that resolves to private endpoint ip address. +Application security groups in which the private endpoint IP configuration is included. - Required: No -- Type: string +- Type: array -### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` +### Parameter: `privateEndpoints.customDnsConfigs` -Required. A list of private ip addresses of the private endpoint. +Custom DNS configurations. -- Required: Yes +- Required: No - Type: array - ### Parameter: `privateEndpoints.customNetworkInterfaceName` -Optional. The custom name of the network interface attached to the private endpoint. +The custom name of the network interface attached to the private endpoint. - Required: No - Type: string ### Parameter: `privateEndpoints.enableTelemetry` -Optional. Enable/Disable usage telemetry for module. +Enable/Disable usage telemetry for module. - Required: No - Type: bool ### Parameter: `privateEndpoints.ipConfigurations` -Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. +A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`name`](#parameter-privateendpointsipconfigurationsname) | Yes | string | Required. The name of the resource that is unique within a resource group. | -| [`properties`](#parameter-privateendpointsipconfigurationsproperties) | Yes | object | Required. Properties of private endpoint IP configurations. | - -### Parameter: `privateEndpoints.ipConfigurations.name` +### Parameter: `privateEndpoints.location` -Required. The name of the resource that is unique within a resource group. +The location to deploy the private endpoint to. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties` +### Parameter: `privateEndpoints.lock` -Required. Properties of private endpoint IP configurations. +Specify the type of lock. -- Required: Yes +- Required: No - Type: object -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | Yes | string | Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. | -| [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | Yes | string | Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. | -| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | Yes | string | Required. A private ip address obtained from the private endpoint's subnet. | +**Optional parameters** -### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-privateendpointslockkind) | string | Specify the type of lock. | +| [`name`](#parameter-privateendpointslockname) | string | Specify the name of lock. | -Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. +### Parameter: `privateEndpoints.lock.kind` -- Required: Yes +Specify the type of lock. + +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` -### Parameter: `privateEndpoints.ipConfigurations.properties.memberName` +### Parameter: `privateEndpoints.lock.name` -Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. +Specify the name of lock. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` +### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` -Required. A private ip address obtained from the private endpoint's subnet. +Manual PrivateLink Service Connections. -- Required: Yes -- Type: string +- Required: No +- Type: array +### Parameter: `privateEndpoints.name` +The name of the private endpoint. -### Parameter: `privateEndpoints.location` +- Required: No +- Type: string -Optional. The location to deploy the private endpoint to. +### Parameter: `privateEndpoints.privateDnsZoneGroupName` + +The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. - Required: No - Type: string -### Parameter: `privateEndpoints.lock` +### Parameter: `privateEndpoints.privateDnsZoneResourceIds` -Optional. Specify the type of lock. +The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. - Required: No -- Type: object +- Type: array -### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` +### Parameter: `privateEndpoints.roleAssignments` -Optional. Manual PrivateLink Service Connections. +Array of role assignments to create. - Required: No - Type: array -### Parameter: `privateEndpoints.name` +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-privateendpointsroleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-privateendpointsroleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -Optional. The name of the private endpoint. +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-privateendpointsroleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-privateendpointsroleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-privateendpointsroleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-privateendpointsroleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-privateendpointsroleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | + +### Parameter: `privateEndpoints.roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.roleAssignments.roleDefinitionIdOrName` + +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.roleAssignments.condition` + +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `privateEndpoints.privateDnsZoneGroupName` +### Parameter: `privateEndpoints.roleAssignments.conditionVersion` -Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `privateEndpoints.privateDnsZoneResourceIds` +### Parameter: `privateEndpoints.roleAssignments.delegatedManagedIdentityResourceId` -Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. +The Resource Id of the delegated managed identity resource. - Required: No -- Type: array +- Type: string -### Parameter: `privateEndpoints.roleAssignments` +### Parameter: `privateEndpoints.roleAssignments.description` -Optional. Array of role assignments to create. +The description of the role assignment. - Required: No -- Type: array +- Type: string -### Parameter: `privateEndpoints.service` +### Parameter: `privateEndpoints.roleAssignments.principalType` -Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". +The principal type of the assigned principal ID. - Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` -### Parameter: `privateEndpoints.subnetResourceId` +### Parameter: `privateEndpoints.service` -Required. Resource ID of the subnet where the endpoint needs to be created. +The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". -- Required: Yes +- Required: No - Type: string ### Parameter: `privateEndpoints.tags` -Optional. Tags to be applied on all resources/resource groups in this deployment. +Tags to be applied on all resources/resource groups in this deployment. - Required: No - Type: object @@ -1452,6 +1526,7 @@ Optional. Tags to be applied on all resources/resource groups in this deployment ### Parameter: `publicNetworkAccess` Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and neither firewall rules nor virtual network rules are set. + - Required: No - Type: string - Default: `''` @@ -1467,6 +1542,7 @@ Whether or not public network access is allowed for this resource. For security ### Parameter: `restrictOutboundNetworkAccess` Whether or not to restrict outbound network access for this server. + - Required: No - Type: string - Default: `''` @@ -1482,74 +1558,96 @@ Whether or not to restrict outbound network access for this server. ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +**Optional parameters** -### Parameter: `roleAssignments.condition` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +### Parameter: `roleAssignments.principalId` -- Required: No +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `securityAlertPolicies` The security alert policies to create in the server. + - Required: No - Type: array - Default: `[]` @@ -1557,12 +1655,14 @@ The security alert policies to create in the server. ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object ### Parameter: `virtualNetworkRules` The virtual network rules to create in the server. + - Required: No - Type: array - Default: `[]` @@ -1570,6 +1670,7 @@ The virtual network rules to create in the server. ### Parameter: `vulnerabilityAssessmentsObj` The vulnerability assessment configuration. + - Required: No - Type: object - Default: `{}` diff --git a/modules/sql/server/database/README.md b/modules/sql/server/database/README.md index 4909365a8f..3afe36f94b 100644 --- a/modules/sql/server/database/README.md +++ b/modules/sql/server/database/README.md @@ -67,9 +67,24 @@ This module deploys an Azure SQL Server Database. | [`tags`](#parameter-tags) | object | Tags of the resource. | | [`zoneRedundant`](#parameter-zoneredundant) | bool | Whether or not this database is zone redundant. | +### Parameter: `name` + +The name of the database. + +- Required: Yes +- Type: string + +### Parameter: `serverName` + +The name of the parent SQL Server. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `autoPauseDelay` Time in minutes after which database is automatically paused. A value of -1 means that automatic pause is disabled. + - Required: No - Type: int - Default: `0` @@ -77,6 +92,7 @@ Time in minutes after which database is automatically paused. A value of -1 mean ### Parameter: `backupLongTermRetentionPolicy` The long term backup retention policy to create for the database. + - Required: No - Type: object - Default: `{}` @@ -84,6 +100,7 @@ The long term backup retention policy to create for the database. ### Parameter: `backupShortTermRetentionPolicy` The short term backup retention policy to create for the database. + - Required: No - Type: object - Default: `{}` @@ -91,6 +108,7 @@ The short term backup retention policy to create for the database. ### Parameter: `collation` The collation of the database. + - Required: No - Type: string - Default: `'SQL_Latin1_General_CP1_CI_AS'` @@ -98,6 +116,7 @@ The collation of the database. ### Parameter: `createMode` Specifies the mode of database creation. + - Required: No - Type: string - Default: `'Default'` @@ -118,114 +137,90 @@ Specifies the mode of database creation. ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.metricCategories` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | - -### Parameter: `diagnosticSettings.metricCategories.category` - -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. - -- Required: Yes -- Type: string - - ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -233,6 +228,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `elasticPoolId` The resource ID of the elastic pool containing this database. + - Required: No - Type: string - Default: `''` @@ -240,6 +236,7 @@ The resource ID of the elastic pool containing this database. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -247,6 +244,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `highAvailabilityReplicaCount` The number of readonly secondary replicas associated with the database. + - Required: No - Type: int - Default: `0` @@ -254,6 +252,7 @@ The number of readonly secondary replicas associated with the database. ### Parameter: `isLedgerOn` Whether or not this database is a ledger database, which means all tables in the database are ledger tables. Note: the value of this property cannot be changed after the database has been created. + - Required: No - Type: bool - Default: `False` @@ -261,6 +260,7 @@ Whether or not this database is a ledger database, which means all tables in the ### Parameter: `licenseType` The license type to apply for this database. + - Required: No - Type: string - Default: `''` @@ -268,6 +268,7 @@ The license type to apply for this database. ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -275,6 +276,7 @@ Location for all resources. ### Parameter: `maintenanceConfigurationId` Maintenance configuration ID assigned to the database. This configuration defines the period when the maintenance updates will occur. + - Required: No - Type: string - Default: `''` @@ -282,6 +284,7 @@ Maintenance configuration ID assigned to the database. This configuration define ### Parameter: `maxSizeBytes` The max size of the database expressed in bytes. + - Required: No - Type: int - Default: `34359738368` @@ -289,19 +292,15 @@ The max size of the database expressed in bytes. ### Parameter: `minCapacity` Minimal capacity that database will always have allocated. + - Required: No - Type: string - Default: `''` -### Parameter: `name` - -The name of the database. -- Required: Yes -- Type: string - ### Parameter: `preferredEnclaveType` Type of enclave requested on the database i.e. Default or VBS enclaves. + - Required: No - Type: string - Default: `''` @@ -317,6 +316,7 @@ Type of enclave requested on the database i.e. Default or VBS enclaves. ### Parameter: `readScale` The state of read-only routing. + - Required: No - Type: string - Default: `'Disabled'` @@ -331,6 +331,7 @@ The state of read-only routing. ### Parameter: `recoveryServicesRecoveryPointResourceId` Resource ID of backup if createMode set to RestoreLongTermRetentionBackup. + - Required: No - Type: string - Default: `''` @@ -338,6 +339,7 @@ Resource ID of backup if createMode set to RestoreLongTermRetentionBackup. ### Parameter: `requestedBackupStorageRedundancy` The storage account type to be used to store backups for this database. + - Required: No - Type: string - Default: `''` @@ -354,6 +356,7 @@ The storage account type to be used to store backups for this database. ### Parameter: `restorePointInTime` Point in time (ISO8601 format) of the source database to restore when createMode set to Restore or PointInTimeRestore. + - Required: No - Type: string - Default: `''` @@ -361,19 +364,15 @@ Point in time (ISO8601 format) of the source database to restore when createMode ### Parameter: `sampleName` The name of the sample schema to apply when creating this database. + - Required: No - Type: string - Default: `''` -### Parameter: `serverName` - -The name of the parent SQL Server. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `skuCapacity` Capacity of the particular SKU. + - Required: No - Type: int - Default: `-1` @@ -381,6 +380,7 @@ Capacity of the particular SKU. ### Parameter: `skuFamily` If the service has different generations of hardware, for the same SKU, then that can be captured here. + - Required: No - Type: string - Default: `''` @@ -388,6 +388,7 @@ If the service has different generations of hardware, for the same SKU, then tha ### Parameter: `skuName` The name of the SKU. + - Required: No - Type: string - Default: `'GP_Gen5_2'` @@ -395,6 +396,7 @@ The name of the SKU. ### Parameter: `skuSize` Size of the particular SKU. + - Required: No - Type: string - Default: `''` @@ -402,6 +404,7 @@ Size of the particular SKU. ### Parameter: `skuTier` The skuTier or edition of the particular SKU. + - Required: No - Type: string - Default: `'GeneralPurpose'` @@ -409,6 +412,7 @@ The skuTier or edition of the particular SKU. ### Parameter: `sourceDatabaseDeletionDate` The time that the database was deleted when restoring a deleted database. + - Required: No - Type: string - Default: `''` @@ -416,6 +420,7 @@ The time that the database was deleted when restoring a deleted database. ### Parameter: `sourceDatabaseResourceId` Resource ID of database if createMode set to Copy, Secondary, PointInTimeRestore, Recovery or Restore. + - Required: No - Type: string - Default: `''` @@ -423,12 +428,14 @@ Resource ID of database if createMode set to Copy, Secondary, PointInTimeRestore ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object ### Parameter: `zoneRedundant` Whether or not this database is zone redundant. + - Required: No - Type: bool - Default: `False` diff --git a/modules/sql/server/database/backup-long-term-retention-policy/README.md b/modules/sql/server/database/backup-long-term-retention-policy/README.md index 3a8d87595a..657bb34d3d 100644 --- a/modules/sql/server/database/backup-long-term-retention-policy/README.md +++ b/modules/sql/server/database/backup-long-term-retention-policy/README.md @@ -37,12 +37,21 @@ This module deploys an Azure SQL Server Database Long-Term Backup Retention Poli ### Parameter: `databaseName` The name of the parent database. + +- Required: Yes +- Type: string + +### Parameter: `serverName` + +The name of the parent SQL Server. + - Required: Yes - Type: string ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -50,19 +59,15 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `monthlyRetention` Weekly retention in ISO 8601 duration format. + - Required: No - Type: string - Default: `''` -### Parameter: `serverName` - -The name of the parent SQL Server. -- Required: Yes -- Type: string - ### Parameter: `weeklyRetention` Monthly retention in ISO 8601 duration format. + - Required: No - Type: string - Default: `''` @@ -70,6 +75,7 @@ Monthly retention in ISO 8601 duration format. ### Parameter: `weekOfYear` Week of year backup to keep for yearly retention. + - Required: No - Type: int - Default: `1` @@ -77,6 +83,7 @@ Week of year backup to keep for yearly retention. ### Parameter: `yearlyRetention` Yearly retention in ISO 8601 duration format. + - Required: No - Type: string - Default: `''` diff --git a/modules/sql/server/database/backup-short-term-retention-policy/README.md b/modules/sql/server/database/backup-short-term-retention-policy/README.md index d6df1d73e8..5b9bab597d 100644 --- a/modules/sql/server/database/backup-short-term-retention-policy/README.md +++ b/modules/sql/server/database/backup-short-term-retention-policy/README.md @@ -35,12 +35,21 @@ This module deploys an Azure SQL Server Database Short-Term Backup Retention Pol ### Parameter: `databaseName` The name of the parent database. + +- Required: Yes +- Type: string + +### Parameter: `serverName` + +The name of the parent SQL Server. + - Required: Yes - Type: string ### Parameter: `diffBackupIntervalInHours` Differential backup interval in hours. + - Required: No - Type: int - Default: `24` @@ -48,6 +57,7 @@ Differential backup interval in hours. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -55,16 +65,11 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `retentionDays` Poin-in-time retention in days. + - Required: No - Type: int - Default: `7` -### Parameter: `serverName` - -The name of the parent SQL Server. -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/sql/server/elastic-pool/README.md b/modules/sql/server/elastic-pool/README.md index f4489258fb..f3f1863128 100644 --- a/modules/sql/server/elastic-pool/README.md +++ b/modules/sql/server/elastic-pool/README.md @@ -48,9 +48,24 @@ This module deploys an Azure SQL Server Elastic Pool. | [`tags`](#parameter-tags) | object | Tags of the resource. | | [`zoneRedundant`](#parameter-zoneredundant) | bool | Whether or not this elastic pool is zone redundant, which means the replicas of this elastic pool will be spread across multiple availability zones. | +### Parameter: `name` + +The name of the Elastic Pool. + +- Required: Yes +- Type: string + +### Parameter: `serverName` + +The name of the parent SQL Server. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `databaseMaxCapacity` The maximum capacity any one database can consume. + - Required: No - Type: int - Default: `2` @@ -58,6 +73,7 @@ The maximum capacity any one database can consume. ### Parameter: `databaseMinCapacity` The minimum capacity all databases are guaranteed. + - Required: No - Type: int - Default: `0` @@ -65,6 +81,7 @@ The minimum capacity all databases are guaranteed. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -72,6 +89,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `highAvailabilityReplicaCount` The number of secondary replicas associated with the elastic pool that are used to provide high availability. Applicable only to Hyperscale elastic pools. + - Required: No - Type: int - Default: `-1` @@ -79,6 +97,7 @@ The number of secondary replicas associated with the elastic pool that are used ### Parameter: `licenseType` The license type to apply for this elastic pool. + - Required: No - Type: string - Default: `'LicenseIncluded'` @@ -93,6 +112,7 @@ The license type to apply for this elastic pool. ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -100,6 +120,7 @@ Location for all resources. ### Parameter: `maintenanceConfigurationId` Maintenance configuration resource ID assigned to the elastic pool. This configuration defines the period when the maintenance updates will will occur. + - Required: No - Type: string - Default: `''` @@ -107,6 +128,7 @@ Maintenance configuration resource ID assigned to the elastic pool. This configu ### Parameter: `maxSizeBytes` The storage limit for the database elastic pool in bytes. + - Required: No - Type: int - Default: `34359738368` @@ -114,25 +136,15 @@ The storage limit for the database elastic pool in bytes. ### Parameter: `minCapacity` Minimal capacity that serverless pool will not shrink below, if not paused. + - Required: No - Type: int - Default: `-1` -### Parameter: `name` - -The name of the Elastic Pool. -- Required: Yes -- Type: string - -### Parameter: `serverName` - -The name of the parent SQL Server. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `skuCapacity` Capacity of the particular SKU. + - Required: No - Type: int - Default: `2` @@ -140,6 +152,7 @@ Capacity of the particular SKU. ### Parameter: `skuName` The name of the SKU, typically, a letter + Number code, e.g. P3. + - Required: No - Type: string - Default: `'GP_Gen5'` @@ -147,6 +160,7 @@ The name of the SKU, typically, a letter + Number code, e.g. P3. ### Parameter: `skuTier` The tier or edition of the particular SKU, e.g. Basic, Premium. + - Required: No - Type: string - Default: `'GeneralPurpose'` @@ -154,12 +168,14 @@ The tier or edition of the particular SKU, e.g. Basic, Premium. ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object ### Parameter: `zoneRedundant` Whether or not this elastic pool is zone redundant, which means the replicas of this elastic pool will be spread across multiple availability zones. + - Required: No - Type: bool - Default: `False` diff --git a/modules/sql/server/encryption-protector/README.md b/modules/sql/server/encryption-protector/README.md index 241d32d52d..4807f2ee25 100644 --- a/modules/sql/server/encryption-protector/README.md +++ b/modules/sql/server/encryption-protector/README.md @@ -37,9 +37,24 @@ This module deploys an Azure SQL Server Encryption Protector. | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`serverKeyType`](#parameter-serverkeytype) | string | The encryption protector type. | +### Parameter: `serverKeyName` + +The name of the server key. + +- Required: Yes +- Type: string + +### Parameter: `sqlServerName` + +The name of the sql server. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `autoRotationEnabled` Key auto rotation opt-in. + - Required: No - Type: bool - Default: `False` @@ -47,19 +62,15 @@ Key auto rotation opt-in. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` -### Parameter: `serverKeyName` - -The name of the server key. -- Required: Yes -- Type: string - ### Parameter: `serverKeyType` The encryption protector type. + - Required: No - Type: string - Default: `'ServiceManaged'` @@ -71,12 +82,6 @@ The encryption protector type. ] ``` -### Parameter: `sqlServerName` - -The name of the sql server. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/sql/server/firewall-rule/README.md b/modules/sql/server/firewall-rule/README.md index ba542bf482..adbb3b1ee1 100644 --- a/modules/sql/server/firewall-rule/README.md +++ b/modules/sql/server/firewall-rule/README.md @@ -37,9 +37,24 @@ This module deploys an Azure SQL Server Firewall Rule. | [`endIpAddress`](#parameter-endipaddress) | string | The end IP address of the firewall rule. Must be IPv4 format. Must be greater than or equal to startIpAddress. Use value '0.0.0.0' for all Azure-internal IP addresses. | | [`startIpAddress`](#parameter-startipaddress) | string | The start IP address of the firewall rule. Must be IPv4 format. Use value '0.0.0.0' for all Azure-internal IP addresses. | +### Parameter: `name` + +The name of the Server Firewall Rule. + +- Required: Yes +- Type: string + +### Parameter: `serverName` + +The name of the parent SQL Server. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -47,25 +62,15 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `endIpAddress` The end IP address of the firewall rule. Must be IPv4 format. Must be greater than or equal to startIpAddress. Use value '0.0.0.0' for all Azure-internal IP addresses. + - Required: No - Type: string - Default: `'0.0.0.0'` -### Parameter: `name` - -The name of the Server Firewall Rule. -- Required: Yes -- Type: string - -### Parameter: `serverName` - -The name of the parent SQL Server. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `startIpAddress` The start IP address of the firewall rule. Must be IPv4 format. Use value '0.0.0.0' for all Azure-internal IP addresses. + - Required: No - Type: string - Default: `'0.0.0.0'` diff --git a/modules/sql/server/key/README.md b/modules/sql/server/key/README.md index 778972e853..f2e1ac3ea2 100644 --- a/modules/sql/server/key/README.md +++ b/modules/sql/server/key/README.md @@ -37,22 +37,32 @@ This module deploys an Azure SQL Server Key. | [`serverKeyType`](#parameter-serverkeytype) | string | The encryption protector type like "ServiceManaged", "AzureKeyVault". | | [`uri`](#parameter-uri) | string | The URI of the key. If the ServerKeyType is AzureKeyVault, then either the URI or the keyVaultName/keyName combination is required. | +### Parameter: `name` + +The name of the key. Must follow the [__] pattern. + +- Required: Yes +- Type: string + +### Parameter: `serverName` + +The name of the parent SQL server. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` -### Parameter: `name` - -The name of the key. Must follow the [__] pattern. -- Required: Yes -- Type: string - ### Parameter: `serverKeyType` The encryption protector type like "ServiceManaged", "AzureKeyVault". + - Required: No - Type: string - Default: `'ServiceManaged'` @@ -64,15 +74,10 @@ The encryption protector type like "ServiceManaged", "AzureKeyVault". ] ``` -### Parameter: `serverName` - -The name of the parent SQL server. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `uri` The URI of the key. If the ServerKeyType is AzureKeyVault, then either the URI or the keyVaultName/keyName combination is required. + - Required: No - Type: string - Default: `''` diff --git a/modules/sql/server/security-alert-policy/README.md b/modules/sql/server/security-alert-policy/README.md index 208dc6904b..6a90d70d38 100644 --- a/modules/sql/server/security-alert-policy/README.md +++ b/modules/sql/server/security-alert-policy/README.md @@ -42,9 +42,24 @@ This module deploys an Azure SQL Server Security Alert Policy. | [`storageAccountAccessKey`](#parameter-storageaccountaccesskey) | securestring | Specifies the identifier key of the Threat Detection audit storage account.. | | [`storageEndpoint`](#parameter-storageendpoint) | string | Specifies the blob storage endpoint. This blob storage will hold all Threat Detection audit logs. | +### Parameter: `name` + +The name of the Security Alert Policy. + +- Required: Yes +- Type: string + +### Parameter: `serverName` + +The name of the parent SQL Server. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `disabledAlerts` Specifies an array of alerts that are disabled. Allowed values are: Sql_Injection, Sql_Injection_Vulnerability, Access_Anomaly, Data_Exfiltration, Unsafe_Action, Brute_Force. + - Required: No - Type: array - Default: `[]` @@ -52,6 +67,7 @@ Specifies an array of alerts that are disabled. Allowed values are: Sql_Injectio ### Parameter: `emailAccountAdmins` Specifies that the alert is sent to the account administrators. + - Required: No - Type: bool - Default: `False` @@ -59,6 +75,7 @@ Specifies that the alert is sent to the account administrators. ### Parameter: `emailAddresses` Specifies an array of email addresses to which the alert is sent. + - Required: No - Type: array - Default: `[]` @@ -66,32 +83,23 @@ Specifies an array of email addresses to which the alert is sent. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` -### Parameter: `name` - -The name of the Security Alert Policy. -- Required: Yes -- Type: string - ### Parameter: `retentionDays` Specifies the number of days to keep in the Threat Detection audit logs. + - Required: No - Type: int - Default: `0` -### Parameter: `serverName` - -The name of the parent SQL Server. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `state` Specifies the state of the policy, whether it is enabled or disabled or a policy has not been applied yet on the specific database. + - Required: No - Type: string - Default: `'Disabled'` @@ -106,6 +114,7 @@ Specifies the state of the policy, whether it is enabled or disabled or a policy ### Parameter: `storageAccountAccessKey` Specifies the identifier key of the Threat Detection audit storage account.. + - Required: No - Type: securestring - Default: `''` @@ -113,6 +122,7 @@ Specifies the identifier key of the Threat Detection audit storage account.. ### Parameter: `storageEndpoint` Specifies the blob storage endpoint. This blob storage will hold all Threat Detection audit logs. + - Required: No - Type: string - Default: `''` diff --git a/modules/sql/server/virtual-network-rule/README.md b/modules/sql/server/virtual-network-rule/README.md index 147908a95b..a0eaf2fb10 100644 --- a/modules/sql/server/virtual-network-rule/README.md +++ b/modules/sql/server/virtual-network-rule/README.md @@ -37,37 +37,42 @@ This module deploys an Azure SQL Server Virtual Network Rule. | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`ignoreMissingVnetServiceEndpoint`](#parameter-ignoremissingvnetserviceendpoint) | bool | Allow creating a firewall rule before the virtual network has vnet service endpoint enabled. | -### Parameter: `enableDefaultTelemetry` +### Parameter: `name` -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` +The name of the Server Virtual Network Rule. -### Parameter: `ignoreMissingVnetServiceEndpoint` +- Required: Yes +- Type: string -Allow creating a firewall rule before the virtual network has vnet service endpoint enabled. -- Required: No -- Type: bool -- Default: `False` +### Parameter: `virtualNetworkSubnetId` -### Parameter: `name` +The resource ID of the virtual network subnet. -The name of the Server Virtual Network Rule. - Required: Yes - Type: string ### Parameter: `serverName` The name of the parent SQL Server. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string -### Parameter: `virtualNetworkSubnetId` +### Parameter: `enableDefaultTelemetry` -The resource ID of the virtual network subnet. -- Required: Yes -- Type: string +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `ignoreMissingVnetServiceEndpoint` + +Allow creating a firewall rule before the virtual network has vnet service endpoint enabled. + +- Required: No +- Type: bool +- Default: `False` ## Outputs diff --git a/modules/sql/server/vulnerability-assessment/README.md b/modules/sql/server/vulnerability-assessment/README.md index 145b70da61..24fa7fed0b 100644 --- a/modules/sql/server/vulnerability-assessment/README.md +++ b/modules/sql/server/vulnerability-assessment/README.md @@ -42,9 +42,31 @@ This module deploys an Azure SQL Server Vulnerability Assessment. | [`recurringScansIsEnabled`](#parameter-recurringscansisenabled) | bool | Recurring scans state. | | [`useStorageAccountAccessKey`](#parameter-usestorageaccountaccesskey) | bool | Use Access Key to access the storage account. The storage account cannot be behind a firewall or virtual network. If an access key is not used, the SQL Server system assigned managed identity must be assigned the Storage Blob Data Contributor role on the storage account. | +### Parameter: `name` + +The name of the vulnerability assessment. + +- Required: Yes +- Type: string + +### Parameter: `storageAccountResourceId` + +A blob storage to hold the scan results. + +- Required: Yes +- Type: string + +### Parameter: `serverName` + +The Name of SQL Server. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `createStorageRoleAssignment` Create the Storage Blob Data Contributor role assignment on the storage account. Note, the role assignment must not already exist on the storage account. + - Required: No - Type: bool - Default: `True` @@ -52,19 +74,15 @@ Create the Storage Blob Data Contributor role assignment on the storage account. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` -### Parameter: `name` - -The name of the vulnerability assessment. -- Required: Yes -- Type: string - ### Parameter: `recurringScansEmails` Specifies an array of email addresses to which the scan notification is sent. + - Required: No - Type: array - Default: `[]` @@ -72,6 +90,7 @@ Specifies an array of email addresses to which the scan notification is sent. ### Parameter: `recurringScansEmailSubscriptionAdmins` Specifies that the schedule scan notification will be is sent to the subscription administrators. + - Required: No - Type: bool - Default: `False` @@ -79,25 +98,15 @@ Specifies that the schedule scan notification will be is sent to the subscriptio ### Parameter: `recurringScansIsEnabled` Recurring scans state. + - Required: No - Type: bool - Default: `False` -### Parameter: `serverName` - -The Name of SQL Server. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - -### Parameter: `storageAccountResourceId` - -A blob storage to hold the scan results. -- Required: Yes -- Type: string - ### Parameter: `useStorageAccountAccessKey` Use Access Key to access the storage account. The storage account cannot be behind a firewall or virtual network. If an access key is not used, the SQL Server system assigned managed identity must be assigned the Storage Blob Data Contributor role on the storage account. + - Required: No - Type: bool - Default: `False` diff --git a/modules/storage/storage-account/README.md b/modules/storage/storage-account/README.md index d6d27552a8..15e4f69073 100644 --- a/modules/storage/storage-account/README.md +++ b/modules/storage/storage-account/README.md @@ -1864,9 +1864,17 @@ module storageAccount 'br:bicep/modules/storage.storage-account:1.0.0' = { | [`tableServices`](#parameter-tableservices) | object | Table service and tables to create. | | [`tags`](#parameter-tags) | object | Tags of the resource. | +### Parameter: `name` + +Name of the Storage Account. + +- Required: Yes +- Type: string + ### Parameter: `accessTier` Required if the Storage Account kind is set to BlobStorage. The access tier is used for billing. The "Premium" access tier is the default value for premium block blobs storage account type and it cannot be changed for the premium block blobs storage account type. + - Required: No - Type: string - Default: `'Hot'` @@ -1879,9 +1887,18 @@ Required if the Storage Account kind is set to BlobStorage. The access tier is u ] ``` +### Parameter: `enableHierarchicalNamespace` + +If true, enables Hierarchical Namespace for the storage account. Required if enableSftp or enableNfsV3 is set to true. + +- Required: No +- Type: bool +- Default: `False` + ### Parameter: `allowBlobPublicAccess` Indicates whether public access is enabled for all blobs or containers in the storage account. For security reasons, it is recommended to set it to false. + - Required: No - Type: bool - Default: `False` @@ -1889,6 +1906,7 @@ Indicates whether public access is enabled for all blobs or containers in the st ### Parameter: `allowCrossTenantReplication` Allow or disallow cross AAD tenant object replication. + - Required: No - Type: bool - Default: `True` @@ -1896,6 +1914,7 @@ Allow or disallow cross AAD tenant object replication. ### Parameter: `allowedCopyScope` Restrict copy to and from Storage Accounts within an AAD tenant or with Private Links to the same VNet. + - Required: No - Type: string - Default: `''` @@ -1911,6 +1930,7 @@ Restrict copy to and from Storage Accounts within an AAD tenant or with Private ### Parameter: `allowSharedKeyAccess` Indicates whether the storage account permits requests to be authorized with the account access key via Shared Key. If false, then all requests, including shared access signatures, must be authorized with Azure Active Directory (Azure AD). The default value is null, which is equivalent to true. + - Required: No - Type: bool - Default: `True` @@ -1918,6 +1938,7 @@ Indicates whether the storage account permits requests to be authorized with the ### Parameter: `azureFilesIdentityBasedAuthentication` Provides the identity based authentication settings for Azure Files. + - Required: No - Type: object - Default: `{}` @@ -1925,6 +1946,7 @@ Provides the identity based authentication settings for Azure Files. ### Parameter: `blobServices` Blob service and containers to deploy. + - Required: No - Type: object - Default: `{}` @@ -1932,6 +1954,7 @@ Blob service and containers to deploy. ### Parameter: `customDomainName` Sets the custom domain name assigned to the storage account. Name is the CNAME source. + - Required: No - Type: string - Default: `''` @@ -1939,6 +1962,7 @@ Sets the custom domain name assigned to the storage account. Name is the CNAME s ### Parameter: `customDomainUseSubDomainName` Indicates whether indirect CName validation is enabled. This should only be set on updates. + - Required: No - Type: bool - Default: `False` @@ -1946,41 +1970,48 @@ Indicates whether indirect CName validation is enabled. This should only be set ### Parameter: `customerManagedKey` The customer managed key definition. + - Required: No - Type: object +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`keyName`](#parameter-customermanagedkeykeyname) | Yes | string | Required. The name of the customer managed key to use for encryption. | -| [`keyVaultResourceId`](#parameter-customermanagedkeykeyvaultresourceid) | Yes | string | Required. The resource ID of a key vault to reference a customer managed key for encryption from. | -| [`keyVersion`](#parameter-customermanagedkeykeyversion) | No | string | Optional. The version of the customer managed key to reference for encryption. If not provided, using 'latest'. | -| [`userAssignedIdentityResourceId`](#parameter-customermanagedkeyuserassignedidentityresourceid) | No | string | Optional. User assigned identity to use when fetching the customer managed key. Required if no system assigned identity is available for use. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`keyName`](#parameter-customermanagedkeykeyname) | string | The name of the customer managed key to use for encryption. | +| [`keyVaultResourceId`](#parameter-customermanagedkeykeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`keyVersion`](#parameter-customermanagedkeykeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, using 'latest'. | +| [`userAssignedIdentityResourceId`](#parameter-customermanagedkeyuserassignedidentityresourceid) | string | User assigned identity to use when fetching the customer managed key. Required if no system assigned identity is available for use. | ### Parameter: `customerManagedKey.keyName` -Required. The name of the customer managed key to use for encryption. +The name of the customer managed key to use for encryption. - Required: Yes - Type: string ### Parameter: `customerManagedKey.keyVaultResourceId` -Required. The resource ID of a key vault to reference a customer managed key for encryption from. +The resource ID of a key vault to reference a customer managed key for encryption from. - Required: Yes - Type: string ### Parameter: `customerManagedKey.keyVersion` -Optional. The version of the customer managed key to reference for encryption. If not provided, using 'latest'. +The version of the customer managed key to reference for encryption. If not provided, using 'latest'. - Required: No - Type: string ### Parameter: `customerManagedKey.userAssignedIdentityResourceId` -Optional. User assigned identity to use when fetching the customer managed key. Required if no system assigned identity is available for use. +User assigned identity to use when fetching the customer managed key. Required if no system assigned identity is available for use. - Required: No - Type: string @@ -1988,6 +2019,7 @@ Optional. User assigned identity to use when fetching the customer managed key. ### Parameter: `defaultToOAuthAuthentication` A boolean flag which indicates whether the default authentication is OAuth or not. + - Required: No - Type: bool - Default: `False` @@ -1995,86 +2027,82 @@ A boolean flag which indicates whether the default authentication is OAuth or no ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.metricCategories` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | - -### Parameter: `diagnosticSettings.metricCategories.category` - -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. - -- Required: Yes -- Type: string - - ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -2082,6 +2110,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `dnsEndpointType` Allows you to specify the type of endpoint. Set this to AzureDNSZone to create a large number of accounts in a single subscription, which creates accounts in an Azure DNS Zone and the endpoint URL will have an alphanumeric DNS Zone identifier. + - Required: No - Type: string - Default: `''` @@ -2097,20 +2126,15 @@ Allows you to specify the type of endpoint. Set this to AzureDNSZone to create a ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` -### Parameter: `enableHierarchicalNamespace` - -If true, enables Hierarchical Namespace for the storage account. Required if enableSftp or enableNfsV3 is set to true. - Required: No - Type: bool -- Default: `False` +- Default: `True` ### Parameter: `enableNfsV3` If true, enables NFS 3.0 support for the storage account. Requires enableHierarchicalNamespace to be true. + - Required: No - Type: bool - Default: `False` @@ -2118,6 +2142,7 @@ If true, enables NFS 3.0 support for the storage account. Requires enableHierarc ### Parameter: `enableSftp` If true, enables Secure File Transfer Protocol for the storage account. Requires enableHierarchicalNamespace to be true. + - Required: No - Type: bool - Default: `False` @@ -2125,6 +2150,7 @@ If true, enables Secure File Transfer Protocol for the storage account. Requires ### Parameter: `fileServices` File service and shares to deploy. + - Required: No - Type: object - Default: `{}` @@ -2132,6 +2158,7 @@ File service and shares to deploy. ### Parameter: `isLocalUserEnabled` Enables local users feature, if set to true. + - Required: No - Type: bool - Default: `False` @@ -2139,6 +2166,7 @@ Enables local users feature, if set to true. ### Parameter: `kind` Type of Storage Account to create. + - Required: No - Type: string - Default: `'StorageV2'` @@ -2156,6 +2184,7 @@ Type of Storage Account to create. ### Parameter: `largeFileSharesState` Allow large file shares if sets to 'Enabled'. It cannot be disabled once it is enabled. Only supported on locally redundant and zone redundant file shares. It cannot be set on FileStorage storage accounts (storage accounts for premium file shares). + - Required: No - Type: string - Default: `'Disabled'` @@ -2170,6 +2199,7 @@ Allow large file shares if sets to 'Enabled'. It cannot be disabled once it is e ### Parameter: `localUsers` Local users to deploy for SFTP authentication. + - Required: No - Type: array - Default: `[]` @@ -2177,6 +2207,7 @@ Local users to deploy for SFTP authentication. ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -2184,26 +2215,35 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -2211,25 +2251,27 @@ Optional. Specify the name of lock. ### Parameter: `managedIdentities` The managed identity definition for this resource. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | No | bool | Optional. Enables system assigned managed identity on the resource. | -| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | No | array | Optional. The resource ID(s) to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | bool | Enables system assigned managed identity on the resource. | +| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. | ### Parameter: `managedIdentities.systemAssigned` -Optional. Enables system assigned managed identity on the resource. +Enables system assigned managed identity on the resource. - Required: No - Type: bool ### Parameter: `managedIdentities.userAssignedResourceIds` -Optional. The resource ID(s) to assign to the resource. +The resource ID(s) to assign to the resource. - Required: No - Type: array @@ -2237,6 +2279,7 @@ Optional. The resource ID(s) to assign to the resource. ### Parameter: `managementPolicyRules` The Storage Account ManagementPolicies Rules. + - Required: No - Type: array - Default: `[]` @@ -2244,6 +2287,7 @@ The Storage Account ManagementPolicies Rules. ### Parameter: `minimumTlsVersion` Set the minimum TLS version on request to storage. + - Required: No - Type: string - Default: `'TLS1_2'` @@ -2256,15 +2300,10 @@ Set the minimum TLS version on request to storage. ] ``` -### Parameter: `name` - -Name of the Storage Account. -- Required: Yes -- Type: string - ### Parameter: `networkAcls` Networks ACLs, this value contains IPs to whitelist and/or Subnet information. For security reasons, it is recommended to set the DefaultAction Deny. + - Required: No - Type: object - Default: `{}` @@ -2272,197 +2311,247 @@ Networks ACLs, this value contains IPs to whitelist and/or Subnet information. F ### Parameter: `privateEndpoints` Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | No | array | Optional. Application security groups in which the private endpoint IP configuration is included. | -| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | No | array | Optional. Custom DNS configurations. | -| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | No | string | Optional. The custom name of the network interface attached to the private endpoint. | -| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | No | bool | Optional. Enable/Disable usage telemetry for module. | -| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | No | array | Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | -| [`location`](#parameter-privateendpointslocation) | No | string | Optional. The location to deploy the private endpoint to. | -| [`lock`](#parameter-privateendpointslock) | No | object | Optional. Specify the type of lock. | -| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | No | array | Optional. Manual PrivateLink Service Connections. | -| [`name`](#parameter-privateendpointsname) | No | string | Optional. The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | No | string | Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | -| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | No | array | Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | -| [`roleAssignments`](#parameter-privateendpointsroleassignments) | No | array | Optional. Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | Yes | string | Required. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | -| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | Yes | string | Required. Resource ID of the subnet where the endpoint needs to be created. | -| [`tags`](#parameter-privateendpointstags) | No | object | Optional. Tags to be applied on all resources/resource groups in this deployment. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | +| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | string | Resource ID of the subnet where the endpoint needs to be created. | -### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` +**Optional parameters** -Optional. Application security groups in which the private endpoint IP configuration is included. +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | array | Application security groups in which the private endpoint IP configuration is included. | +| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | array | Custom DNS configurations. | +| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | +| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | +| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | +| [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | +| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | +| [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | +| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | +| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | +| [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | +| [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | -- Required: No -- Type: array +### Parameter: `privateEndpoints.service` -### Parameter: `privateEndpoints.customDnsConfigs` +The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". -Optional. Custom DNS configurations. +- Required: Yes +- Type: string -- Required: No -- Type: array +### Parameter: `privateEndpoints.subnetResourceId` + +Resource ID of the subnet where the endpoint needs to be created. -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | No | string | Required. Fqdn that resolves to private endpoint ip address. | -| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | Yes | array | Required. A list of private ip addresses of the private endpoint. | +- Required: Yes +- Type: string -### Parameter: `privateEndpoints.customDnsConfigs.fqdn` +### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` -Required. Fqdn that resolves to private endpoint ip address. +Application security groups in which the private endpoint IP configuration is included. - Required: No -- Type: string +- Type: array -### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` +### Parameter: `privateEndpoints.customDnsConfigs` -Required. A list of private ip addresses of the private endpoint. +Custom DNS configurations. -- Required: Yes +- Required: No - Type: array - ### Parameter: `privateEndpoints.customNetworkInterfaceName` -Optional. The custom name of the network interface attached to the private endpoint. +The custom name of the network interface attached to the private endpoint. - Required: No - Type: string ### Parameter: `privateEndpoints.enableTelemetry` -Optional. Enable/Disable usage telemetry for module. +Enable/Disable usage telemetry for module. - Required: No - Type: bool ### Parameter: `privateEndpoints.ipConfigurations` -Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. +A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`name`](#parameter-privateendpointsipconfigurationsname) | Yes | string | Required. The name of the resource that is unique within a resource group. | -| [`properties`](#parameter-privateendpointsipconfigurationsproperties) | Yes | object | Required. Properties of private endpoint IP configurations. | - -### Parameter: `privateEndpoints.ipConfigurations.name` +### Parameter: `privateEndpoints.location` -Required. The name of the resource that is unique within a resource group. +The location to deploy the private endpoint to. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties` +### Parameter: `privateEndpoints.lock` -Required. Properties of private endpoint IP configurations. +Specify the type of lock. -- Required: Yes +- Required: No - Type: object -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | Yes | string | Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. | -| [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | Yes | string | Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. | -| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | Yes | string | Required. A private ip address obtained from the private endpoint's subnet. | +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-privateendpointslockkind) | string | Specify the type of lock. | +| [`name`](#parameter-privateendpointslockname) | string | Specify the name of lock. | -### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` +### Parameter: `privateEndpoints.lock.kind` -Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. +Specify the type of lock. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` -### Parameter: `privateEndpoints.ipConfigurations.properties.memberName` +### Parameter: `privateEndpoints.lock.name` -Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. +Specify the name of lock. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` +### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` -Required. A private ip address obtained from the private endpoint's subnet. +Manual PrivateLink Service Connections. -- Required: Yes -- Type: string +- Required: No +- Type: array +### Parameter: `privateEndpoints.name` +The name of the private endpoint. -### Parameter: `privateEndpoints.location` +- Required: No +- Type: string -Optional. The location to deploy the private endpoint to. +### Parameter: `privateEndpoints.privateDnsZoneGroupName` + +The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. - Required: No - Type: string -### Parameter: `privateEndpoints.lock` +### Parameter: `privateEndpoints.privateDnsZoneResourceIds` -Optional. Specify the type of lock. +The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. - Required: No -- Type: object +- Type: array -### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` +### Parameter: `privateEndpoints.roleAssignments` -Optional. Manual PrivateLink Service Connections. +Array of role assignments to create. - Required: No - Type: array -### Parameter: `privateEndpoints.name` +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-privateendpointsroleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-privateendpointsroleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -Optional. The name of the private endpoint. +**Optional parameters** -- Required: No +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-privateendpointsroleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-privateendpointsroleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-privateendpointsroleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-privateendpointsroleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-privateendpointsroleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | + +### Parameter: `privateEndpoints.roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `privateEndpoints.privateDnsZoneGroupName` +### Parameter: `privateEndpoints.roleAssignments.roleDefinitionIdOrName` -Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.roleAssignments.condition` + +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `privateEndpoints.privateDnsZoneResourceIds` +### Parameter: `privateEndpoints.roleAssignments.conditionVersion` -Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. +Version of the condition. - Required: No -- Type: array +- Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `privateEndpoints.roleAssignments` +### Parameter: `privateEndpoints.roleAssignments.delegatedManagedIdentityResourceId` -Optional. Array of role assignments to create. +The Resource Id of the delegated managed identity resource. - Required: No -- Type: array +- Type: string -### Parameter: `privateEndpoints.service` +### Parameter: `privateEndpoints.roleAssignments.description` -Required. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". +The description of the role assignment. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.subnetResourceId` +### Parameter: `privateEndpoints.roleAssignments.principalType` -Required. Resource ID of the subnet where the endpoint needs to be created. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `privateEndpoints.tags` -Optional. Tags to be applied on all resources/resource groups in this deployment. +Tags to be applied on all resources/resource groups in this deployment. - Required: No - Type: object @@ -2470,6 +2559,7 @@ Optional. Tags to be applied on all resources/resource groups in this deployment ### Parameter: `publicNetworkAccess` Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set and networkAcls are not set. + - Required: No - Type: string - Default: `''` @@ -2485,6 +2575,7 @@ Whether or not public network access is allowed for this resource. For security ### Parameter: `queueServices` Queue service and queues to create. + - Required: No - Type: object - Default: `{}` @@ -2492,6 +2583,7 @@ Queue service and queues to create. ### Parameter: `requireInfrastructureEncryption` A Boolean indicating whether or not the service applies a secondary layer of encryption with platform managed keys for data at rest. For security reasons, it is recommended to set it to true. + - Required: No - Type: bool - Default: `True` @@ -2499,74 +2591,96 @@ A Boolean indicating whether or not the service applies a secondary layer of enc ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `sasExpirationPeriod` The SAS expiration period. DD.HH:MM:SS. + - Required: No - Type: string - Default: `''` @@ -2574,6 +2688,7 @@ The SAS expiration period. DD.HH:MM:SS. ### Parameter: `skuName` Storage Account Sku Name. + - Required: No - Type: string - Default: `'Standard_GRS'` @@ -2594,6 +2709,7 @@ Storage Account Sku Name. ### Parameter: `supportsHttpsTrafficOnly` Allows HTTPS traffic only to storage service if sets to true. + - Required: No - Type: bool - Default: `True` @@ -2601,6 +2717,7 @@ Allows HTTPS traffic only to storage service if sets to true. ### Parameter: `tableServices` Table service and tables to create. + - Required: No - Type: object - Default: `{}` @@ -2608,6 +2725,7 @@ Table service and tables to create. ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object diff --git a/modules/storage/storage-account/blob-service/README.md b/modules/storage/storage-account/blob-service/README.md index 6e8044ec03..34a9181734 100644 --- a/modules/storage/storage-account/blob-service/README.md +++ b/modules/storage/storage-account/blob-service/README.md @@ -50,9 +50,17 @@ This module deploys a Storage Account Blob Service. | [`restorePolicyDays`](#parameter-restorepolicydays) | int | How long this blob can be restored. It should be less than DeleteRetentionPolicy days. | | [`restorePolicyEnabled`](#parameter-restorepolicyenabled) | bool | The blob service properties for blob restore policy. If point-in-time restore is enabled, then versioning, change feed, and blob soft delete must also be enabled. | +### Parameter: `storageAccountName` + +The name of the parent Storage Account. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `automaticSnapshotPolicyEnabled` Automatic Snapshot is enabled if set to true. + - Required: No - Type: bool - Default: `False` @@ -60,6 +68,7 @@ Automatic Snapshot is enabled if set to true. ### Parameter: `changeFeedEnabled` The blob service properties for change feed events. Indicates whether change feed event logging is enabled for the Blob service. + - Required: No - Type: bool - Default: `True` @@ -67,12 +76,14 @@ The blob service properties for change feed events. Indicates whether change fee ### Parameter: `changeFeedRetentionInDays` Indicates whether change feed event logging is enabled for the Blob service. Indicates the duration of changeFeed retention in days. A "0" value indicates an infinite retention of the change feed. + - Required: No - Type: int ### Parameter: `containerDeleteRetentionPolicyAllowPermanentDelete` This property when set to true allows deletion of the soft deleted blob versions and snapshots. This property cannot be used with blob restore policy. This property only applies to blob service and does not apply to containers or file share. + - Required: No - Type: bool - Default: `False` @@ -80,12 +91,14 @@ This property when set to true allows deletion of the soft deleted blob versions ### Parameter: `containerDeleteRetentionPolicyDays` Indicates the number of days that the deleted item should be retained. + - Required: No - Type: int ### Parameter: `containerDeleteRetentionPolicyEnabled` The blob service properties for container soft delete. Indicates whether DeleteRetentionPolicy is enabled. + - Required: No - Type: bool - Default: `True` @@ -93,6 +106,7 @@ The blob service properties for container soft delete. Indicates whether DeleteR ### Parameter: `containers` Blob containers to create. + - Required: No - Type: array - Default: `[]` @@ -100,6 +114,7 @@ Blob containers to create. ### Parameter: `corsRules` Specifies CORS rules for the Blob service. You can include up to five CorsRule elements in the request. If no CorsRule elements are included in the request body, all CORS rules will be deleted, and CORS will be disabled for the Blob service. + - Required: No - Type: array - Default: `[]` @@ -107,6 +122,7 @@ Specifies CORS rules for the Blob service. You can include up to five CorsRule e ### Parameter: `defaultServiceVersion` Indicates the default version to use for requests to the Blob service if an incoming request's version is not specified. Possible values include version 2008-10-27 and all more recent versions. + - Required: No - Type: string - Default: `''` @@ -114,6 +130,7 @@ Indicates the default version to use for requests to the Blob service if an inco ### Parameter: `deleteRetentionPolicyAllowPermanentDelete` This property when set to true allows deletion of the soft deleted blob versions and snapshots. This property cannot be used with blob restore policy. This property only applies to blob service and does not apply to containers or file share. + - Required: No - Type: bool - Default: `False` @@ -121,12 +138,14 @@ This property when set to true allows deletion of the soft deleted blob versions ### Parameter: `deleteRetentionPolicyDays` Indicates the number of days that the deleted blob should be retained. + - Required: No - Type: int ### Parameter: `deleteRetentionPolicyEnabled` The blob service properties for blob soft delete. + - Required: No - Type: bool - Default: `True` @@ -134,114 +153,90 @@ The blob service properties for blob soft delete. ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.metricCategories` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | - -### Parameter: `diagnosticSettings.metricCategories.category` - -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. - -- Required: Yes -- Type: string - - ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -249,6 +244,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -256,6 +252,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `isVersioningEnabled` Use versioning to automatically maintain previous versions of your blobs. + - Required: No - Type: bool - Default: `True` @@ -263,6 +260,7 @@ Use versioning to automatically maintain previous versions of your blobs. ### Parameter: `lastAccessTimeTrackingPolicyEnabled` The blob service property to configure last access time based tracking policy. When set to true last access time based tracking is enabled. + - Required: No - Type: bool - Default: `False` @@ -270,22 +268,18 @@ The blob service property to configure last access time based tracking policy. W ### Parameter: `restorePolicyDays` How long this blob can be restored. It should be less than DeleteRetentionPolicy days. + - Required: No - Type: int ### Parameter: `restorePolicyEnabled` The blob service properties for blob restore policy. If point-in-time restore is enabled, then versioning, change feed, and blob soft delete must also be enabled. + - Required: No - Type: bool - Default: `True` -### Parameter: `storageAccountName` - -The name of the parent Storage Account. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/storage/storage-account/blob-service/container/README.md b/modules/storage/storage-account/blob-service/container/README.md index 8090c24588..34149b563a 100644 --- a/modules/storage/storage-account/blob-service/container/README.md +++ b/modules/storage/storage-account/blob-service/container/README.md @@ -47,9 +47,24 @@ This module deploys a Storage Account Blob Container. | [`publicAccess`](#parameter-publicaccess) | string | Specifies whether data in the container may be accessed publicly and the level of access. | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignments to create. | +### Parameter: `name` + +The name of the storage container to deploy. + +- Required: Yes +- Type: string + +### Parameter: `storageAccountName` + +The name of the parent Storage Account. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `defaultEncryptionScope` Default the container to use specified encryption scope for all writes. + - Required: No - Type: string - Default: `''` @@ -57,6 +72,7 @@ Default the container to use specified encryption scope for all writes. ### Parameter: `denyEncryptionScopeOverride` Block override of encryption scope from the container default. + - Required: No - Type: bool - Default: `False` @@ -64,6 +80,7 @@ Block override of encryption scope from the container default. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -71,6 +88,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `enableNfsV3AllSquash` Enable NFSv3 all squash on blob container. + - Required: No - Type: bool - Default: `False` @@ -78,6 +96,7 @@ Enable NFSv3 all squash on blob container. ### Parameter: `enableNfsV3RootSquash` Enable NFSv3 root squash on blob container. + - Required: No - Type: bool - Default: `False` @@ -85,6 +104,7 @@ Enable NFSv3 root squash on blob container. ### Parameter: `immutabilityPolicyName` Name of the immutable policy. + - Required: No - Type: string - Default: `'default'` @@ -92,6 +112,7 @@ Name of the immutable policy. ### Parameter: `immutabilityPolicyProperties` Configure immutability policy. + - Required: No - Type: object - Default: `{}` @@ -99,6 +120,7 @@ Configure immutability policy. ### Parameter: `immutableStorageWithVersioningEnabled` This is an immutable property, when set to true it enables object level immutability at the container level. The property is immutable and can only be set to true at the container creation time. Existing containers must undergo a migration process. + - Required: No - Type: bool - Default: `False` @@ -106,19 +128,15 @@ This is an immutable property, when set to true it enables object level immutabi ### Parameter: `metadata` A name-value pair to associate with the container as metadata. + - Required: No - Type: object - Default: `{}` -### Parameter: `name` - -The name of the storage container to deploy. -- Required: Yes -- Type: string - ### Parameter: `publicAccess` Specifies whether data in the container may be accessed publicly and the level of access. + - Required: No - Type: string - Default: `'None'` @@ -134,76 +152,91 @@ Specifies whether data in the container may be accessed publicly and the level o ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | - -### Parameter: `roleAssignments.condition` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +**Optional parameters** -- Required: No -- Type: string +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.principalId` -Optional. Version of the condition. +The principal ID of the principal (user/group/identity) to assign the role to. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. The Resource Id of the delegated managed identity resource. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.condition` -Optional. The description of the role assignment. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.conditionVersion` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +Version of the condition. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Optional. The principal type of the assigned principal ID. +The Resource Id of the delegated managed identity resource. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.description` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The description of the role assignment. -- Required: Yes +- Required: No - Type: string -### Parameter: `storageAccountName` +### Parameter: `roleAssignments.principalType` -The name of the parent Storage Account. Required if the template is used in a standalone deployment. -- Required: Yes +The principal type of the assigned principal ID. + +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ## Outputs diff --git a/modules/storage/storage-account/blob-service/container/immutability-policy/README.md b/modules/storage/storage-account/blob-service/container/immutability-policy/README.md index 119022a4e9..074aec61c7 100644 --- a/modules/storage/storage-account/blob-service/container/immutability-policy/README.md +++ b/modules/storage/storage-account/blob-service/container/immutability-policy/README.md @@ -33,9 +33,24 @@ This module deploys a Storage Account Blob Container Immutability Policy. | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`immutabilityPeriodSinceCreationInDays`](#parameter-immutabilityperiodsincecreationindays) | int | The immutability period for the blobs in the container since the policy creation, in days. | +### Parameter: `containerName` + +The name of the parent container to apply the policy to. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + +### Parameter: `storageAccountName` + +The name of the parent Storage Account. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `allowProtectedAppendWrites` This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to an append blob while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API. + - Required: No - Type: bool - Default: `True` @@ -43,19 +58,15 @@ This property can only be changed for unlocked time-based retention policies. Wh ### Parameter: `allowProtectedAppendWritesAll` This property can only be changed for unlocked time-based retention policies. When enabled, new blocks can be written to both "Append and Block Blobs" while maintaining immutability protection and compliance. Only new blocks can be added and any existing blocks cannot be modified or deleted. This property cannot be changed with ExtendImmutabilityPolicy API. The "allowProtectedAppendWrites" and "allowProtectedAppendWritesAll" properties are mutually exclusive. + - Required: No - Type: bool - Default: `True` -### Parameter: `containerName` - -The name of the parent container to apply the policy to. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -63,16 +74,11 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `immutabilityPeriodSinceCreationInDays` The immutability period for the blobs in the container since the policy creation, in days. + - Required: No - Type: int - Default: `365` -### Parameter: `storageAccountName` - -The name of the parent Storage Account. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/storage/storage-account/file-service/README.md b/modules/storage/storage-account/file-service/README.md index 115e31eaf4..1bef3a67d8 100644 --- a/modules/storage/storage-account/file-service/README.md +++ b/modules/storage/storage-account/file-service/README.md @@ -37,117 +37,100 @@ This module deploys a Storage Account File Share Service. | [`shareDeleteRetentionPolicy`](#parameter-sharedeleteretentionpolicy) | object | The service properties for soft delete. | | [`shares`](#parameter-shares) | array | File shares to create. | +### Parameter: `storageAccountName` + +The name of the parent Storage Account. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.metricCategories` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | - -### Parameter: `diagnosticSettings.metricCategories.category` - -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. - -- Required: Yes -- Type: string - - ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -155,6 +138,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -162,6 +146,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `name` The name of the file service. + - Required: No - Type: string - Default: `'default'` @@ -169,6 +154,7 @@ The name of the file service. ### Parameter: `protocolSettings` Protocol settings for file service. + - Required: No - Type: object - Default: `{}` @@ -176,6 +162,7 @@ Protocol settings for file service. ### Parameter: `shareDeleteRetentionPolicy` The service properties for soft delete. + - Required: No - Type: object - Default: @@ -189,16 +176,11 @@ The service properties for soft delete. ### Parameter: `shares` File shares to create. + - Required: No - Type: array - Default: `[]` -### Parameter: `storageAccountName` - -The name of the parent Storage Account. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/storage/storage-account/file-service/share/README.md b/modules/storage/storage-account/file-service/share/README.md index 5be390f912..ae421797c0 100644 --- a/modules/storage/storage-account/file-service/share/README.md +++ b/modules/storage/storage-account/file-service/share/README.md @@ -42,9 +42,17 @@ This module deploys a Storage Account File Share. | [`rootSquash`](#parameter-rootsquash) | string | Permissions for NFS file shares are enforced by the client OS rather than the Azure Files service. Toggling the root squash behavior reduces the rights of the root user for NFS shares. | | [`shareQuota`](#parameter-sharequota) | int | The maximum size of the share, in gigabytes. Must be greater than 0, and less than or equal to 5120 (5TB). For Large File Shares, the maximum size is 102400 (100TB). | +### Parameter: `name` + +The name of the file share to create. + +- Required: Yes +- Type: string + ### Parameter: `accessTier` Access tier for specific share. Required if the Storage Account kind is set to FileStorage (should be set to "Premium"). GpV2 account can choose between TransactionOptimized (default), Hot, and Cool. + - Required: No - Type: string - Default: `'TransactionOptimized'` @@ -58,9 +66,25 @@ Access tier for specific share. Required if the Storage Account kind is set to F ] ``` +### Parameter: `fileServicesName` + +The name of the parent file service. Required if the template is used in a standalone deployment. + +- Required: No +- Type: string +- Default: `'default'` + +### Parameter: `storageAccountName` + +The name of the parent Storage Account. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -68,6 +92,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `enabledProtocols` The authentication protocol that is used for the file share. Can only be specified when creating a share. + - Required: No - Type: string - Default: `'SMB'` @@ -79,90 +104,99 @@ The authentication protocol that is used for the file share. Can only be specifi ] ``` -### Parameter: `fileServicesName` +### Parameter: `roleAssignments` + +Array of role assignments to create. -The name of the parent file service. Required if the template is used in a standalone deployment. - Required: No -- Type: string -- Default: `'default'` +- Type: array -### Parameter: `name` +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | + +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. -The name of the file share to create. - Required: Yes - Type: string -### Parameter: `roleAssignments` - -Array of role assignments to create. -- Required: No -- Type: array +### Parameter: `roleAssignments.roleDefinitionIdOrName` +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +- Required: Yes +- Type: string ### Parameter: `roleAssignments.condition` -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string ### Parameter: `roleAssignments.conditionVersion` -Optional. Version of the condition. +Version of the condition. - Required: No - Type: string -- Allowed: `[2.0]` +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` ### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Optional. The Resource Id of the delegated managed identity resource. +The Resource Id of the delegated managed identity resource. - Required: No - Type: string ### Parameter: `roleAssignments.description` -Optional. The description of the role assignment. +The description of the role assignment. - Required: No - Type: string -### Parameter: `roleAssignments.principalId` - -Required. The principal ID of the principal (user/group/identity) to assign the role to. - -- Required: Yes -- Type: string - ### Parameter: `roleAssignments.principalType` -Optional. The principal type of the assigned principal ID. +The principal type of the assigned principal ID. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` - -### Parameter: `roleAssignments.roleDefinitionIdOrName` - -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. - -- Required: Yes -- Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `rootSquash` Permissions for NFS file shares are enforced by the client OS rather than the Azure Files service. Toggling the root squash behavior reduces the rights of the root user for NFS shares. + - Required: No - Type: string - Default: `'NoRootSquash'` @@ -178,16 +212,11 @@ Permissions for NFS file shares are enforced by the client OS rather than the Az ### Parameter: `shareQuota` The maximum size of the share, in gigabytes. Must be greater than 0, and less than or equal to 5120 (5TB). For Large File Shares, the maximum size is 102400 (100TB). + - Required: No - Type: int - Default: `5120` -### Parameter: `storageAccountName` - -The name of the parent Storage Account. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/storage/storage-account/local-user/README.md b/modules/storage/storage-account/local-user/README.md index 9f2197327d..f6ddd9aa7a 100644 --- a/modules/storage/storage-account/local-user/README.md +++ b/modules/storage/storage-account/local-user/README.md @@ -41,64 +41,73 @@ This module deploys a Storage Account Local User, which is used for SFTP authent | [`homeDirectory`](#parameter-homedirectory) | string | The local user home directory. | | [`sshAuthorizedKeys`](#parameter-sshauthorizedkeys) | array | The local user SSH authorized keys for SFTP. | -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` - -### Parameter: `hasSharedKey` - -Indicates whether shared key exists. Set it to false to remove existing shared key. -- Required: No -- Type: bool -- Default: `False` - ### Parameter: `hasSshKey` Indicates whether SSH key exists. Set it to false to remove existing SSH key. + - Required: Yes - Type: bool ### Parameter: `hasSshPassword` Indicates whether SSH password exists. Set it to false to remove existing SSH password. + - Required: Yes - Type: bool -### Parameter: `homeDirectory` - -The local user home directory. -- Required: No -- Type: string -- Default: `''` - ### Parameter: `name` The name of the local user used for SFTP Authentication. + - Required: Yes - Type: string ### Parameter: `permissionScopes` The permission scopes of the local user. + - Required: Yes - Type: array +### Parameter: `storageAccountName` + +The name of the parent Storage Account. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `hasSharedKey` + +Indicates whether shared key exists. Set it to false to remove existing shared key. + +- Required: No +- Type: bool +- Default: `False` + +### Parameter: `homeDirectory` + +The local user home directory. + +- Required: No +- Type: string +- Default: `''` + ### Parameter: `sshAuthorizedKeys` The local user SSH authorized keys for SFTP. + - Required: No - Type: array - Default: `[]` -### Parameter: `storageAccountName` - -The name of the parent Storage Account. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/storage/storage-account/management-policy/README.md b/modules/storage/storage-account/management-policy/README.md index 278fea96ea..1a8c25c5d1 100644 --- a/modules/storage/storage-account/management-policy/README.md +++ b/modules/storage/storage-account/management-policy/README.md @@ -35,25 +35,28 @@ This module deploys a Storage Account Management Policy. | :-- | :-- | :-- | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` - ### Parameter: `rules` The Storage Account ManagementPolicies Rules. + - Required: Yes - Type: array ### Parameter: `storageAccountName` The name of the parent Storage Account. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` + ## Outputs diff --git a/modules/storage/storage-account/queue-service/README.md b/modules/storage/storage-account/queue-service/README.md index 7543d85557..7971dff96e 100644 --- a/modules/storage/storage-account/queue-service/README.md +++ b/modules/storage/storage-account/queue-service/README.md @@ -34,117 +34,100 @@ This module deploys a Storage Account Queue Service. | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`queues`](#parameter-queues) | array | Queues to create. | +### Parameter: `storageAccountName` + +The name of the parent Storage Account. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.metricCategories` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | - -### Parameter: `diagnosticSettings.metricCategories.category` - -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. - -- Required: Yes -- Type: string - - ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -152,6 +135,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -159,16 +143,11 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `queues` Queues to create. + - Required: No - Type: array - Default: `[]` -### Parameter: `storageAccountName` - -The name of the parent Storage Account. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/storage/storage-account/queue-service/queue/README.md b/modules/storage/storage-account/queue-service/queue/README.md index 5932d7872e..2d25dd1845 100644 --- a/modules/storage/storage-account/queue-service/queue/README.md +++ b/modules/storage/storage-account/queue-service/queue/README.md @@ -38,16 +38,10 @@ This module deploys a Storage Account Queue. | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignments to create. | -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` - ### Parameter: `metadata` A name-value pair that represents queue metadata. + - Required: No - Type: object - Default: `{}` @@ -55,82 +49,113 @@ A name-value pair that represents queue metadata. ### Parameter: `name` The name of the storage queue to deploy. + +- Required: Yes +- Type: string + +### Parameter: `storageAccountName` + +The name of the parent Storage Account. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` + ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | - -### Parameter: `roleAssignments.condition` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +**Optional parameters** -- Required: No -- Type: string +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.principalId` -Optional. Version of the condition. +The principal ID of the principal (user/group/identity) to assign the role to. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. The Resource Id of the delegated managed identity resource. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.condition` -Optional. The description of the role assignment. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.conditionVersion` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +Version of the condition. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Optional. The principal type of the assigned principal ID. +The Resource Id of the delegated managed identity resource. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.description` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The description of the role assignment. -- Required: Yes +- Required: No - Type: string -### Parameter: `storageAccountName` +### Parameter: `roleAssignments.principalType` -The name of the parent Storage Account. Required if the template is used in a standalone deployment. -- Required: Yes +The principal type of the assigned principal ID. + +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ## Outputs diff --git a/modules/storage/storage-account/table-service/README.md b/modules/storage/storage-account/table-service/README.md index 87435b1319..17526658f2 100644 --- a/modules/storage/storage-account/table-service/README.md +++ b/modules/storage/storage-account/table-service/README.md @@ -33,117 +33,100 @@ This module deploys a Storage Account Table Service. | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`tables`](#parameter-tables) | array | tables to create. | +### Parameter: `storageAccountName` + +The name of the parent Storage Account. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.metricCategories` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | - -### Parameter: `diagnosticSettings.metricCategories.category` - -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. - -- Required: Yes -- Type: string - - ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -151,19 +134,15 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` -### Parameter: `storageAccountName` - -The name of the parent Storage Account. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `tables` tables to create. + - Required: No - Type: array - Default: `[]` diff --git a/modules/storage/storage-account/table-service/table/README.md b/modules/storage/storage-account/table-service/table/README.md index 4d8bb2da13..797f1baa2a 100644 --- a/modules/storage/storage-account/table-service/table/README.md +++ b/modules/storage/storage-account/table-service/table/README.md @@ -35,25 +35,28 @@ This module deploys a Storage Account Table. | :-- | :-- | :-- | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` - ### Parameter: `name` Name of the table. + - Required: Yes - Type: string ### Parameter: `storageAccountName` The name of the parent Storage Account. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` + ## Outputs diff --git a/modules/synapse/private-link-hub/README.md b/modules/synapse/private-link-hub/README.md index 7b95540281..1cc54fa4b1 100644 --- a/modules/synapse/private-link-hub/README.md +++ b/modules/synapse/private-link-hub/README.md @@ -352,9 +352,17 @@ module privateLinkHub 'br:bicep/modules/synapse.private-link-hub:1.0.0' = { | [`roleAssignments`](#parameter-roleassignments) | array | Array of role assignments to create. | | [`tags`](#parameter-tags) | object | Tags of the resource. | +### Parameter: `name` + +The name of the Private Link Hub. + +- Required: Yes +- Type: string + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -362,6 +370,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` The geo-location where the resource lives. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -369,230 +378,283 @@ The geo-location where the resource lives. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string -### Parameter: `name` - -The name of the Private Link Hub. -- Required: Yes -- Type: string - ### Parameter: `privateEndpoints` Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | No | array | Optional. Application security groups in which the private endpoint IP configuration is included. | -| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | No | array | Optional. Custom DNS configurations. | -| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | No | string | Optional. The custom name of the network interface attached to the private endpoint. | -| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | No | bool | Optional. Enable/Disable usage telemetry for module. | -| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | No | array | Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | -| [`location`](#parameter-privateendpointslocation) | No | string | Optional. The location to deploy the private endpoint to. | -| [`lock`](#parameter-privateendpointslock) | No | object | Optional. Specify the type of lock. | -| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | No | array | Optional. Manual PrivateLink Service Connections. | -| [`name`](#parameter-privateendpointsname) | No | string | Optional. The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | No | string | Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | -| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | No | array | Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | -| [`roleAssignments`](#parameter-privateendpointsroleassignments) | No | array | Optional. Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | Yes | string | Required. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | -| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | Yes | string | Required. Resource ID of the subnet where the endpoint needs to be created. | -| [`tags`](#parameter-privateendpointstags) | No | object | Optional. Tags to be applied on all resources/resource groups in this deployment. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | +| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | string | Resource ID of the subnet where the endpoint needs to be created. | -### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` +**Optional parameters** -Optional. Application security groups in which the private endpoint IP configuration is included. +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | array | Application security groups in which the private endpoint IP configuration is included. | +| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | array | Custom DNS configurations. | +| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | +| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | +| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | +| [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | +| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | +| [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | +| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | +| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | +| [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | +| [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | -- Required: No -- Type: array +### Parameter: `privateEndpoints.service` -### Parameter: `privateEndpoints.customDnsConfigs` +The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". -Optional. Custom DNS configurations. +- Required: Yes +- Type: string -- Required: No -- Type: array +### Parameter: `privateEndpoints.subnetResourceId` -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | No | string | Required. Fqdn that resolves to private endpoint ip address. | -| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | Yes | array | Required. A list of private ip addresses of the private endpoint. | +Resource ID of the subnet where the endpoint needs to be created. -### Parameter: `privateEndpoints.customDnsConfigs.fqdn` +- Required: Yes +- Type: string -Required. Fqdn that resolves to private endpoint ip address. +### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` + +Application security groups in which the private endpoint IP configuration is included. - Required: No -- Type: string +- Type: array -### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` +### Parameter: `privateEndpoints.customDnsConfigs` -Required. A list of private ip addresses of the private endpoint. +Custom DNS configurations. -- Required: Yes +- Required: No - Type: array - ### Parameter: `privateEndpoints.customNetworkInterfaceName` -Optional. The custom name of the network interface attached to the private endpoint. +The custom name of the network interface attached to the private endpoint. - Required: No - Type: string ### Parameter: `privateEndpoints.enableTelemetry` -Optional. Enable/Disable usage telemetry for module. +Enable/Disable usage telemetry for module. - Required: No - Type: bool ### Parameter: `privateEndpoints.ipConfigurations` -Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. +A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`name`](#parameter-privateendpointsipconfigurationsname) | Yes | string | Required. The name of the resource that is unique within a resource group. | -| [`properties`](#parameter-privateendpointsipconfigurationsproperties) | Yes | object | Required. Properties of private endpoint IP configurations. | - -### Parameter: `privateEndpoints.ipConfigurations.name` +### Parameter: `privateEndpoints.location` -Required. The name of the resource that is unique within a resource group. +The location to deploy the private endpoint to. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties` +### Parameter: `privateEndpoints.lock` -Required. Properties of private endpoint IP configurations. +Specify the type of lock. -- Required: Yes +- Required: No - Type: object -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | Yes | string | Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. | -| [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | Yes | string | Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. | -| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | Yes | string | Required. A private ip address obtained from the private endpoint's subnet. | +**Optional parameters** -### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-privateendpointslockkind) | string | Specify the type of lock. | +| [`name`](#parameter-privateendpointslockname) | string | Specify the name of lock. | -Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. +### Parameter: `privateEndpoints.lock.kind` -- Required: Yes +Specify the type of lock. + +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` -### Parameter: `privateEndpoints.ipConfigurations.properties.memberName` +### Parameter: `privateEndpoints.lock.name` -Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. +Specify the name of lock. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` +### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` -Required. A private ip address obtained from the private endpoint's subnet. +Manual PrivateLink Service Connections. -- Required: Yes -- Type: string +- Required: No +- Type: array + +### Parameter: `privateEndpoints.name` +The name of the private endpoint. +- Required: No +- Type: string -### Parameter: `privateEndpoints.location` +### Parameter: `privateEndpoints.privateDnsZoneGroupName` -Optional. The location to deploy the private endpoint to. +The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. - Required: No - Type: string -### Parameter: `privateEndpoints.lock` +### Parameter: `privateEndpoints.privateDnsZoneResourceIds` -Optional. Specify the type of lock. +The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. - Required: No -- Type: object +- Type: array -### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` +### Parameter: `privateEndpoints.roleAssignments` -Optional. Manual PrivateLink Service Connections. +Array of role assignments to create. - Required: No - Type: array -### Parameter: `privateEndpoints.name` +**Required parameters** -Optional. The name of the private endpoint. +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-privateendpointsroleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-privateendpointsroleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -- Required: No +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-privateendpointsroleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-privateendpointsroleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-privateendpointsroleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-privateendpointsroleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-privateendpointsroleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | + +### Parameter: `privateEndpoints.roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `privateEndpoints.privateDnsZoneGroupName` +### Parameter: `privateEndpoints.roleAssignments.roleDefinitionIdOrName` + +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.roleAssignments.condition` -Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `privateEndpoints.privateDnsZoneResourceIds` +### Parameter: `privateEndpoints.roleAssignments.conditionVersion` -Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. +Version of the condition. - Required: No -- Type: array +- Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `privateEndpoints.roleAssignments` +### Parameter: `privateEndpoints.roleAssignments.delegatedManagedIdentityResourceId` -Optional. Array of role assignments to create. +The Resource Id of the delegated managed identity resource. - Required: No -- Type: array +- Type: string -### Parameter: `privateEndpoints.service` +### Parameter: `privateEndpoints.roleAssignments.description` -Required. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". +The description of the role assignment. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.subnetResourceId` +### Parameter: `privateEndpoints.roleAssignments.principalType` -Required. Resource ID of the subnet where the endpoint needs to be created. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `privateEndpoints.tags` -Optional. Tags to be applied on all resources/resource groups in this deployment. +Tags to be applied on all resources/resource groups in this deployment. - Required: No - Type: object @@ -600,74 +662,96 @@ Optional. Tags to be applied on all resources/resource groups in this deployment ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object diff --git a/modules/synapse/workspace/README.md b/modules/synapse/workspace/README.md index 0573d4ba92..2b9461cd16 100644 --- a/modules/synapse/workspace/README.md +++ b/modules/synapse/workspace/README.md @@ -732,9 +732,38 @@ module workspace 'br:bicep/modules/synapse.workspace:1.0.0' = { | [`tags`](#parameter-tags) | object | Tags of the resource. | | [`workspaceRepositoryConfiguration`](#parameter-workspacerepositoryconfiguration) | object | Git integration settings. | +### Parameter: `defaultDataLakeStorageAccountResourceId` + +Resource ID of the default ADLS Gen2 storage account. + +- Required: Yes +- Type: string + +### Parameter: `defaultDataLakeStorageFilesystem` + +The default ADLS Gen2 file system. + +- Required: Yes +- Type: string + +### Parameter: `name` + +The name of the Synapse Workspace. + +- Required: Yes +- Type: string + +### Parameter: `sqlAdministratorLogin` + +Login for administrator access to the workspace's SQL pools. + +- Required: Yes +- Type: string + ### Parameter: `allowedAadTenantIdsForLinking` Allowed AAD Tenant IDs For Linking. + - Required: No - Type: array - Default: `[]` @@ -742,6 +771,7 @@ Allowed AAD Tenant IDs For Linking. ### Parameter: `azureADOnlyAuthentication` Enable or Disable AzureADOnlyAuthentication on All Workspace sub-resource. + - Required: No - Type: bool - Default: `False` @@ -749,155 +779,139 @@ Enable or Disable AzureADOnlyAuthentication on All Workspace sub-resource. ### Parameter: `customerManagedKey` The customer managed key definition. + - Required: No - Type: object +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`keyName`](#parameter-customermanagedkeykeyname) | Yes | string | Required. The name of the customer managed key to use for encryption. | -| [`keyVaultResourceId`](#parameter-customermanagedkeykeyvaultresourceid) | Yes | string | Required. The resource ID of a key vault to reference a customer managed key for encryption from. | -| [`keyVersion`](#parameter-customermanagedkeykeyversion) | No | string | Optional. The version of the customer managed key to reference for encryption. If not provided, using 'latest'. | -| [`userAssignedIdentityResourceId`](#parameter-customermanagedkeyuserassignedidentityresourceid) | No | string | Optional. User assigned identity to use when fetching the customer managed key. Required if no system assigned identity is available for use. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`keyName`](#parameter-customermanagedkeykeyname) | string | The name of the customer managed key to use for encryption. | +| [`keyVaultResourceId`](#parameter-customermanagedkeykeyvaultresourceid) | string | The resource ID of a key vault to reference a customer managed key for encryption from. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`keyVersion`](#parameter-customermanagedkeykeyversion) | string | The version of the customer managed key to reference for encryption. If not provided, using 'latest'. | +| [`userAssignedIdentityResourceId`](#parameter-customermanagedkeyuserassignedidentityresourceid) | string | User assigned identity to use when fetching the customer managed key. Required if no system assigned identity is available for use. | ### Parameter: `customerManagedKey.keyName` -Required. The name of the customer managed key to use for encryption. +The name of the customer managed key to use for encryption. - Required: Yes - Type: string ### Parameter: `customerManagedKey.keyVaultResourceId` -Required. The resource ID of a key vault to reference a customer managed key for encryption from. +The resource ID of a key vault to reference a customer managed key for encryption from. - Required: Yes - Type: string ### Parameter: `customerManagedKey.keyVersion` -Optional. The version of the customer managed key to reference for encryption. If not provided, using 'latest'. +The version of the customer managed key to reference for encryption. If not provided, using 'latest'. - Required: No - Type: string ### Parameter: `customerManagedKey.userAssignedIdentityResourceId` -Optional. User assigned identity to use when fetching the customer managed key. Required if no system assigned identity is available for use. +User assigned identity to use when fetching the customer managed key. Required if no system assigned identity is available for use. - Required: No - Type: string -### Parameter: `defaultDataLakeStorageAccountResourceId` - -Resource ID of the default ADLS Gen2 storage account. -- Required: Yes -- Type: string - ### Parameter: `defaultDataLakeStorageCreateManagedPrivateEndpoint` Create managed private endpoint to the default storage account or not. If Yes is selected, a managed private endpoint connection request is sent to the workspace's primary Data Lake Storage Gen2 account for Spark pools to access data. This must be approved by an owner of the storage account. + - Required: No - Type: bool - Default: `False` -### Parameter: `defaultDataLakeStorageFilesystem` - -The default ADLS Gen2 file system. -- Required: Yes -- Type: string - ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -905,6 +919,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -912,6 +927,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `encryptionActivateWorkspace` Activate workspace by adding the system managed identity in the KeyVault containing the customer managed key and activating the workspace. + - Required: No - Type: bool - Default: `False` @@ -919,6 +935,7 @@ Activate workspace by adding the system managed identity in the KeyVault contain ### Parameter: `initialWorkspaceAdminObjectID` AAD object ID of initial workspace admin. + - Required: No - Type: string - Default: `''` @@ -926,6 +943,7 @@ AAD object ID of initial workspace admin. ### Parameter: `integrationRuntimes` The Integration Runtimes to create. + - Required: No - Type: array - Default: `[]` @@ -933,6 +951,7 @@ The Integration Runtimes to create. ### Parameter: `linkedAccessCheckOnTargetResource` Linked Access Check On Target Resource. + - Required: No - Type: bool - Default: `False` @@ -940,6 +959,7 @@ Linked Access Check On Target Resource. ### Parameter: `location` The geo-location where the resource lives. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -947,26 +967,35 @@ The geo-location where the resource lives. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -974,17 +1003,19 @@ Optional. Specify the name of lock. ### Parameter: `managedIdentities` The managed identity definition for this resource. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | Yes | array | Optional. The resource ID(s) to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. | ### Parameter: `managedIdentities.userAssignedResourceIds` -Optional. The resource ID(s) to assign to the resource. +The resource ID(s) to assign to the resource. - Required: Yes - Type: array @@ -992,6 +1023,7 @@ Optional. The resource ID(s) to assign to the resource. ### Parameter: `managedResourceGroupName` Workspace managed resource group. The resource group name uniquely identifies the resource group within the user subscriptionId. The resource group name must be no longer than 90 characters long, and must be alphanumeric characters (Char.IsLetterOrDigit()) and '-', '_', '(', ')' and'.'. Note that the name cannot end with '.'. + - Required: No - Type: string - Default: `''` @@ -999,19 +1031,15 @@ Workspace managed resource group. The resource group name uniquely identifies th ### Parameter: `managedVirtualNetwork` Enable this to ensure that connection from your workspace to your data sources use Azure Private Links. You can create managed private endpoints to your data sources. + - Required: No - Type: bool - Default: `False` -### Parameter: `name` - -The name of the Synapse Workspace. -- Required: Yes -- Type: string - ### Parameter: `preventDataExfiltration` Prevent Data Exfiltration. + - Required: No - Type: bool - Default: `False` @@ -1019,197 +1047,247 @@ Prevent Data Exfiltration. ### Parameter: `privateEndpoints` Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | No | array | Optional. Application security groups in which the private endpoint IP configuration is included. | -| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | No | array | Optional. Custom DNS configurations. | -| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | No | string | Optional. The custom name of the network interface attached to the private endpoint. | -| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | No | bool | Optional. Enable/Disable usage telemetry for module. | -| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | No | array | Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | -| [`location`](#parameter-privateendpointslocation) | No | string | Optional. The location to deploy the private endpoint to. | -| [`lock`](#parameter-privateendpointslock) | No | object | Optional. Specify the type of lock. | -| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | No | array | Optional. Manual PrivateLink Service Connections. | -| [`name`](#parameter-privateendpointsname) | No | string | Optional. The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | No | string | Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | -| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | No | array | Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | -| [`roleAssignments`](#parameter-privateendpointsroleassignments) | No | array | Optional. Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | Yes | string | Required. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | -| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | Yes | string | Required. Resource ID of the subnet where the endpoint needs to be created. | -| [`tags`](#parameter-privateendpointstags) | No | object | Optional. Tags to be applied on all resources/resource groups in this deployment. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | +| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | string | Resource ID of the subnet where the endpoint needs to be created. | -### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` +**Optional parameters** -Optional. Application security groups in which the private endpoint IP configuration is included. +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | array | Application security groups in which the private endpoint IP configuration is included. | +| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | array | Custom DNS configurations. | +| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | +| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | +| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | +| [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | +| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | +| [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | +| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | +| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | +| [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | +| [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | -- Required: No -- Type: array +### Parameter: `privateEndpoints.service` -### Parameter: `privateEndpoints.customDnsConfigs` +The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". + +- Required: Yes +- Type: string -Optional. Custom DNS configurations. +### Parameter: `privateEndpoints.subnetResourceId` -- Required: No -- Type: array +Resource ID of the subnet where the endpoint needs to be created. -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | No | string | Required. Fqdn that resolves to private endpoint ip address. | -| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | Yes | array | Required. A list of private ip addresses of the private endpoint. | +- Required: Yes +- Type: string -### Parameter: `privateEndpoints.customDnsConfigs.fqdn` +### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` -Required. Fqdn that resolves to private endpoint ip address. +Application security groups in which the private endpoint IP configuration is included. - Required: No -- Type: string +- Type: array -### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` +### Parameter: `privateEndpoints.customDnsConfigs` -Required. A list of private ip addresses of the private endpoint. +Custom DNS configurations. -- Required: Yes +- Required: No - Type: array - ### Parameter: `privateEndpoints.customNetworkInterfaceName` -Optional. The custom name of the network interface attached to the private endpoint. +The custom name of the network interface attached to the private endpoint. - Required: No - Type: string ### Parameter: `privateEndpoints.enableTelemetry` -Optional. Enable/Disable usage telemetry for module. +Enable/Disable usage telemetry for module. - Required: No - Type: bool ### Parameter: `privateEndpoints.ipConfigurations` -Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. +A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`name`](#parameter-privateendpointsipconfigurationsname) | Yes | string | Required. The name of the resource that is unique within a resource group. | -| [`properties`](#parameter-privateendpointsipconfigurationsproperties) | Yes | object | Required. Properties of private endpoint IP configurations. | - -### Parameter: `privateEndpoints.ipConfigurations.name` +### Parameter: `privateEndpoints.location` -Required. The name of the resource that is unique within a resource group. +The location to deploy the private endpoint to. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties` +### Parameter: `privateEndpoints.lock` -Required. Properties of private endpoint IP configurations. +Specify the type of lock. -- Required: Yes +- Required: No - Type: object -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | Yes | string | Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. | -| [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | Yes | string | Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. | -| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | Yes | string | Required. A private ip address obtained from the private endpoint's subnet. | +**Optional parameters** -### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-privateendpointslockkind) | string | Specify the type of lock. | +| [`name`](#parameter-privateendpointslockname) | string | Specify the name of lock. | -Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. +### Parameter: `privateEndpoints.lock.kind` -- Required: Yes +Specify the type of lock. + +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` -### Parameter: `privateEndpoints.ipConfigurations.properties.memberName` +### Parameter: `privateEndpoints.lock.name` -Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. +Specify the name of lock. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` +### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` -Required. A private ip address obtained from the private endpoint's subnet. +Manual PrivateLink Service Connections. -- Required: Yes -- Type: string +- Required: No +- Type: array +### Parameter: `privateEndpoints.name` +The name of the private endpoint. -### Parameter: `privateEndpoints.location` +- Required: No +- Type: string + +### Parameter: `privateEndpoints.privateDnsZoneGroupName` -Optional. The location to deploy the private endpoint to. +The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. - Required: No - Type: string -### Parameter: `privateEndpoints.lock` +### Parameter: `privateEndpoints.privateDnsZoneResourceIds` -Optional. Specify the type of lock. +The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. - Required: No -- Type: object +- Type: array -### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` +### Parameter: `privateEndpoints.roleAssignments` -Optional. Manual PrivateLink Service Connections. +Array of role assignments to create. - Required: No - Type: array -### Parameter: `privateEndpoints.name` +**Required parameters** -Optional. The name of the private endpoint. +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-privateendpointsroleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-privateendpointsroleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -- Required: No +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-privateendpointsroleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-privateendpointsroleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-privateendpointsroleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-privateendpointsroleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-privateendpointsroleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | + +### Parameter: `privateEndpoints.roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `privateEndpoints.privateDnsZoneGroupName` +### Parameter: `privateEndpoints.roleAssignments.roleDefinitionIdOrName` + +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.roleAssignments.condition` -Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `privateEndpoints.privateDnsZoneResourceIds` +### Parameter: `privateEndpoints.roleAssignments.conditionVersion` -Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. +Version of the condition. - Required: No -- Type: array +- Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `privateEndpoints.roleAssignments` +### Parameter: `privateEndpoints.roleAssignments.delegatedManagedIdentityResourceId` -Optional. Array of role assignments to create. +The Resource Id of the delegated managed identity resource. - Required: No -- Type: array +- Type: string -### Parameter: `privateEndpoints.service` +### Parameter: `privateEndpoints.roleAssignments.description` -Required. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". +The description of the role assignment. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.subnetResourceId` +### Parameter: `privateEndpoints.roleAssignments.principalType` -Required. Resource ID of the subnet where the endpoint needs to be created. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `privateEndpoints.tags` -Optional. Tags to be applied on all resources/resource groups in this deployment. +Tags to be applied on all resources/resource groups in this deployment. - Required: No - Type: object @@ -1217,6 +1295,7 @@ Optional. Tags to be applied on all resources/resource groups in this deployment ### Parameter: `publicNetworkAccess` Enable or Disable public network access to workspace. + - Required: No - Type: string - Default: `'Enabled'` @@ -1231,6 +1310,7 @@ Enable or Disable public network access to workspace. ### Parameter: `purviewResourceID` Purview Resource ID. + - Required: No - Type: string - Default: `''` @@ -1238,80 +1318,96 @@ Purview Resource ID. ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | - -### Parameter: `roleAssignments.condition` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +**Optional parameters** -- Required: No -- Type: string +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.principalId` -Optional. Version of the condition. +The principal ID of the principal (user/group/identity) to assign the role to. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. The Resource Id of the delegated managed identity resource. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.condition` -Optional. The description of the role assignment. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.conditionVersion` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +Version of the condition. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Optional. The principal type of the assigned principal ID. +The Resource Id of the delegated managed identity resource. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.description` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The description of the role assignment. -- Required: Yes +- Required: No - Type: string -### Parameter: `sqlAdministratorLogin` +### Parameter: `roleAssignments.principalType` -Login for administrator access to the workspace's SQL pools. -- Required: Yes +The principal type of the assigned principal ID. + +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `sqlAdministratorLoginPassword` Password for administrator access to the workspace's SQL pools. If you don't provide a password, one will be automatically generated. You can change the password later. + - Required: No - Type: string - Default: `''` @@ -1319,12 +1415,14 @@ Password for administrator access to the workspace's SQL pools. If you don't pro ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object ### Parameter: `workspaceRepositoryConfiguration` Git integration settings. + - Required: No - Type: object - Default: `{}` diff --git a/modules/synapse/workspace/integration-runtime/README.md b/modules/synapse/workspace/integration-runtime/README.md index 11fb0c65fe..20c5510bc2 100644 --- a/modules/synapse/workspace/integration-runtime/README.md +++ b/modules/synapse/workspace/integration-runtime/README.md @@ -37,22 +37,17 @@ This module deploys a Synapse Workspace Integration Runtime. | :-- | :-- | :-- | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` - ### Parameter: `name` The name of the Integration Runtime. + - Required: Yes - Type: string ### Parameter: `type` The type of Integration Runtime. + - Required: Yes - Type: string - Allowed: @@ -66,6 +61,7 @@ The type of Integration Runtime. ### Parameter: `typeProperties` Integration Runtime type properties. Required if type is "Managed". + - Required: No - Type: object - Default: `{}` @@ -73,9 +69,18 @@ Integration Runtime type properties. Required if type is "Managed". ### Parameter: `workspaceName` The name of the parent Synapse Workspace. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` + ## Outputs diff --git a/modules/synapse/workspace/key/README.md b/modules/synapse/workspace/key/README.md index 2221af30c0..667aefb54b 100644 --- a/modules/synapse/workspace/key/README.md +++ b/modules/synapse/workspace/key/README.md @@ -38,44 +38,50 @@ This module deploys a Synapse Workspaces Key. | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`location`](#parameter-location) | string | The geo-location where the resource lives. | -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` - ### Parameter: `isActiveCMK` Used to activate the workspace after a customer managed key is provided. + - Required: Yes - Type: bool ### Parameter: `keyVaultResourceId` The resource ID of a key vault to reference a customer managed key for encryption from. -- Required: Yes -- Type: string - -### Parameter: `location` -The geo-location where the resource lives. -- Required: No +- Required: Yes - Type: string -- Default: `[resourceGroup().location]` ### Parameter: `name` Encryption key name. + - Required: Yes - Type: string ### Parameter: `workspaceName` The name of the parent Synapse Workspace. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +The geo-location where the resource lives. + +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + ## Outputs diff --git a/modules/virtual-machine-images/image-template/README.md b/modules/virtual-machine-images/image-template/README.md index 94be45115b..658d35329c 100644 --- a/modules/virtual-machine-images/image-template/README.md +++ b/modules/virtual-machine-images/image-template/README.md @@ -511,29 +511,46 @@ module imageTemplate 'br:bicep/modules/virtual-machine-images.image-template:1.0 | :-- | :-- | :-- | | [`baseTime`](#parameter-basetime) | string | Do not provide a value! This date value is used to generate a unique image template name. | -### Parameter: `baseTime` +### Parameter: `customizationSteps` -Do not provide a value! This date value is used to generate a unique image template name. -- Required: No +Customization steps to be run when building the VM image. + +- Required: Yes +- Type: array + +### Parameter: `imageSource` + +Image source definition in object format. + +- Required: Yes +- Type: object + +### Parameter: `name` + +Name prefix of the Image Template to be built by the Azure Image Builder service. + +- Required: Yes +- Type: string + +### Parameter: `userMsiName` + +Name of the User Assigned Identity to be used to deploy Image Templates in Azure Image Builder. + +- Required: Yes - Type: string -- Default: `[utcNow('yyyy-MM-dd-HH-mm-ss')]` ### Parameter: `buildTimeoutInMinutes` Image build timeout in minutes. Allowed values: 0-960. 0 means the default 240 minutes. + - Required: No - Type: int - Default: `0` -### Parameter: `customizationSteps` - -Customization steps to be run when building the VM image. -- Required: Yes -- Type: array - ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -541,6 +558,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `excludeFromLatest` Exclude the created Azure Compute Gallery image version from the latest. + - Required: No - Type: bool - Default: `False` @@ -548,19 +566,15 @@ Exclude the created Azure Compute Gallery image version from the latest. ### Parameter: `imageReplicationRegions` List of the regions the image produced by this solution should be stored in the Shared Image Gallery. When left empty, the deployment's location will be taken as a default value. + - Required: No - Type: array - Default: `[]` -### Parameter: `imageSource` - -Image source definition in object format. -- Required: Yes -- Type: object - ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -568,26 +582,35 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -595,19 +618,15 @@ Optional. Specify the name of lock. ### Parameter: `managedImageName` Name of the managed image that will be created in the AIB resourcegroup. + - Required: No - Type: string - Default: `''` -### Parameter: `name` - -Name prefix of the Image Template to be built by the Azure Image Builder service. -- Required: Yes -- Type: string - ### Parameter: `osDiskSizeGB` Specifies the size of OS disk. + - Required: No - Type: int - Default: `128` @@ -615,74 +634,96 @@ Specifies the size of OS disk. ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `sigImageDefinitionId` Resource ID of Shared Image Gallery to distribute image to, e.g.: /subscriptions//resourceGroups//providers/Microsoft.Compute/galleries//images/. + - Required: No - Type: string - Default: `''` @@ -690,6 +731,7 @@ Resource ID of Shared Image Gallery to distribute image to, e.g.: /subscriptions ### Parameter: `sigImageVersion` Version of the Shared Image Gallery Image. Supports the following Version Syntax: Major.Minor.Build (i.e., '1.1.1' or '10.1.2'). + - Required: No - Type: string - Default: `''` @@ -697,6 +739,7 @@ Version of the Shared Image Gallery Image. Supports the following Version Syntax ### Parameter: `stagingResourceGroup` Resource ID of the staging resource group in the same subscription and location as the image template that will be used to build the image.

If this field is empty, a resource group with a random name will be created.

If the resource group specified in this field doesn't exist, it will be created with the same name.

If the resource group specified exists, it must be empty and in the same region as the image template.

The resource group created will be deleted during template deletion if this field is empty or the resource group specified doesn't exist,

but if the resource group specified exists the resources created in the resource group will be deleted during template deletion and the resource group itself will remain. + - Required: No - Type: string - Default: `''` @@ -704,6 +747,7 @@ Resource ID of the staging resource group in the same subscription and location ### Parameter: `storageAccountType` Storage account type to be used to store the image in the Azure Compute Gallery. + - Required: No - Type: string - Default: `'Standard_LRS'` @@ -718,6 +762,7 @@ Storage account type to be used to store the image in the Azure Compute Gallery. ### Parameter: `subnetId` Resource ID of an already existing subnet, e.g.: /subscriptions//resourceGroups//providers/Microsoft.Network/virtualNetworks//subnets/.

If no value is provided, a new temporary VNET and subnet will be created in the staging resource group and will be deleted along with the remaining temporary resources. + - Required: No - Type: string - Default: `''` @@ -725,12 +770,14 @@ Resource ID of an already existing subnet, e.g.: /subscriptions/ ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object ### Parameter: `unManagedImageName` Name of the unmanaged image that will be created in the AIB resourcegroup. + - Required: No - Type: string - Default: `''` @@ -738,19 +785,15 @@ Name of the unmanaged image that will be created in the AIB resourcegroup. ### Parameter: `userAssignedIdentities` List of User-Assigned Identities associated to the Build VM for accessing Azure resources such as Key Vaults from your customizer scripts.

Be aware, the user assigned identity specified in the 'userMsiName' parameter must have the 'Managed Identity Operator' role assignment on all the user assigned identities specified in this parameter for Azure Image Builder to be able to associate them to the build VM. + - Required: No - Type: array - Default: `[]` -### Parameter: `userMsiName` - -Name of the User Assigned Identity to be used to deploy Image Templates in Azure Image Builder. -- Required: Yes -- Type: string - ### Parameter: `userMsiResourceGroup` Resource group of the user assigned identity. + - Required: No - Type: string - Default: `[resourceGroup().name]` @@ -758,10 +801,19 @@ Resource group of the user assigned identity. ### Parameter: `vmSize` Specifies the size for the VM. + - Required: No - Type: string - Default: `'Standard_D2s_v3'` +### Parameter: `baseTime` + +Do not provide a value! This date value is used to generate a unique image template name. + +- Required: No +- Type: string +- Default: `[utcNow('yyyy-MM-dd-HH-mm-ss')]` + ## Outputs diff --git a/modules/web/connection/README.md b/modules/web/connection/README.md index e05f020df9..5e0ce6d95d 100644 --- a/modules/web/connection/README.md +++ b/modules/web/connection/README.md @@ -255,9 +255,24 @@ module connection 'br:bicep/modules/web.connection:1.0.0' = { | [`tags`](#parameter-tags) | object | Tags of the resource. | | [`testLinks`](#parameter-testlinks) | array | Links to test the API connection. | +### Parameter: `displayName` + +Display name connection. Example: 'blobconnection' when using blobs. It can change depending on the resource. + +- Required: Yes +- Type: string + +### Parameter: `name` + +Connection name for connection. Example: 'azureblob' when using blobs. It can change depending on the resource. + +- Required: Yes +- Type: string + ### Parameter: `api` Specific values for some API connections. + - Required: No - Type: object - Default: `{}` @@ -265,19 +280,15 @@ Specific values for some API connections. ### Parameter: `customParameterValues` Customized parameter values for specific connections. + - Required: No - Type: object - Default: `{}` -### Parameter: `displayName` - -Display name connection. Example: 'blobconnection' when using blobs. It can change depending on the resource. -- Required: Yes -- Type: string - ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -285,6 +296,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` Location of the deployment. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -292,39 +304,43 @@ Location of the deployment. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string -### Parameter: `name` - -Connection name for connection. Example: 'azureblob' when using blobs. It can change depending on the resource. -- Required: Yes -- Type: string - ### Parameter: `nonSecretParameterValues` Dictionary of nonsecret parameter values. + - Required: No - Type: object - Default: `{}` @@ -332,6 +348,7 @@ Dictionary of nonsecret parameter values. ### Parameter: `parameterValues` Connection strings or access keys for connection. Example: 'accountName' and 'accessKey' when using blobs. It can change depending on the resource. + - Required: No - Type: secureObject - Default: `{}` @@ -339,74 +356,96 @@ Connection strings or access keys for connection. Example: 'accountName' and 'ac ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +### Parameter: `roleAssignments.principalId` -- Required: No +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `statuses` Status of the connection. + - Required: No - Type: array - Default: `[]` @@ -414,12 +453,14 @@ Status of the connection. ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object ### Parameter: `testLinks` Links to test the API connection. + - Required: No - Type: array - Default: `[]` diff --git a/modules/web/hosting-environment/README.md b/modules/web/hosting-environment/README.md index 1f8855f1a6..cd84a536b0 100644 --- a/modules/web/hosting-environment/README.md +++ b/modules/web/hosting-environment/README.md @@ -442,9 +442,40 @@ module hostingEnvironment 'br:bicep/modules/web.hosting-environment:1.0.0' = { | [`userWhitelistedIpRanges`](#parameter-userwhitelistedipranges) | array | User added IP ranges to whitelist on ASE DB. Cannot be used with 'kind' `ASEv3`. | | [`zoneRedundant`](#parameter-zoneredundant) | bool | Switch to make the App Service Environment zone redundant. If enabled, the minimum App Service plan instance count will be three, otherwise 1. If enabled, the `dedicatedHostCount` must be set to `-1`. | +### Parameter: `name` + +Name of the App Service Environment. + +- Required: Yes +- Type: string + +### Parameter: `subnetResourceId` + +ResourceId for the subnet. + +- Required: Yes +- Type: string + +### Parameter: `customDnsSuffixCertificateUrl` + +The URL referencing the Azure Key Vault certificate secret that should be used as the default SSL/TLS certificate for sites with the custom domain suffix. Required if customDnsSuffix is not empty. Cannot be used when kind is set to ASEv2. + +- Required: No +- Type: string +- Default: `''` + +### Parameter: `customDnsSuffixKeyVaultReferenceIdentity` + +The user-assigned identity to use for resolving the key vault certificate reference. If not specified, the system-assigned ASE identity will be used if available. Required if customDnsSuffix is not empty. Cannot be used when kind is set to ASEv2. + +- Required: No +- Type: string +- Default: `''` + ### Parameter: `allowNewPrivateEndpointConnections` Property to enable and disable new private endpoint connection creation on ASE. Ignored when kind is set to ASEv2. + - Required: No - Type: bool - Default: `False` @@ -452,6 +483,7 @@ Property to enable and disable new private endpoint connection creation on ASE. ### Parameter: `clusterSettings` Custom settings for changing the behavior of the App Service Environment. + - Required: No - Type: array - Default: @@ -467,20 +499,7 @@ Custom settings for changing the behavior of the App Service Environment. ### Parameter: `customDnsSuffix` Enable the default custom domain suffix to use for all sites deployed on the ASE. If provided, then customDnsSuffixCertificateUrl and customDnsSuffixKeyVaultReferenceIdentity are required. Cannot be used when kind is set to ASEv2. -- Required: No -- Type: string -- Default: `''` - -### Parameter: `customDnsSuffixCertificateUrl` -The URL referencing the Azure Key Vault certificate secret that should be used as the default SSL/TLS certificate for sites with the custom domain suffix. Required if customDnsSuffix is not empty. Cannot be used when kind is set to ASEv2. -- Required: No -- Type: string -- Default: `''` - -### Parameter: `customDnsSuffixKeyVaultReferenceIdentity` - -The user-assigned identity to use for resolving the key vault certificate reference. If not specified, the system-assigned ASE identity will be used if available. Required if customDnsSuffix is not empty. Cannot be used when kind is set to ASEv2. - Required: No - Type: string - Default: `''` @@ -488,6 +507,7 @@ The user-assigned identity to use for resolving the key vault certificate refere ### Parameter: `dedicatedHostCount` The Dedicated Host Count. If `zoneRedundant` is false, and you want physical hardware isolation enabled, set to 2. Otherwise 0. Cannot be used when kind is set to ASEv2. + - Required: No - Type: int - Default: `0` @@ -495,94 +515,82 @@ The Dedicated Host Count. If `zoneRedundant` is false, and you want physical har ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -590,6 +598,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `dnsSuffix` DNS suffix of the App Service Environment. + - Required: No - Type: string - Default: `''` @@ -597,6 +606,7 @@ DNS suffix of the App Service Environment. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -604,6 +614,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `frontEndScaleFactor` Scale factor for frontends. + - Required: No - Type: int - Default: `15` @@ -611,6 +622,7 @@ Scale factor for frontends. ### Parameter: `ftpEnabled` Property to enable and disable FTP on ASEV3. Ignored when kind is set to ASEv2. + - Required: No - Type: bool - Default: `False` @@ -618,6 +630,7 @@ Property to enable and disable FTP on ASEV3. Ignored when kind is set to ASEv2. ### Parameter: `inboundIpAddressOverride` Customer provided Inbound IP Address. Only able to be set on Ase create. Ignored when kind is set to ASEv2. + - Required: No - Type: string - Default: `''` @@ -625,6 +638,7 @@ Customer provided Inbound IP Address. Only able to be set on Ase create. Ignored ### Parameter: `internalLoadBalancingMode` Specifies which endpoints to serve internally in the Virtual Network for the App Service Environment. - None, Web, Publishing, Web,Publishing. "None" Exposes the ASE-hosted apps on an internet-accessible IP address. + - Required: No - Type: string - Default: `'None'` @@ -641,6 +655,7 @@ Specifies which endpoints to serve internally in the Virtual Network for the App ### Parameter: `ipsslAddressCount` Number of IP SSL addresses reserved for the App Service Environment. Cannot be used when kind is set to ASEv3. + - Required: No - Type: int - Default: `0` @@ -648,6 +663,7 @@ Number of IP SSL addresses reserved for the App Service Environment. Cannot be u ### Parameter: `kind` Kind of resource. + - Required: No - Type: string - Default: `'ASEv3'` @@ -662,6 +678,7 @@ Kind of resource. ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -669,26 +686,35 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -696,25 +722,27 @@ Optional. Specify the name of lock. ### Parameter: `managedIdentities` The managed identity definition for this resource. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | No | bool | Optional. Enables system assigned managed identity on the resource. | -| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | No | array | Optional. The resource ID(s) to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | bool | Enables system assigned managed identity on the resource. | +| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. | ### Parameter: `managedIdentities.systemAssigned` -Optional. Enables system assigned managed identity on the resource. +Enables system assigned managed identity on the resource. - Required: No - Type: bool ### Parameter: `managedIdentities.userAssignedResourceIds` -Optional. The resource ID(s) to assign to the resource. +The resource ID(s) to assign to the resource. - Required: No - Type: array @@ -722,6 +750,7 @@ Optional. The resource ID(s) to assign to the resource. ### Parameter: `multiSize` Frontend VM size. Cannot be used when kind is set to ASEv3. + - Required: No - Type: string - Default: `''` @@ -742,15 +771,10 @@ Frontend VM size. Cannot be used when kind is set to ASEv3. ] ``` -### Parameter: `name` - -Name of the App Service Environment. -- Required: Yes -- Type: string - ### Parameter: `remoteDebugEnabled` Property to enable and disable Remote Debug on ASEv3. Ignored when kind is set to ASEv2. + - Required: No - Type: bool - Default: `False` @@ -758,86 +782,103 @@ Property to enable and disable Remote Debug on ASEv3. Ignored when kind is set t ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | - -### Parameter: `roleAssignments.condition` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +**Optional parameters** -- Required: No -- Type: string +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.principalId` -Optional. Version of the condition. +The principal ID of the principal (user/group/identity) to assign the role to. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. The Resource Id of the delegated managed identity resource. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.condition` -Optional. The description of the role assignment. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.conditionVersion` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +Version of the condition. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Optional. The principal type of the assigned principal ID. +The Resource Id of the delegated managed identity resource. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.description` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The description of the role assignment. -- Required: Yes +- Required: No - Type: string -### Parameter: `subnetResourceId` +### Parameter: `roleAssignments.principalType` -ResourceId for the subnet. -- Required: Yes +The principal type of the assigned principal ID. + +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `tags` Resource tags. + - Required: No - Type: object ### Parameter: `upgradePreference` Specify preference for when and how the planned maintenance is applied. + - Required: No - Type: string - Default: `'None'` @@ -854,6 +895,7 @@ Specify preference for when and how the planned maintenance is applied. ### Parameter: `userWhitelistedIpRanges` User added IP ranges to whitelist on ASE DB. Cannot be used with 'kind' `ASEv3`. + - Required: No - Type: array - Default: `[]` @@ -861,6 +903,7 @@ User added IP ranges to whitelist on ASE DB. Cannot be used with 'kind' `ASEv3`. ### Parameter: `zoneRedundant` Switch to make the App Service Environment zone redundant. If enabled, the minimum App Service plan instance count will be three, otherwise 1. If enabled, the `dedicatedHostCount` must be set to `-1`. + - Required: No - Type: bool - Default: `False` diff --git a/modules/web/hosting-environment/configuration--customdnssuffix/README.md b/modules/web/hosting-environment/configuration--customdnssuffix/README.md index cc00a5bf05..38b2d7b578 100644 --- a/modules/web/hosting-environment/configuration--customdnssuffix/README.md +++ b/modules/web/hosting-environment/configuration--customdnssuffix/README.md @@ -40,33 +40,38 @@ This module deploys a Hosting Environment Custom DNS Suffix Configuration. ### Parameter: `certificateUrl` The URL referencing the Azure Key Vault certificate secret that should be used as the default SSL/TLS certificate for sites with the custom domain suffix. + - Required: Yes - Type: string ### Parameter: `dnsSuffix` Enable the default custom domain suffix to use for all sites deployed on the ASE. + - Required: Yes - Type: string -### Parameter: `enableDefaultTelemetry` +### Parameter: `keyVaultReferenceIdentity` -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` +The user-assigned identity to use for resolving the key vault certificate reference. If not specified, the system-assigned ASE identity will be used if available. + +- Required: Yes +- Type: string ### Parameter: `hostingEnvironmentName` The name of the parent Hosting Environment. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string -### Parameter: `keyVaultReferenceIdentity` +### Parameter: `enableDefaultTelemetry` -The user-assigned identity to use for resolving the key vault certificate reference. If not specified, the system-assigned ASE identity will be used if available. -- Required: Yes -- Type: string +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` ## Outputs diff --git a/modules/web/hosting-environment/configuration--networking/README.md b/modules/web/hosting-environment/configuration--networking/README.md index 9fb9176940..8b361c64f8 100644 --- a/modules/web/hosting-environment/configuration--networking/README.md +++ b/modules/web/hosting-environment/configuration--networking/README.md @@ -33,9 +33,17 @@ This module deploys a Hosting Environment Network Configuration. | [`inboundIpAddressOverride`](#parameter-inboundipaddressoverride) | string | Customer provided Inbound IP Address. Only able to be set on Ase create. | | [`remoteDebugEnabled`](#parameter-remotedebugenabled) | bool | Property to enable and disable Remote Debug on ASEv3. | +### Parameter: `hostingEnvironmentName` + +The name of the parent Hosting Environment. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `allowNewPrivateEndpointConnections` Property to enable and disable new private endpoint connection creation on ASE. + - Required: No - Type: bool - Default: `False` @@ -43,6 +51,7 @@ Property to enable and disable new private endpoint connection creation on ASE. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -50,19 +59,15 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `ftpEnabled` Property to enable and disable FTP on ASEV3. + - Required: No - Type: bool - Default: `False` -### Parameter: `hostingEnvironmentName` - -The name of the parent Hosting Environment. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `inboundIpAddressOverride` Customer provided Inbound IP Address. Only able to be set on Ase create. + - Required: No - Type: string - Default: `''` @@ -70,6 +75,7 @@ Customer provided Inbound IP Address. Only able to be set on Ase create. ### Parameter: `remoteDebugEnabled` Property to enable and disable Remote Debug on ASEv3. + - Required: No - Type: bool - Default: `False` diff --git a/modules/web/serverfarm/README.md b/modules/web/serverfarm/README.md index 79c2341050..fb2b37a291 100644 --- a/modules/web/serverfarm/README.md +++ b/modules/web/serverfarm/README.md @@ -332,9 +332,32 @@ module serverfarm 'br:bicep/modules/web.serverfarm:1.0.0' = { | [`workerTierName`](#parameter-workertiername) | string | Target worker tier assigned to the App Service plan. | | [`zoneRedundant`](#parameter-zoneredundant) | bool | When true, this App Service Plan will perform availability zone balancing. | +### Parameter: `name` + +The name of the app service plan to deploy. + +- Required: Yes +- Type: string + +### Parameter: `sku` + +Defines the name, tier, size, family and capacity of the App Service Plan. + +- Required: Yes +- Type: object + +### Parameter: `reserved` + +Defaults to false when creating Windows/app App Service Plan. Required if creating a Linux App Service Plan and must be set to true. + +- Required: No +- Type: bool +- Default: `False` + ### Parameter: `appServiceEnvironmentId` The Resource ID of the App Service Environment to use for the App Service Plan. + - Required: No - Type: string - Default: `''` @@ -342,86 +365,82 @@ The Resource ID of the App Service Environment to use for the App Service Plan. ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.metricCategories` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | - -### Parameter: `diagnosticSettings.metricCategories.category` - -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. - -- Required: Yes -- Type: string - - ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -429,6 +448,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -436,6 +456,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -443,26 +464,35 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -470,26 +500,15 @@ Optional. Specify the name of lock. ### Parameter: `maximumElasticWorkerCount` Maximum number of total workers allowed for this ElasticScaleEnabled App Service Plan. + - Required: No - Type: int - Default: `1` -### Parameter: `name` - -The name of the app service plan to deploy. -- Required: Yes -- Type: string - ### Parameter: `perSiteScaling` If true, apps assigned to this App Service plan can be scaled independently. If false, apps assigned to this App Service plan will scale to all instances of the plan. -- Required: No -- Type: bool -- Default: `False` - -### Parameter: `reserved` -Defaults to false when creating Windows/app App Service Plan. Required if creating a Linux App Service Plan and must be set to true. - Required: No - Type: bool - Default: `False` @@ -497,86 +516,103 @@ Defaults to false when creating Windows/app App Service Plan. Required if creati ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string - -### Parameter: `sku` - -Defines the name, tier, size, family and capacity of the App Service Plan. -- Required: Yes -- Type: object +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object ### Parameter: `targetWorkerCount` Scaling worker count. + - Required: No - Type: int - Default: `0` @@ -584,6 +620,7 @@ Scaling worker count. ### Parameter: `targetWorkerSize` The instance size of the hosting plan (small, medium, or large). + - Required: No - Type: int - Default: `0` @@ -599,6 +636,7 @@ The instance size of the hosting plan (small, medium, or large). ### Parameter: `workerTierName` Target worker tier assigned to the App Service plan. + - Required: No - Type: string - Default: `''` @@ -606,6 +644,7 @@ Target worker tier assigned to the App Service plan. ### Parameter: `zoneRedundant` When true, this App Service Plan will perform availability zone balancing. + - Required: No - Type: bool - Default: `False` diff --git a/modules/web/site/README.md b/modules/web/site/README.md index f5c22619c5..e1542f55c6 100644 --- a/modules/web/site/README.md +++ b/modules/web/site/README.md @@ -977,9 +977,41 @@ module site 'br:bicep/modules/web.site:1.0.0' = { | [`vnetImagePullEnabled`](#parameter-vnetimagepullenabled) | bool | To enable pulling image over Virtual Network. | | [`vnetRouteAllEnabled`](#parameter-vnetrouteallenabled) | bool | Virtual Network Route All enabled. This causes all outbound traffic to have Virtual Network Security Groups and User Defined Routes applied. | +### Parameter: `kind` + +Type of site to deploy. + +- Required: Yes +- Type: string +- Allowed: + ```Bicep + [ + 'app' + 'functionapp' + 'functionapplinux' + 'functionappworkflowapp' + 'functionappworkflowapplinux' + ] + ``` + +### Parameter: `name` + +Name of the site. + +- Required: Yes +- Type: string + +### Parameter: `serverFarmResourceId` + +The resource ID of the app service plan to use for the site. + +- Required: Yes +- Type: string + ### Parameter: `appInsightResourceId` Resource ID of the app insight to leverage for this resource. + - Required: No - Type: string - Default: `''` @@ -987,6 +1019,7 @@ Resource ID of the app insight to leverage for this resource. ### Parameter: `appServiceEnvironmentResourceId` The resource ID of the app service environment to use for this resource. + - Required: No - Type: string - Default: `''` @@ -994,6 +1027,7 @@ The resource ID of the app service environment to use for this resource. ### Parameter: `appSettingsKeyValuePairs` The app settings-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING. + - Required: No - Type: object - Default: `{}` @@ -1001,6 +1035,7 @@ The app settings-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboa ### Parameter: `authSettingV2Configuration` The auth settings V2 configuration. + - Required: No - Type: object - Default: `{}` @@ -1008,6 +1043,7 @@ The auth settings V2 configuration. ### Parameter: `basicPublishingCredentialsPolicies` The site publishing credential policy names which are associated with the sites. + - Required: No - Type: array - Default: `[]` @@ -1015,6 +1051,7 @@ The site publishing credential policy names which are associated with the sites. ### Parameter: `clientAffinityEnabled` If client affinity is enabled. + - Required: No - Type: bool - Default: `True` @@ -1022,6 +1059,7 @@ If client affinity is enabled. ### Parameter: `clientCertEnabled` To enable client certificate authentication (TLS mutual authentication). + - Required: No - Type: bool - Default: `False` @@ -1029,6 +1067,7 @@ To enable client certificate authentication (TLS mutual authentication). ### Parameter: `clientCertExclusionPaths` Client certificate authentication comma-separated exclusion paths. + - Required: No - Type: string - Default: `''` @@ -1036,6 +1075,7 @@ Client certificate authentication comma-separated exclusion paths. ### Parameter: `clientCertMode` This composes with ClientCertEnabled setting.

- ClientCertEnabled: false means ClientCert is ignored.

- ClientCertEnabled: true and ClientCertMode: Required means ClientCert is required.

- ClientCertEnabled: true and ClientCertMode: Optional means ClientCert is optional or accepted. + - Required: No - Type: string - Default: `'Optional'` @@ -1051,6 +1091,7 @@ This composes with ClientCertEnabled setting.

- ClientCertEnabled: false mean ### Parameter: `cloningInfo` If specified during app creation, the app is cloned from a source app. + - Required: No - Type: object - Default: `{}` @@ -1058,6 +1099,7 @@ If specified during app creation, the app is cloned from a source app. ### Parameter: `containerSize` Size of the function container. + - Required: No - Type: int - Default: `-1` @@ -1065,6 +1107,7 @@ Size of the function container. ### Parameter: `customDomainVerificationId` Unique identifier that verifies the custom domains assigned to the app. Customer will add this ID to a txt record for verification. + - Required: No - Type: string - Default: `''` @@ -1072,6 +1115,7 @@ Unique identifier that verifies the custom domains assigned to the app. Customer ### Parameter: `dailyMemoryTimeQuota` Maximum allowed daily memory-time quota (applicable on dynamic apps only). + - Required: No - Type: int - Default: `-1` @@ -1079,114 +1123,90 @@ Maximum allowed daily memory-time quota (applicable on dynamic apps only). ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.metricCategories` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | - -### Parameter: `diagnosticSettings.metricCategories.category` - -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. - -- Required: Yes -- Type: string - - ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -1194,6 +1214,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `enabled` Setting this value to false disables the app (takes the app offline). + - Required: No - Type: bool - Default: `True` @@ -1201,6 +1222,7 @@ Setting this value to false disables the app (takes the app offline). ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -1208,6 +1230,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `hostNameSslStates` Hostname SSL states are used to manage the SSL bindings for app's hostnames. + - Required: No - Type: array - Default: `[]` @@ -1215,6 +1238,7 @@ Hostname SSL states are used to manage the SSL bindings for app's hostnames. ### Parameter: `httpsOnly` Configures a site to accept only HTTPS requests. Issues redirect for HTTP requests. + - Required: No - Type: bool - Default: `True` @@ -1222,6 +1246,7 @@ Configures a site to accept only HTTPS requests. Issues redirect for HTTP reques ### Parameter: `hybridConnectionRelays` Names of hybrid connection relays to connect app with. + - Required: No - Type: array - Default: `[]` @@ -1229,6 +1254,7 @@ Names of hybrid connection relays to connect app with. ### Parameter: `hyperV` Hyper-V sandbox. + - Required: No - Type: bool - Default: `False` @@ -1236,29 +1262,15 @@ Hyper-V sandbox. ### Parameter: `keyVaultAccessIdentityResourceId` The resource ID of the assigned identity to be used to access a key vault with. + - Required: No - Type: string - Default: `''` -### Parameter: `kind` - -Type of site to deploy. -- Required: Yes -- Type: string -- Allowed: - ```Bicep - [ - 'app' - 'functionapp' - 'functionapplinux' - 'functionappworkflowapp' - 'functionappworkflowapplinux' - ] - ``` - ### Parameter: `location` Location for all Resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -1266,26 +1278,35 @@ Location for all Resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -1293,229 +1314,275 @@ Optional. Specify the name of lock. ### Parameter: `managedIdentities` The managed identity definition for this resource. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | No | bool | Optional. Enables system assigned managed identity on the resource. | -| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | No | array | Optional. The resource ID(s) to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | bool | Enables system assigned managed identity on the resource. | +| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. | ### Parameter: `managedIdentities.systemAssigned` -Optional. Enables system assigned managed identity on the resource. +Enables system assigned managed identity on the resource. - Required: No - Type: bool ### Parameter: `managedIdentities.userAssignedResourceIds` -Optional. The resource ID(s) to assign to the resource. +The resource ID(s) to assign to the resource. - Required: No - Type: array -### Parameter: `name` - -Name of the site. -- Required: Yes -- Type: string - ### Parameter: `privateEndpoints` Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | No | array | Optional. Application security groups in which the private endpoint IP configuration is included. | -| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | No | array | Optional. Custom DNS configurations. | -| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | No | string | Optional. The custom name of the network interface attached to the private endpoint. | -| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | No | bool | Optional. Enable/Disable usage telemetry for module. | -| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | No | array | Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | -| [`location`](#parameter-privateendpointslocation) | No | string | Optional. The location to deploy the private endpoint to. | -| [`lock`](#parameter-privateendpointslock) | No | object | Optional. Specify the type of lock. | -| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | No | array | Optional. Manual PrivateLink Service Connections. | -| [`name`](#parameter-privateendpointsname) | No | string | Optional. The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | No | string | Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | -| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | No | array | Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | -| [`roleAssignments`](#parameter-privateendpointsroleassignments) | No | array | Optional. Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | No | string | Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | -| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | Yes | string | Required. Resource ID of the subnet where the endpoint needs to be created. | -| [`tags`](#parameter-privateendpointstags) | No | object | Optional. Tags to be applied on all resources/resource groups in this deployment. | - -### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` - -Optional. Application security groups in which the private endpoint IP configuration is included. +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | string | Resource ID of the subnet where the endpoint needs to be created. | -- Required: No -- Type: array +**Optional parameters** -### Parameter: `privateEndpoints.customDnsConfigs` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | array | Application security groups in which the private endpoint IP configuration is included. | +| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | array | Custom DNS configurations. | +| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | +| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | +| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | +| [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | +| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | +| [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | +| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | +| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | +| [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | +| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | +| [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | -Optional. Custom DNS configurations. +### Parameter: `privateEndpoints.subnetResourceId` -- Required: No -- Type: array +Resource ID of the subnet where the endpoint needs to be created. -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | No | string | Required. Fqdn that resolves to private endpoint ip address. | -| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | Yes | array | Required. A list of private ip addresses of the private endpoint. | +- Required: Yes +- Type: string -### Parameter: `privateEndpoints.customDnsConfigs.fqdn` +### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` -Required. Fqdn that resolves to private endpoint ip address. +Application security groups in which the private endpoint IP configuration is included. - Required: No -- Type: string +- Type: array -### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` +### Parameter: `privateEndpoints.customDnsConfigs` -Required. A list of private ip addresses of the private endpoint. +Custom DNS configurations. -- Required: Yes +- Required: No - Type: array - ### Parameter: `privateEndpoints.customNetworkInterfaceName` -Optional. The custom name of the network interface attached to the private endpoint. +The custom name of the network interface attached to the private endpoint. - Required: No - Type: string ### Parameter: `privateEndpoints.enableTelemetry` -Optional. Enable/Disable usage telemetry for module. +Enable/Disable usage telemetry for module. - Required: No - Type: bool ### Parameter: `privateEndpoints.ipConfigurations` -Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. +A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`name`](#parameter-privateendpointsipconfigurationsname) | Yes | string | Required. The name of the resource that is unique within a resource group. | -| [`properties`](#parameter-privateendpointsipconfigurationsproperties) | Yes | object | Required. Properties of private endpoint IP configurations. | - -### Parameter: `privateEndpoints.ipConfigurations.name` +### Parameter: `privateEndpoints.location` -Required. The name of the resource that is unique within a resource group. +The location to deploy the private endpoint to. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties` +### Parameter: `privateEndpoints.lock` -Required. Properties of private endpoint IP configurations. +Specify the type of lock. -- Required: Yes +- Required: No - Type: object -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | Yes | string | Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. | -| [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | Yes | string | Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. | -| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | Yes | string | Required. A private ip address obtained from the private endpoint's subnet. | +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-privateendpointslockkind) | string | Specify the type of lock. | +| [`name`](#parameter-privateendpointslockname) | string | Specify the name of lock. | -### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` +### Parameter: `privateEndpoints.lock.kind` -Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. +Specify the type of lock. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` -### Parameter: `privateEndpoints.ipConfigurations.properties.memberName` +### Parameter: `privateEndpoints.lock.name` -Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. +Specify the name of lock. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` +### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` -Required. A private ip address obtained from the private endpoint's subnet. +Manual PrivateLink Service Connections. -- Required: Yes -- Type: string +- Required: No +- Type: array +### Parameter: `privateEndpoints.name` +The name of the private endpoint. -### Parameter: `privateEndpoints.location` +- Required: No +- Type: string -Optional. The location to deploy the private endpoint to. +### Parameter: `privateEndpoints.privateDnsZoneGroupName` + +The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. - Required: No - Type: string -### Parameter: `privateEndpoints.lock` +### Parameter: `privateEndpoints.privateDnsZoneResourceIds` -Optional. Specify the type of lock. +The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. - Required: No -- Type: object +- Type: array -### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` +### Parameter: `privateEndpoints.roleAssignments` -Optional. Manual PrivateLink Service Connections. +Array of role assignments to create. - Required: No - Type: array -### Parameter: `privateEndpoints.name` +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-privateendpointsroleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-privateendpointsroleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-privateendpointsroleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-privateendpointsroleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-privateendpointsroleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-privateendpointsroleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-privateendpointsroleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | + +### Parameter: `privateEndpoints.roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.roleAssignments.roleDefinitionIdOrName` -Optional. The name of the private endpoint. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.roleAssignments.condition` + +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `privateEndpoints.privateDnsZoneGroupName` +### Parameter: `privateEndpoints.roleAssignments.conditionVersion` -Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `privateEndpoints.privateDnsZoneResourceIds` +### Parameter: `privateEndpoints.roleAssignments.delegatedManagedIdentityResourceId` -Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. +The Resource Id of the delegated managed identity resource. - Required: No -- Type: array +- Type: string -### Parameter: `privateEndpoints.roleAssignments` +### Parameter: `privateEndpoints.roleAssignments.description` -Optional. Array of role assignments to create. +The description of the role assignment. - Required: No -- Type: array +- Type: string -### Parameter: `privateEndpoints.service` +### Parameter: `privateEndpoints.roleAssignments.principalType` -Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". +The principal type of the assigned principal ID. - Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` -### Parameter: `privateEndpoints.subnetResourceId` +### Parameter: `privateEndpoints.service` -Required. Resource ID of the subnet where the endpoint needs to be created. +The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". -- Required: Yes +- Required: No - Type: string ### Parameter: `privateEndpoints.tags` -Optional. Tags to be applied on all resources/resource groups in this deployment. +Tags to be applied on all resources/resource groups in this deployment. - Required: No - Type: object @@ -1523,6 +1590,7 @@ Optional. Tags to be applied on all resources/resource groups in this deployment ### Parameter: `publicNetworkAccess` Whether or not public network access is allowed for this resource. For security reasons it should be disabled. If not specified, it will be disabled by default if private endpoints are set. + - Required: No - Type: string - Default: `''` @@ -1538,6 +1606,7 @@ Whether or not public network access is allowed for this resource. For security ### Parameter: `redundancyMode` Site redundancy mode. + - Required: No - Type: string - Default: `'None'` @@ -1555,87 +1624,104 @@ Site redundancy mode. ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `scmSiteAlsoStopped` Stop SCM (KUDU) site when the app is stopped. + - Required: No - Type: bool - Default: `False` -### Parameter: `serverFarmResourceId` - -The resource ID of the app service plan to use for the site. -- Required: Yes -- Type: string - ### Parameter: `setAzureWebJobsDashboard` For function apps. If true the app settings "AzureWebJobsDashboard" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons. + - Required: No - Type: bool - Default: `[if(contains(parameters('kind'), 'functionapp'), true(), false())]` @@ -1643,6 +1729,7 @@ For function apps. If true the app settings "AzureWebJobsDashboard" will be set. ### Parameter: `siteConfig` The site config object. + - Required: No - Type: object - Default: `{}` @@ -1650,6 +1737,7 @@ The site config object. ### Parameter: `slots` Configuration for deployment slots for an app. + - Required: No - Type: array - Default: `[]` @@ -1657,6 +1745,7 @@ Configuration for deployment slots for an app. ### Parameter: `storageAccountRequired` Checks if Customer provided storage account is required. + - Required: No - Type: bool - Default: `False` @@ -1664,6 +1753,7 @@ Checks if Customer provided storage account is required. ### Parameter: `storageAccountResourceId` Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions. + - Required: No - Type: string - Default: `''` @@ -1671,12 +1761,14 @@ Required if app of kind functionapp. Resource ID of the storage account to manag ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object ### Parameter: `virtualNetworkSubnetId` Azure Resource Manager ID of the Virtual network and subnet to be joined by Regional VNET Integration. This must be of the form /subscriptions/{subscriptionName}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}. + - Required: No - Type: string - Default: `''` @@ -1684,6 +1776,7 @@ Azure Resource Manager ID of the Virtual network and subnet to be joined by Regi ### Parameter: `vnetContentShareEnabled` To enable accessing content over virtual network. + - Required: No - Type: bool - Default: `False` @@ -1691,6 +1784,7 @@ To enable accessing content over virtual network. ### Parameter: `vnetImagePullEnabled` To enable pulling image over Virtual Network. + - Required: No - Type: bool - Default: `False` @@ -1698,6 +1792,7 @@ To enable pulling image over Virtual Network. ### Parameter: `vnetRouteAllEnabled` Virtual Network Route All enabled. This causes all outbound traffic to have Virtual Network Security Groups and User Defined Routes applied. + - Required: No - Type: bool - Default: `False` diff --git a/modules/web/site/basic-publishing-credentials-policy/README.md b/modules/web/site/basic-publishing-credentials-policy/README.md index a442531e1e..518f921374 100644 --- a/modules/web/site/basic-publishing-credentials-policy/README.md +++ b/modules/web/site/basic-publishing-credentials-policy/README.md @@ -37,9 +37,31 @@ This module deploys a Web Site Basic Publishing Credentials Policy. | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`location`](#parameter-location) | string | Location for all Resources. | +### Parameter: `name` + +The name of the resource. + +- Required: Yes +- Type: string +- Allowed: + ```Bicep + [ + 'ftp' + 'scm' + ] + ``` + +### Parameter: `webAppName` + +The name of the parent web site. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `allow` Set to true to enable or false to disable a publishing method. + - Required: No - Type: bool - Default: `True` @@ -47,6 +69,7 @@ Set to true to enable or false to disable a publishing method. ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -54,29 +77,11 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` Location for all Resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` -### Parameter: `name` - -The name of the resource. -- Required: Yes -- Type: string -- Allowed: - ```Bicep - [ - 'ftp' - 'scm' - ] - ``` - -### Parameter: `webAppName` - -The name of the parent web site. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/web/site/config--appsettings/README.md b/modules/web/site/config--appsettings/README.md index 3b93bb02ce..bf1c6c2401 100644 --- a/modules/web/site/config--appsettings/README.md +++ b/modules/web/site/config--appsettings/README.md @@ -40,22 +40,42 @@ This module deploys a Site App Setting. | [`setAzureWebJobsDashboard`](#parameter-setazurewebjobsdashboard) | bool | For function apps. If true the app settings "AzureWebJobsDashboard" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons. | | [`storageAccountResourceId`](#parameter-storageaccountresourceid) | string | Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions. | -### Parameter: `appInsightResourceId` +### Parameter: `kind` -Resource ID of the app insight to leverage for this resource. -- Required: No +Type of site to deploy. + +- Required: Yes - Type: string -- Default: `''` +- Allowed: + ```Bicep + [ + 'app' + 'functionapp' + 'functionapplinux' + 'functionappworkflowapp' + 'functionappworkflowapplinux' + ] + ``` ### Parameter: `appName` The name of the parent site resource. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string +### Parameter: `appInsightResourceId` + +Resource ID of the app insight to leverage for this resource. + +- Required: No +- Type: string +- Default: `''` + ### Parameter: `appSettingsKeyValuePairs` The app settings key-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING. + - Required: No - Type: object - Default: `{}` @@ -63,29 +83,15 @@ The app settings key-value pairs except for AzureWebJobsStorage, AzureWebJobsDas ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` -### Parameter: `kind` - -Type of site to deploy. -- Required: Yes -- Type: string -- Allowed: - ```Bicep - [ - 'app' - 'functionapp' - 'functionapplinux' - 'functionappworkflowapp' - 'functionappworkflowapplinux' - ] - ``` - ### Parameter: `setAzureWebJobsDashboard` For function apps. If true the app settings "AzureWebJobsDashboard" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons. + - Required: No - Type: bool - Default: `[if(contains(parameters('kind'), 'functionapp'), true(), false())]` @@ -93,6 +99,7 @@ For function apps. If true the app settings "AzureWebJobsDashboard" will be set. ### Parameter: `storageAccountResourceId` Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions. + - Required: No - Type: string - Default: `''` diff --git a/modules/web/site/config--authsettingsv2/README.md b/modules/web/site/config--authsettingsv2/README.md index da797e6048..36f7ea8c2a 100644 --- a/modules/web/site/config--authsettingsv2/README.md +++ b/modules/web/site/config--authsettingsv2/README.md @@ -36,28 +36,17 @@ This module deploys a Site Auth Settings V2 Configuration. | :-- | :-- | :-- | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | -### Parameter: `appName` - -The name of the parent site resource. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `authSettingV2Configuration` The auth settings V2 configuration. + - Required: Yes - Type: object -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` - ### Parameter: `kind` Type of site to deploy. + - Required: Yes - Type: string - Allowed: @@ -71,6 +60,21 @@ Type of site to deploy. ] ``` +### Parameter: `appName` + +The name of the parent site resource. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` + ## Outputs diff --git a/modules/web/site/hybrid-connection-namespace/relay/README.md b/modules/web/site/hybrid-connection-namespace/relay/README.md index 20be37abae..920762c984 100644 --- a/modules/web/site/hybrid-connection-namespace/relay/README.md +++ b/modules/web/site/hybrid-connection-namespace/relay/README.md @@ -37,28 +37,32 @@ This module deploys a Site Hybrid Connection Namespace Relay. | [`location`](#parameter-location) | string | Location for all Resources. | | [`sendKeyName`](#parameter-sendkeyname) | string | Name of the authorization rule send key to use. | +### Parameter: `hybridConnectionResourceId` + +The resource ID of the relay namespace hybrid connection. + +- Required: Yes +- Type: string + ### Parameter: `appName` The name of the parent web site. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` -### Parameter: `hybridConnectionResourceId` - -The resource ID of the relay namespace hybrid connection. -- Required: Yes -- Type: string - ### Parameter: `location` Location for all Resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -66,6 +70,7 @@ Location for all Resources. ### Parameter: `sendKeyName` Name of the authorization rule send key to use. + - Required: No - Type: string - Default: `'defaultSender'` diff --git a/modules/web/site/slot/README.md b/modules/web/site/slot/README.md index ea3d48350f..f0b32f3fbf 100644 --- a/modules/web/site/slot/README.md +++ b/modules/web/site/slot/README.md @@ -82,22 +82,49 @@ This module deploys a Web or Function App Deployment Slot. | [`vnetImagePullEnabled`](#parameter-vnetimagepullenabled) | bool | To enable pulling image over Virtual Network. | | [`vnetRouteAllEnabled`](#parameter-vnetrouteallenabled) | bool | Virtual Network Route All enabled. This causes all outbound traffic to have Virtual Network Security Groups and User Defined Routes applied. | -### Parameter: `appInsightResourceId` +### Parameter: `kind` -Resource ID of the app insight to leverage for this resource. -- Required: No +Type of slot to deploy. + +- Required: Yes +- Type: string +- Allowed: + ```Bicep + [ + 'app' + 'functionapp' + 'functionapplinux' + 'functionappworkflowapp' + 'functionappworkflowapplinux' + ] + ``` + +### Parameter: `name` + +Name of the slot. + +- Required: Yes - Type: string -- Default: `''` ### Parameter: `appName` The name of the parent site resource. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string +### Parameter: `appInsightResourceId` + +Resource ID of the app insight to leverage for this resource. + +- Required: No +- Type: string +- Default: `''` + ### Parameter: `appServiceEnvironmentResourceId` The resource ID of the app service environment to use for this resource. + - Required: No - Type: string - Default: `''` @@ -105,6 +132,7 @@ The resource ID of the app service environment to use for this resource. ### Parameter: `appSettingsKeyValuePairs` The app settings-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING. + - Required: No - Type: object - Default: `{}` @@ -112,6 +140,7 @@ The app settings-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboa ### Parameter: `authSettingV2Configuration` The auth settings V2 configuration. + - Required: No - Type: object - Default: `{}` @@ -119,6 +148,7 @@ The auth settings V2 configuration. ### Parameter: `basicPublishingCredentialsPolicies` The site publishing credential policy names which are associated with the site slot. + - Required: No - Type: array - Default: `[]` @@ -126,6 +156,7 @@ The site publishing credential policy names which are associated with the site s ### Parameter: `clientAffinityEnabled` If client affinity is enabled. + - Required: No - Type: bool - Default: `True` @@ -133,6 +164,7 @@ If client affinity is enabled. ### Parameter: `clientCertEnabled` To enable client certificate authentication (TLS mutual authentication). + - Required: No - Type: bool - Default: `False` @@ -140,6 +172,7 @@ To enable client certificate authentication (TLS mutual authentication). ### Parameter: `clientCertExclusionPaths` Client certificate authentication comma-separated exclusion paths. + - Required: No - Type: string - Default: `''` @@ -147,6 +180,7 @@ Client certificate authentication comma-separated exclusion paths. ### Parameter: `clientCertMode` This composes with ClientCertEnabled setting.

- ClientCertEnabled: false means ClientCert is ignored.

- ClientCertEnabled: true and ClientCertMode: Required means ClientCert is required.

- ClientCertEnabled: true and ClientCertMode: Optional means ClientCert is optional or accepted. + - Required: No - Type: string - Default: `'Optional'` @@ -162,6 +196,7 @@ This composes with ClientCertEnabled setting.

- ClientCertEnabled: false mean ### Parameter: `cloningInfo` If specified during app creation, the app is cloned from a source app. + - Required: No - Type: object - Default: `{}` @@ -169,6 +204,7 @@ If specified during app creation, the app is cloned from a source app. ### Parameter: `containerSize` Size of the function container. + - Required: No - Type: int - Default: `-1` @@ -176,6 +212,7 @@ Size of the function container. ### Parameter: `customDomainVerificationId` Unique identifier that verifies the custom domains assigned to the app. Customer will add this ID to a txt record for verification. + - Required: No - Type: string - Default: `''` @@ -183,6 +220,7 @@ Unique identifier that verifies the custom domains assigned to the app. Customer ### Parameter: `dailyMemoryTimeQuota` Maximum allowed daily memory-time quota (applicable on dynamic apps only). + - Required: No - Type: int - Default: `-1` @@ -190,114 +228,90 @@ Maximum allowed daily memory-time quota (applicable on dynamic apps only). ### Parameter: `diagnosticSettings` The diagnostic settings of the service. + - Required: No - Type: array +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | No | string | Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | No | string | Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | No | string | Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | -| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | No | string | Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | -| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | No | array | Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | -| [`name`](#parameter-diagnosticsettingsname) | No | string | Optional. The name of diagnostic setting. | -| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | No | string | Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | -| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | No | string | Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`eventHubAuthorizationRuleResourceId`](#parameter-diagnosticsettingseventhubauthorizationruleresourceid) | string | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | +| [`eventHubName`](#parameter-diagnosticsettingseventhubname) | string | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`logAnalyticsDestinationType`](#parameter-diagnosticsettingsloganalyticsdestinationtype) | string | A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. | +| [`logCategoriesAndGroups`](#parameter-diagnosticsettingslogcategoriesandgroups) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`marketplacePartnerResourceId`](#parameter-diagnosticsettingsmarketplacepartnerresourceid) | string | The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. | +| [`metricCategories`](#parameter-diagnosticsettingsmetriccategories) | array | The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. | +| [`name`](#parameter-diagnosticsettingsname) | string | The name of diagnostic setting. | +| [`storageAccountResourceId`](#parameter-diagnosticsettingsstorageaccountresourceid) | string | Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | +| [`workspaceResourceId`](#parameter-diagnosticsettingsworkspaceresourceid) | string | Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. | ### Parameter: `diagnosticSettings.eventHubAuthorizationRuleResourceId` -Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. +Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. - Required: No - Type: string ### Parameter: `diagnosticSettings.eventHubName` -Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.logAnalyticsDestinationType` -Optional. A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. +A string indicating whether the export to Log Analytics should use the default destination type, i.e. AzureDiagnostics, or use a destination type. - Required: No - Type: string -- Allowed: `[AzureDiagnostics, Dedicated]` +- Allowed: + ```Bicep + [ + 'AzureDiagnostics' + 'Dedicated' + ] + ``` ### Parameter: `diagnosticSettings.logCategoriesAndGroups` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingslogcategoriesandgroupscategory) | No | string | Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. | -| [`categoryGroup`](#parameter-diagnosticsettingslogcategoriesandgroupscategorygroup) | No | string | Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. | - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.category` - -Optional. Name of a Diagnostic Log category for a resource type this setting is applied to. Set the specific logs to collect here. - -- Required: No -- Type: string - -### Parameter: `diagnosticSettings.logCategoriesAndGroups.categoryGroup` - -Optional. Name of a Diagnostic Log category group for a resource type this setting is applied to. Set to 'AllLogs' to collect all logs. - -- Required: No -- Type: string - - ### Parameter: `diagnosticSettings.marketplacePartnerResourceId` -Optional. The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. +The full ARM resource ID of the Marketplace resource to which you would like to send Diagnostic Logs. - Required: No - Type: string ### Parameter: `diagnosticSettings.metricCategories` -Optional. The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. +The name of logs that will be streamed. "allLogs" includes all possible logs for the resource. Set to '' to disable log collection. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`category`](#parameter-diagnosticsettingsmetriccategoriescategory) | Yes | string | Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. | - -### Parameter: `diagnosticSettings.metricCategories.category` - -Required. Name of a Diagnostic Metric category for a resource type this setting is applied to. Set to 'AllMetrics' to collect all metrics. - -- Required: Yes -- Type: string - - ### Parameter: `diagnosticSettings.name` -Optional. The name of diagnostic setting. +The name of diagnostic setting. - Required: No - Type: string ### Parameter: `diagnosticSettings.storageAccountResourceId` -Optional. Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic storage account. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string ### Parameter: `diagnosticSettings.workspaceResourceId` -Optional. Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. +Resource ID of the diagnostic log analytics workspace. For security reasons, it is recommended to set diagnostic settings to send data to either storage account, log analytics workspace or event hub. - Required: No - Type: string @@ -305,6 +319,7 @@ Optional. Resource ID of the diagnostic log analytics workspace. For security re ### Parameter: `enabled` Setting this value to false disables the app (takes the app offline). + - Required: No - Type: bool - Default: `True` @@ -312,6 +327,7 @@ Setting this value to false disables the app (takes the app offline). ### Parameter: `enableDefaultTelemetry` Enable telemetry via the Customer Usage Attribution ID (GUID). + - Required: No - Type: bool - Default: `True` @@ -319,6 +335,7 @@ Enable telemetry via the Customer Usage Attribution ID (GUID). ### Parameter: `hostNameSslStates` Hostname SSL states are used to manage the SSL bindings for app's hostnames. + - Required: No - Type: array - Default: `[]` @@ -326,6 +343,7 @@ Hostname SSL states are used to manage the SSL bindings for app's hostnames. ### Parameter: `httpsOnly` Configures a slot to accept only HTTPS requests. Issues redirect for HTTP requests. + - Required: No - Type: bool - Default: `True` @@ -333,6 +351,7 @@ Configures a slot to accept only HTTPS requests. Issues redirect for HTTP reques ### Parameter: `hybridConnectionRelays` Names of hybrid connection relays to connect app with. + - Required: No - Type: array - Default: `[]` @@ -340,6 +359,7 @@ Names of hybrid connection relays to connect app with. ### Parameter: `hyperV` Hyper-V sandbox. + - Required: No - Type: bool - Default: `False` @@ -347,29 +367,15 @@ Hyper-V sandbox. ### Parameter: `keyVaultAccessIdentityResourceId` The resource ID of the assigned identity to be used to access a key vault with. + - Required: No - Type: string - Default: `''` -### Parameter: `kind` - -Type of slot to deploy. -- Required: Yes -- Type: string -- Allowed: - ```Bicep - [ - 'app' - 'functionapp' - 'functionapplinux' - 'functionappworkflowapp' - 'functionappworkflowapplinux' - ] - ``` - ### Parameter: `location` Location for all Resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -377,26 +383,35 @@ Location for all Resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -404,229 +419,275 @@ Optional. Specify the name of lock. ### Parameter: `managedIdentities` The managed identity definition for this resource. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | No | bool | Optional. Enables system assigned managed identity on the resource. | -| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | No | array | Optional. The resource ID(s) to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | bool | Enables system assigned managed identity on the resource. | +| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. | ### Parameter: `managedIdentities.systemAssigned` -Optional. Enables system assigned managed identity on the resource. +Enables system assigned managed identity on the resource. - Required: No - Type: bool ### Parameter: `managedIdentities.userAssignedResourceIds` -Optional. The resource ID(s) to assign to the resource. +The resource ID(s) to assign to the resource. - Required: No - Type: array -### Parameter: `name` - -Name of the slot. -- Required: Yes -- Type: string - ### Parameter: `privateEndpoints` Configuration details for private endpoints. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | No | array | Optional. Application security groups in which the private endpoint IP configuration is included. | -| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | No | array | Optional. Custom DNS configurations. | -| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | No | string | Optional. The custom name of the network interface attached to the private endpoint. | -| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | No | bool | Optional. Enable/Disable usage telemetry for module. | -| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | No | array | Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | -| [`location`](#parameter-privateendpointslocation) | No | string | Optional. The location to deploy the private endpoint to. | -| [`lock`](#parameter-privateendpointslock) | No | object | Optional. Specify the type of lock. | -| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | No | array | Optional. Manual PrivateLink Service Connections. | -| [`name`](#parameter-privateendpointsname) | No | string | Optional. The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | No | string | Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | -| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | No | array | Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | -| [`roleAssignments`](#parameter-privateendpointsroleassignments) | No | array | Optional. Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | No | string | Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | -| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | Yes | string | Required. Resource ID of the subnet where the endpoint needs to be created. | -| [`tags`](#parameter-privateendpointstags) | No | object | Optional. Tags to be applied on all resources/resource groups in this deployment. | - -### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` - -Optional. Application security groups in which the private endpoint IP configuration is included. +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | string | Resource ID of the subnet where the endpoint needs to be created. | -- Required: No -- Type: array +**Optional parameters** -### Parameter: `privateEndpoints.customDnsConfigs` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | array | Application security groups in which the private endpoint IP configuration is included. | +| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | array | Custom DNS configurations. | +| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | +| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | +| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | +| [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | +| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | +| [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | +| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | +| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | +| [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | +| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | +| [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | -Optional. Custom DNS configurations. +### Parameter: `privateEndpoints.subnetResourceId` -- Required: No -- Type: array +Resource ID of the subnet where the endpoint needs to be created. -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | No | string | Required. Fqdn that resolves to private endpoint ip address. | -| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | Yes | array | Required. A list of private ip addresses of the private endpoint. | +- Required: Yes +- Type: string -### Parameter: `privateEndpoints.customDnsConfigs.fqdn` +### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` -Required. Fqdn that resolves to private endpoint ip address. +Application security groups in which the private endpoint IP configuration is included. - Required: No -- Type: string +- Type: array -### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` +### Parameter: `privateEndpoints.customDnsConfigs` -Required. A list of private ip addresses of the private endpoint. +Custom DNS configurations. -- Required: Yes +- Required: No - Type: array - ### Parameter: `privateEndpoints.customNetworkInterfaceName` -Optional. The custom name of the network interface attached to the private endpoint. +The custom name of the network interface attached to the private endpoint. - Required: No - Type: string ### Parameter: `privateEndpoints.enableTelemetry` -Optional. Enable/Disable usage telemetry for module. +Enable/Disable usage telemetry for module. - Required: No - Type: bool ### Parameter: `privateEndpoints.ipConfigurations` -Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. +A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`name`](#parameter-privateendpointsipconfigurationsname) | Yes | string | Required. The name of the resource that is unique within a resource group. | -| [`properties`](#parameter-privateendpointsipconfigurationsproperties) | Yes | object | Required. Properties of private endpoint IP configurations. | - -### Parameter: `privateEndpoints.ipConfigurations.name` +### Parameter: `privateEndpoints.location` -Required. The name of the resource that is unique within a resource group. +The location to deploy the private endpoint to. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties` +### Parameter: `privateEndpoints.lock` -Required. Properties of private endpoint IP configurations. +Specify the type of lock. -- Required: Yes +- Required: No - Type: object -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | Yes | string | Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. | -| [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | Yes | string | Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. | -| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | Yes | string | Required. A private ip address obtained from the private endpoint's subnet. | +**Optional parameters** -### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-privateendpointslockkind) | string | Specify the type of lock. | +| [`name`](#parameter-privateendpointslockname) | string | Specify the name of lock. | -Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. +### Parameter: `privateEndpoints.lock.kind` -- Required: Yes +Specify the type of lock. + +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` -### Parameter: `privateEndpoints.ipConfigurations.properties.memberName` +### Parameter: `privateEndpoints.lock.name` -Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. +Specify the name of lock. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` +### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` -Required. A private ip address obtained from the private endpoint's subnet. +Manual PrivateLink Service Connections. -- Required: Yes -- Type: string +- Required: No +- Type: array + +### Parameter: `privateEndpoints.name` +The name of the private endpoint. +- Required: No +- Type: string -### Parameter: `privateEndpoints.location` +### Parameter: `privateEndpoints.privateDnsZoneGroupName` -Optional. The location to deploy the private endpoint to. +The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. - Required: No - Type: string -### Parameter: `privateEndpoints.lock` +### Parameter: `privateEndpoints.privateDnsZoneResourceIds` -Optional. Specify the type of lock. +The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. - Required: No -- Type: object +- Type: array -### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` +### Parameter: `privateEndpoints.roleAssignments` -Optional. Manual PrivateLink Service Connections. +Array of role assignments to create. - Required: No - Type: array -### Parameter: `privateEndpoints.name` +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-privateendpointsroleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-privateendpointsroleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-privateendpointsroleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-privateendpointsroleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-privateendpointsroleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-privateendpointsroleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-privateendpointsroleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -Optional. The name of the private endpoint. +### Parameter: `privateEndpoints.roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.roleAssignments.roleDefinitionIdOrName` + +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.roleAssignments.condition` + +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `privateEndpoints.privateDnsZoneGroupName` +### Parameter: `privateEndpoints.roleAssignments.conditionVersion` -Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `privateEndpoints.privateDnsZoneResourceIds` +### Parameter: `privateEndpoints.roleAssignments.delegatedManagedIdentityResourceId` -Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. +The Resource Id of the delegated managed identity resource. - Required: No -- Type: array +- Type: string -### Parameter: `privateEndpoints.roleAssignments` +### Parameter: `privateEndpoints.roleAssignments.description` -Optional. Array of role assignments to create. +The description of the role assignment. - Required: No -- Type: array +- Type: string -### Parameter: `privateEndpoints.service` +### Parameter: `privateEndpoints.roleAssignments.principalType` -Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". +The principal type of the assigned principal ID. - Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` -### Parameter: `privateEndpoints.subnetResourceId` +### Parameter: `privateEndpoints.service` -Required. Resource ID of the subnet where the endpoint needs to be created. +The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". -- Required: Yes +- Required: No - Type: string ### Parameter: `privateEndpoints.tags` -Optional. Tags to be applied on all resources/resource groups in this deployment. +Tags to be applied on all resources/resource groups in this deployment. - Required: No - Type: object @@ -634,6 +695,7 @@ Optional. Tags to be applied on all resources/resource groups in this deployment ### Parameter: `publicNetworkAccess` Allow or block all public traffic. + - Required: No - Type: string - Default: `''` @@ -649,6 +711,7 @@ Allow or block all public traffic. ### Parameter: `redundancyMode` Site redundancy mode. + - Required: No - Type: string - Default: `'None'` @@ -666,74 +729,96 @@ Site redundancy mode. ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `serverFarmResourceId` The resource ID of the app service plan to use for the slot. + - Required: No - Type: string - Default: `''` @@ -741,6 +826,7 @@ The resource ID of the app service plan to use for the slot. ### Parameter: `setAzureWebJobsDashboard` For function apps. If true the app settings "AzureWebJobsDashboard" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons. + - Required: No - Type: bool - Default: `[if(contains(parameters('kind'), 'functionapp'), true(), false())]` @@ -748,6 +834,7 @@ For function apps. If true the app settings "AzureWebJobsDashboard" will be set. ### Parameter: `siteConfig` The site config object. + - Required: No - Type: object - Default: `{}` @@ -755,6 +842,7 @@ The site config object. ### Parameter: `storageAccountRequired` Checks if Customer provided storage account is required. + - Required: No - Type: bool - Default: `False` @@ -762,6 +850,7 @@ Checks if Customer provided storage account is required. ### Parameter: `storageAccountResourceId` Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions. + - Required: No - Type: string - Default: `''` @@ -769,12 +858,14 @@ Required if app of kind functionapp. Resource ID of the storage account to manag ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object ### Parameter: `virtualNetworkSubnetId` Azure Resource Manager ID of the Virtual network and subnet to be joined by Regional VNET Integration. This must be of the form /subscriptions/{subscriptionName}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/virtualNetworks/{vnetName}/subnets/{subnetName}. + - Required: No - Type: string - Default: `''` @@ -782,6 +873,7 @@ Azure Resource Manager ID of the Virtual network and subnet to be joined by Regi ### Parameter: `vnetContentShareEnabled` To enable accessing content over virtual network. + - Required: No - Type: bool - Default: `False` @@ -789,6 +881,7 @@ To enable accessing content over virtual network. ### Parameter: `vnetImagePullEnabled` To enable pulling image over Virtual Network. + - Required: No - Type: bool - Default: `False` @@ -796,6 +889,7 @@ To enable pulling image over Virtual Network. ### Parameter: `vnetRouteAllEnabled` Virtual Network Route All enabled. This causes all outbound traffic to have Virtual Network Security Groups and User Defined Routes applied. + - Required: No - Type: bool - Default: `False` diff --git a/modules/web/site/slot/basic-publishing-credentials-policy/README.md b/modules/web/site/slot/basic-publishing-credentials-policy/README.md index 47e7844cd8..832ba049c9 100644 --- a/modules/web/site/slot/basic-publishing-credentials-policy/README.md +++ b/modules/web/site/slot/basic-publishing-credentials-policy/README.md @@ -38,22 +38,46 @@ This module deploys a Web Site Slot Basic Publishing Credentials Policy. | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`location`](#parameter-location) | string | Location for all Resources. | -### Parameter: `allow` +### Parameter: `name` -Set to true to enable or false to disable a publishing method. -- Required: No -- Type: bool -- Default: `True` +The name of the resource. + +- Required: Yes +- Type: string +- Allowed: + ```Bicep + [ + 'ftp' + 'scm' + ] + ``` ### Parameter: `appName` The name of the parent web site. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string +### Parameter: `slotName` + +The name of the parent web site slot. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + +### Parameter: `allow` + +Set to true to enable or false to disable a publishing method. + +- Required: No +- Type: bool +- Default: `True` + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -61,29 +85,11 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` Location for all Resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` -### Parameter: `name` - -The name of the resource. -- Required: Yes -- Type: string -- Allowed: - ```Bicep - [ - 'ftp' - 'scm' - ] - ``` - -### Parameter: `slotName` - -The name of the parent web site slot. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/web/site/slot/config--appsettings/README.md b/modules/web/site/slot/config--appsettings/README.md index ffdebce0c4..23a65a557e 100644 --- a/modules/web/site/slot/config--appsettings/README.md +++ b/modules/web/site/slot/config--appsettings/README.md @@ -41,22 +41,49 @@ This module deploys a Site Slot App Setting. | [`setAzureWebJobsDashboard`](#parameter-setazurewebjobsdashboard) | bool | For function apps. If true the app settings "AzureWebJobsDashboard" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons. | | [`storageAccountResourceId`](#parameter-storageaccountresourceid) | string | Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions. | -### Parameter: `appInsightResourceId` +### Parameter: `kind` -Resource ID of the app insight to leverage for this resource. -- Required: No +Type of slot to deploy. + +- Required: Yes +- Type: string +- Allowed: + ```Bicep + [ + 'app' + 'functionapp' + 'functionapplinux' + 'functionappworkflowapp' + 'functionappworkflowapplinux' + ] + ``` + +### Parameter: `slotName` + +Slot name to be configured. + +- Required: Yes - Type: string -- Default: `''` ### Parameter: `appName` The name of the parent site resource. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string +### Parameter: `appInsightResourceId` + +Resource ID of the app insight to leverage for this resource. + +- Required: No +- Type: string +- Default: `''` + ### Parameter: `appSettingsKeyValuePairs` The app settings key-value pairs except for AzureWebJobsStorage, AzureWebJobsDashboard, APPINSIGHTS_INSTRUMENTATIONKEY and APPLICATIONINSIGHTS_CONNECTION_STRING. + - Required: No - Type: object - Default: `{}` @@ -64,42 +91,23 @@ The app settings key-value pairs except for AzureWebJobsStorage, AzureWebJobsDas ### Parameter: `enableDefaultTelemetry` Enable telemetry via the Customer Usage Attribution ID (GUID). + - Required: No - Type: bool - Default: `True` -### Parameter: `kind` - -Type of slot to deploy. -- Required: Yes -- Type: string -- Allowed: - ```Bicep - [ - 'app' - 'functionapp' - 'functionapplinux' - 'functionappworkflowapp' - 'functionappworkflowapplinux' - ] - ``` - ### Parameter: `setAzureWebJobsDashboard` For function apps. If true the app settings "AzureWebJobsDashboard" will be set. If false not. In case you use Application Insights it can make sense to not set it for performance reasons. + - Required: No - Type: bool - Default: `[if(contains(parameters('kind'), 'functionapp'), true(), false())]` -### Parameter: `slotName` - -Slot name to be configured. -- Required: Yes -- Type: string - ### Parameter: `storageAccountResourceId` Required if app of kind functionapp. Resource ID of the storage account to manage triggers and logging function executions. + - Required: No - Type: string - Default: `''` diff --git a/modules/web/site/slot/config--authsettingsv2/README.md b/modules/web/site/slot/config--authsettingsv2/README.md index 2d99aeaef9..4bb4311a05 100644 --- a/modules/web/site/slot/config--authsettingsv2/README.md +++ b/modules/web/site/slot/config--authsettingsv2/README.md @@ -37,28 +37,17 @@ This module deploys a Site Auth Settings V2 Configuration. | :-- | :-- | :-- | | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via the Customer Usage Attribution ID (GUID). | -### Parameter: `appName` - -The name of the parent site resource. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `authSettingV2Configuration` The auth settings V2 configuration. + - Required: Yes - Type: object -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via the Customer Usage Attribution ID (GUID). -- Required: No -- Type: bool -- Default: `True` - ### Parameter: `kind` Type of slot to deploy. + - Required: Yes - Type: string - Allowed: @@ -75,9 +64,25 @@ Type of slot to deploy. ### Parameter: `slotName` Slot name to be configured. + - Required: Yes - Type: string +### Parameter: `appName` + +The name of the parent site resource. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via the Customer Usage Attribution ID (GUID). + +- Required: No +- Type: bool +- Default: `True` + ## Outputs diff --git a/modules/web/site/slot/hybrid-connection-namespace/relay/README.md b/modules/web/site/slot/hybrid-connection-namespace/relay/README.md index 33b731809b..7c1752c839 100644 --- a/modules/web/site/slot/hybrid-connection-namespace/relay/README.md +++ b/modules/web/site/slot/hybrid-connection-namespace/relay/README.md @@ -38,28 +38,39 @@ This module deploys a Site Slot Hybrid Connection Namespace Relay. | [`location`](#parameter-location) | string | Location for all Resources. | | [`sendKeyName`](#parameter-sendkeyname) | string | Name of the authorization rule send key to use. | +### Parameter: `hybridConnectionResourceId` + +The resource ID of the relay namespace hybrid connection. + +- Required: Yes +- Type: string + ### Parameter: `appName` The name of the parent web site. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + +### Parameter: `slotName` + +The name of the site slot. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` -### Parameter: `hybridConnectionResourceId` - -The resource ID of the relay namespace hybrid connection. -- Required: Yes -- Type: string - ### Parameter: `location` Location for all Resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -67,16 +78,11 @@ Location for all Resources. ### Parameter: `sendKeyName` Name of the authorization rule send key to use. + - Required: No - Type: string - Default: `'defaultSender'` -### Parameter: `slotName` - -The name of the site slot. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ## Outputs diff --git a/modules/web/static-site/README.md b/modules/web/static-site/README.md index c4dbc50149..8f561002f1 100644 --- a/modules/web/static-site/README.md +++ b/modules/web/static-site/README.md @@ -466,9 +466,17 @@ module staticSite 'br:bicep/modules/web.static-site:1.0.0' = { | [`tags`](#parameter-tags) | object | Tags of the resource. | | [`templateProperties`](#parameter-templateproperties) | object | Template Options for the static site. | +### Parameter: `name` + +Name of the static site. + +- Required: Yes +- Type: string + ### Parameter: `allowConfigFileUpdates` False if config file is locked for this static web app; otherwise, true. + - Required: No - Type: bool - Default: `True` @@ -476,6 +484,7 @@ False if config file is locked for this static web app; otherwise, true. ### Parameter: `appSettings` Static site app settings. + - Required: No - Type: object - Default: `{}` @@ -483,6 +492,7 @@ Static site app settings. ### Parameter: `branch` The branch name of the GitHub repository. + - Required: No - Type: string - Default: `''` @@ -490,6 +500,7 @@ The branch name of the GitHub repository. ### Parameter: `buildProperties` Build properties for the static site. + - Required: No - Type: object - Default: `{}` @@ -497,6 +508,7 @@ Build properties for the static site. ### Parameter: `customDomains` The custom domains associated with this static site. The deployment will fail as long as the validation records are not present. + - Required: No - Type: array - Default: `[]` @@ -504,6 +516,7 @@ The custom domains associated with this static site. The deployment will fail as ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -511,6 +524,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `enterpriseGradeCdnStatus` State indicating the status of the enterprise grade CDN serving traffic to the static web app. + - Required: No - Type: string - Default: `'Disabled'` @@ -527,6 +541,7 @@ State indicating the status of the enterprise grade CDN serving traffic to the s ### Parameter: `functionAppSettings` Function app settings. + - Required: No - Type: object - Default: `{}` @@ -534,6 +549,7 @@ Function app settings. ### Parameter: `linkedBackend` Object with "resourceId" and "location" of the a user defined function app. + - Required: No - Type: object - Default: `{}` @@ -541,6 +557,7 @@ Object with "resourceId" and "location" of the a user defined function app. ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -548,26 +565,35 @@ Location for all resources. ### Parameter: `lock` The lock settings of the service. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`kind`](#parameter-lockkind) | No | string | Optional. Specify the type of lock. | -| [`name`](#parameter-lockname) | No | string | Optional. Specify the name of lock. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-lockkind) | string | Specify the type of lock. | +| [`name`](#parameter-lockname) | string | Specify the name of lock. | ### Parameter: `lock.kind` -Optional. Specify the type of lock. +Specify the type of lock. - Required: No - Type: string -- Allowed: `[CanNotDelete, None, ReadOnly]` +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` ### Parameter: `lock.name` -Optional. Specify the name of lock. +Specify the name of lock. - Required: No - Type: string @@ -575,229 +601,275 @@ Optional. Specify the name of lock. ### Parameter: `managedIdentities` The managed identity definition for this resource. + - Required: No - Type: object +**Optional parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | No | bool | Optional. Enables system assigned managed identity on the resource. | -| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | No | array | Optional. The resource ID(s) to assign to the resource. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`systemAssigned`](#parameter-managedidentitiessystemassigned) | bool | Enables system assigned managed identity on the resource. | +| [`userAssignedResourceIds`](#parameter-managedidentitiesuserassignedresourceids) | array | The resource ID(s) to assign to the resource. | ### Parameter: `managedIdentities.systemAssigned` -Optional. Enables system assigned managed identity on the resource. +Enables system assigned managed identity on the resource. - Required: No - Type: bool ### Parameter: `managedIdentities.userAssignedResourceIds` -Optional. The resource ID(s) to assign to the resource. +The resource ID(s) to assign to the resource. - Required: No - Type: array -### Parameter: `name` - -Name of the static site. -- Required: Yes -- Type: string - ### Parameter: `privateEndpoints` Configuration details for private endpoints. For security reasons, it is recommended to use private endpoints whenever possible. Note, requires the 'sku' to be 'Standard'. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | No | array | Optional. Application security groups in which the private endpoint IP configuration is included. | -| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | No | array | Optional. Custom DNS configurations. | -| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | No | string | Optional. The custom name of the network interface attached to the private endpoint. | -| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | No | bool | Optional. Enable/Disable usage telemetry for module. | -| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | No | array | Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | -| [`location`](#parameter-privateendpointslocation) | No | string | Optional. The location to deploy the private endpoint to. | -| [`lock`](#parameter-privateendpointslock) | No | object | Optional. Specify the type of lock. | -| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | No | array | Optional. Manual PrivateLink Service Connections. | -| [`name`](#parameter-privateendpointsname) | No | string | Optional. The name of the private endpoint. | -| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | No | string | Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | -| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | No | array | Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | -| [`roleAssignments`](#parameter-privateendpointsroleassignments) | No | array | Optional. Array of role assignments to create. | -| [`service`](#parameter-privateendpointsservice) | No | string | Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | -| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | Yes | string | Required. Resource ID of the subnet where the endpoint needs to be created. | -| [`tags`](#parameter-privateendpointstags) | No | object | Optional. Tags to be applied on all resources/resource groups in this deployment. | - -### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` - -Optional. Application security groups in which the private endpoint IP configuration is included. +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`subnetResourceId`](#parameter-privateendpointssubnetresourceid) | string | Resource ID of the subnet where the endpoint needs to be created. | -- Required: No -- Type: array +**Optional parameters** -### Parameter: `privateEndpoints.customDnsConfigs` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`applicationSecurityGroupResourceIds`](#parameter-privateendpointsapplicationsecuritygroupresourceids) | array | Application security groups in which the private endpoint IP configuration is included. | +| [`customDnsConfigs`](#parameter-privateendpointscustomdnsconfigs) | array | Custom DNS configurations. | +| [`customNetworkInterfaceName`](#parameter-privateendpointscustomnetworkinterfacename) | string | The custom name of the network interface attached to the private endpoint. | +| [`enableTelemetry`](#parameter-privateendpointsenabletelemetry) | bool | Enable/Disable usage telemetry for module. | +| [`ipConfigurations`](#parameter-privateendpointsipconfigurations) | array | A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. | +| [`location`](#parameter-privateendpointslocation) | string | The location to deploy the private endpoint to. | +| [`lock`](#parameter-privateendpointslock) | object | Specify the type of lock. | +| [`manualPrivateLinkServiceConnections`](#parameter-privateendpointsmanualprivatelinkserviceconnections) | array | Manual PrivateLink Service Connections. | +| [`name`](#parameter-privateendpointsname) | string | The name of the private endpoint. | +| [`privateDnsZoneGroupName`](#parameter-privateendpointsprivatednszonegroupname) | string | The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. | +| [`privateDnsZoneResourceIds`](#parameter-privateendpointsprivatednszoneresourceids) | array | The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. | +| [`roleAssignments`](#parameter-privateendpointsroleassignments) | array | Array of role assignments to create. | +| [`service`](#parameter-privateendpointsservice) | string | The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". | +| [`tags`](#parameter-privateendpointstags) | object | Tags to be applied on all resources/resource groups in this deployment. | -Optional. Custom DNS configurations. +### Parameter: `privateEndpoints.subnetResourceId` -- Required: No -- Type: array +Resource ID of the subnet where the endpoint needs to be created. -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`fqdn`](#parameter-privateendpointscustomdnsconfigsfqdn) | No | string | Required. Fqdn that resolves to private endpoint ip address. | -| [`ipAddresses`](#parameter-privateendpointscustomdnsconfigsipaddresses) | Yes | array | Required. A list of private ip addresses of the private endpoint. | +- Required: Yes +- Type: string -### Parameter: `privateEndpoints.customDnsConfigs.fqdn` +### Parameter: `privateEndpoints.applicationSecurityGroupResourceIds` -Required. Fqdn that resolves to private endpoint ip address. +Application security groups in which the private endpoint IP configuration is included. - Required: No -- Type: string +- Type: array -### Parameter: `privateEndpoints.customDnsConfigs.ipAddresses` +### Parameter: `privateEndpoints.customDnsConfigs` -Required. A list of private ip addresses of the private endpoint. +Custom DNS configurations. -- Required: Yes +- Required: No - Type: array - ### Parameter: `privateEndpoints.customNetworkInterfaceName` -Optional. The custom name of the network interface attached to the private endpoint. +The custom name of the network interface attached to the private endpoint. - Required: No - Type: string ### Parameter: `privateEndpoints.enableTelemetry` -Optional. Enable/Disable usage telemetry for module. +Enable/Disable usage telemetry for module. - Required: No - Type: bool ### Parameter: `privateEndpoints.ipConfigurations` -Optional. A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. +A list of IP configurations of the private endpoint. This will be used to map to the First Party Service endpoints. - Required: No - Type: array -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`name`](#parameter-privateendpointsipconfigurationsname) | Yes | string | Required. The name of the resource that is unique within a resource group. | -| [`properties`](#parameter-privateendpointsipconfigurationsproperties) | Yes | object | Required. Properties of private endpoint IP configurations. | - -### Parameter: `privateEndpoints.ipConfigurations.name` +### Parameter: `privateEndpoints.location` -Required. The name of the resource that is unique within a resource group. +The location to deploy the private endpoint to. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties` +### Parameter: `privateEndpoints.lock` -Required. Properties of private endpoint IP configurations. +Specify the type of lock. -- Required: Yes +- Required: No - Type: object -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`groupId`](#parameter-privateendpointsipconfigurationspropertiesgroupid) | Yes | string | Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. | -| [`memberName`](#parameter-privateendpointsipconfigurationspropertiesmembername) | Yes | string | Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. | -| [`privateIPAddress`](#parameter-privateendpointsipconfigurationspropertiesprivateipaddress) | Yes | string | Required. A private ip address obtained from the private endpoint's subnet. | +**Optional parameters** -### Parameter: `privateEndpoints.ipConfigurations.properties.groupId` +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`kind`](#parameter-privateendpointslockkind) | string | Specify the type of lock. | +| [`name`](#parameter-privateendpointslockname) | string | Specify the name of lock. | -Required. The ID of a group obtained from the remote resource that this private endpoint should connect to. +### Parameter: `privateEndpoints.lock.kind` -- Required: Yes +Specify the type of lock. + +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'CanNotDelete' + 'None' + 'ReadOnly' + ] + ``` -### Parameter: `privateEndpoints.ipConfigurations.properties.memberName` +### Parameter: `privateEndpoints.lock.name` -Required. The member name of a group obtained from the remote resource that this private endpoint should connect to. +Specify the name of lock. -- Required: Yes +- Required: No - Type: string -### Parameter: `privateEndpoints.ipConfigurations.properties.privateIPAddress` +### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` -Required. A private ip address obtained from the private endpoint's subnet. +Manual PrivateLink Service Connections. -- Required: Yes -- Type: string +- Required: No +- Type: array +### Parameter: `privateEndpoints.name` +The name of the private endpoint. -### Parameter: `privateEndpoints.location` +- Required: No +- Type: string -Optional. The location to deploy the private endpoint to. +### Parameter: `privateEndpoints.privateDnsZoneGroupName` + +The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. - Required: No - Type: string -### Parameter: `privateEndpoints.lock` +### Parameter: `privateEndpoints.privateDnsZoneResourceIds` -Optional. Specify the type of lock. +The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. - Required: No -- Type: object +- Type: array -### Parameter: `privateEndpoints.manualPrivateLinkServiceConnections` +### Parameter: `privateEndpoints.roleAssignments` -Optional. Manual PrivateLink Service Connections. +Array of role assignments to create. - Required: No - Type: array -### Parameter: `privateEndpoints.name` +**Required parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-privateendpointsroleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-privateendpointsroleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | + +**Optional parameters** + +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-privateendpointsroleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-privateendpointsroleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-privateendpointsroleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-privateendpointsroleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-privateendpointsroleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | + +### Parameter: `privateEndpoints.roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes +- Type: string + +### Parameter: `privateEndpoints.roleAssignments.roleDefinitionIdOrName` + +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. + +- Required: Yes +- Type: string -Optional. The name of the private endpoint. +### Parameter: `privateEndpoints.roleAssignments.condition` + +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `privateEndpoints.privateDnsZoneGroupName` +### Parameter: `privateEndpoints.roleAssignments.conditionVersion` -Optional. The name of the private DNS zone group to create if privateDnsZoneResourceIds were provided. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `privateEndpoints.privateDnsZoneResourceIds` +### Parameter: `privateEndpoints.roleAssignments.delegatedManagedIdentityResourceId` -Optional. The private DNS zone groups to associate the private endpoint with. A DNS zone group can support up to 5 DNS zones. +The Resource Id of the delegated managed identity resource. - Required: No -- Type: array +- Type: string -### Parameter: `privateEndpoints.roleAssignments` +### Parameter: `privateEndpoints.roleAssignments.description` -Optional. Array of role assignments to create. +The description of the role assignment. - Required: No -- Type: array +- Type: string -### Parameter: `privateEndpoints.service` +### Parameter: `privateEndpoints.roleAssignments.principalType` -Optional. The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". +The principal type of the assigned principal ID. - Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` -### Parameter: `privateEndpoints.subnetResourceId` +### Parameter: `privateEndpoints.service` -Required. Resource ID of the subnet where the endpoint needs to be created. +The service (sub-) type to deploy the private endpoint for. For example "vault" or "blob". -- Required: Yes +- Required: No - Type: string ### Parameter: `privateEndpoints.tags` -Optional. Tags to be applied on all resources/resource groups in this deployment. +Tags to be applied on all resources/resource groups in this deployment. - Required: No - Type: object @@ -805,6 +877,7 @@ Optional. Tags to be applied on all resources/resource groups in this deployment ### Parameter: `provider` The provider that submitted the last deployment to the primary environment of the static site. + - Required: No - Type: string - Default: `'None'` @@ -812,6 +885,7 @@ The provider that submitted the last deployment to the primary environment of th ### Parameter: `repositoryToken` The Personal Access Token for accessing the GitHub repository. + - Required: No - Type: securestring - Default: `''` @@ -819,6 +893,7 @@ The Personal Access Token for accessing the GitHub repository. ### Parameter: `repositoryUrl` The name of the GitHub repository. + - Required: No - Type: string - Default: `''` @@ -826,74 +901,96 @@ The name of the GitHub repository. ### Parameter: `roleAssignments` Array of role assignments to create. + - Required: No - Type: array +**Required parameters** -| Name | Required | Type | Description | -| :-- | :-- | :--| :-- | -| [`condition`](#parameter-roleassignmentscondition) | No | string | Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | -| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | No | string | Optional. Version of the condition. | -| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | No | string | Optional. The Resource Id of the delegated managed identity resource. | -| [`description`](#parameter-roleassignmentsdescription) | No | string | Optional. The description of the role assignment. | -| [`principalId`](#parameter-roleassignmentsprincipalid) | Yes | string | Required. The principal ID of the principal (user/group/identity) to assign the role to. | -| [`principalType`](#parameter-roleassignmentsprincipaltype) | No | string | Optional. The principal type of the assigned principal ID. | -| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | Yes | string | Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`principalId`](#parameter-roleassignmentsprincipalid) | string | The principal ID of the principal (user/group/identity) to assign the role to. | +| [`roleDefinitionIdOrName`](#parameter-roleassignmentsroledefinitionidorname) | string | The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -### Parameter: `roleAssignments.condition` +**Optional parameters** -Optional. The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" +| Parameter | Type | Description | +| :-- | :-- | :-- | +| [`condition`](#parameter-roleassignmentscondition) | string | The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" | +| [`conditionVersion`](#parameter-roleassignmentsconditionversion) | string | Version of the condition. | +| [`delegatedManagedIdentityResourceId`](#parameter-roleassignmentsdelegatedmanagedidentityresourceid) | string | The Resource Id of the delegated managed identity resource. | +| [`description`](#parameter-roleassignmentsdescription) | string | The description of the role assignment. | +| [`principalType`](#parameter-roleassignmentsprincipaltype) | string | The principal type of the assigned principal ID. | -- Required: No +### Parameter: `roleAssignments.principalId` + +The principal ID of the principal (user/group/identity) to assign the role to. + +- Required: Yes - Type: string -### Parameter: `roleAssignments.conditionVersion` +### Parameter: `roleAssignments.roleDefinitionIdOrName` -Optional. Version of the condition. +The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. -- Required: No +- Required: Yes - Type: string -- Allowed: `[2.0]` -### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` +### Parameter: `roleAssignments.condition` -Optional. The Resource Id of the delegated managed identity resource. +The conditions on the role assignment. This limits the resources it can be assigned to. e.g.: @Resource[Microsoft.Storage/storageAccounts/blobServices/containers:ContainerName] StringEqualsIgnoreCase "foo_storage_container" - Required: No - Type: string -### Parameter: `roleAssignments.description` +### Parameter: `roleAssignments.conditionVersion` -Optional. The description of the role assignment. +Version of the condition. - Required: No - Type: string +- Allowed: + ```Bicep + [ + '2.0' + ] + ``` -### Parameter: `roleAssignments.principalId` +### Parameter: `roleAssignments.delegatedManagedIdentityResourceId` -Required. The principal ID of the principal (user/group/identity) to assign the role to. +The Resource Id of the delegated managed identity resource. -- Required: Yes +- Required: No - Type: string -### Parameter: `roleAssignments.principalType` +### Parameter: `roleAssignments.description` -Optional. The principal type of the assigned principal ID. +The description of the role assignment. - Required: No - Type: string -- Allowed: `[Device, ForeignGroup, Group, ServicePrincipal, User]` -### Parameter: `roleAssignments.roleDefinitionIdOrName` +### Parameter: `roleAssignments.principalType` -Required. The role to assign. You can provide either the display name of the role definition, the role definition GUID, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. +The principal type of the assigned principal ID. -- Required: Yes +- Required: No - Type: string +- Allowed: + ```Bicep + [ + 'Device' + 'ForeignGroup' + 'Group' + 'ServicePrincipal' + 'User' + ] + ``` ### Parameter: `sku` Type of static site to deploy. + - Required: No - Type: string - Default: `'Free'` @@ -908,6 +1005,7 @@ Type of static site to deploy. ### Parameter: `stagingEnvironmentPolicy` State indicating whether staging environments are allowed or not allowed for a static web app. + - Required: No - Type: string - Default: `'Enabled'` @@ -922,12 +1020,14 @@ State indicating whether staging environments are allowed or not allowed for a s ### Parameter: `tags` Tags of the resource. + - Required: No - Type: object ### Parameter: `templateProperties` Template Options for the static site. + - Required: No - Type: object - Default: `{}` diff --git a/modules/web/static-site/config/README.md b/modules/web/static-site/config/README.md index e17e11da76..c9ff608e25 100644 --- a/modules/web/static-site/config/README.md +++ b/modules/web/static-site/config/README.md @@ -37,16 +37,10 @@ This module deploys a Static Web App Site Config. | [`enableDefaultTelemetry`](#parameter-enabledefaulttelemetry) | bool | Enable telemetry via a Globally Unique Identifier (GUID). | | [`location`](#parameter-location) | string | Location for all resources. | -### Parameter: `enableDefaultTelemetry` - -Enable telemetry via a Globally Unique Identifier (GUID). -- Required: No -- Type: bool -- Default: `True` - ### Parameter: `kind` Type of settings to apply. + - Required: Yes - Type: string - Allowed: @@ -57,25 +51,36 @@ Type of settings to apply. ] ``` -### Parameter: `location` - -Location for all resources. -- Required: No -- Type: string -- Default: `[resourceGroup().location]` - ### Parameter: `properties` App settings. + - Required: Yes - Type: object ### Parameter: `staticSiteName` The name of the parent Static Web App. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string +### Parameter: `enableDefaultTelemetry` + +Enable telemetry via a Globally Unique Identifier (GUID). + +- Required: No +- Type: bool +- Default: `True` + +### Parameter: `location` + +Location for all resources. + +- Required: No +- Type: string +- Default: `[resourceGroup().location]` + ## Outputs diff --git a/modules/web/static-site/custom-domain/README.md b/modules/web/static-site/custom-domain/README.md index f5b55f3ad5..0ca1252cb2 100644 --- a/modules/web/static-site/custom-domain/README.md +++ b/modules/web/static-site/custom-domain/README.md @@ -37,9 +37,24 @@ This module deploys a Static Web App Site Custom Domain. | [`location`](#parameter-location) | string | Location for all resources. | | [`validationMethod`](#parameter-validationmethod) | string | Validation method for adding a custom domain. | +### Parameter: `name` + +The custom domain name. + +- Required: Yes +- Type: string + +### Parameter: `staticSiteName` + +The name of the parent Static Web App. Required if the template is used in a standalone deployment. + +- Required: Yes +- Type: string + ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -47,25 +62,15 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` -### Parameter: `name` - -The custom domain name. -- Required: Yes -- Type: string - -### Parameter: `staticSiteName` - -The name of the parent Static Web App. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ### Parameter: `validationMethod` Validation method for adding a custom domain. + - Required: No - Type: string - Default: `'cname-delegation'` diff --git a/modules/web/static-site/linked-backend/README.md b/modules/web/static-site/linked-backend/README.md index c77db73a84..c12b65dbd1 100644 --- a/modules/web/static-site/linked-backend/README.md +++ b/modules/web/static-site/linked-backend/README.md @@ -41,12 +41,21 @@ This module deploys a Custom Function App into a Static Web App Site using the L ### Parameter: `backendResourceId` The resource ID of the backend linked to the static site. + +- Required: Yes +- Type: string + +### Parameter: `staticSiteName` + +The name of the parent Static Web App. Required if the template is used in a standalone deployment. + - Required: Yes - Type: string ### Parameter: `enableDefaultTelemetry` Enable telemetry via a Globally Unique Identifier (GUID). + - Required: No - Type: bool - Default: `True` @@ -54,6 +63,7 @@ Enable telemetry via a Globally Unique Identifier (GUID). ### Parameter: `location` Location for all resources. + - Required: No - Type: string - Default: `[resourceGroup().location]` @@ -61,6 +71,7 @@ Location for all resources. ### Parameter: `name` Name of the backend to link to the static site. + - Required: No - Type: string - Default: `[uniqueString(parameters('backendResourceId'))]` @@ -68,16 +79,11 @@ Name of the backend to link to the static site. ### Parameter: `region` The region of the backend linked to the static site. + - Required: No - Type: string - Default: `[resourceGroup().location]` -### Parameter: `staticSiteName` - -The name of the parent Static Web App. Required if the template is used in a standalone deployment. -- Required: Yes -- Type: string - ## Outputs diff --git a/utilities/pipelines/sharedScripts/Set-ModuleReadMe.ps1 b/utilities/pipelines/sharedScripts/Set-ModuleReadMe.ps1 index 8ba3a514d2..6ad25de0a9 100644 --- a/utilities/pipelines/sharedScripts/Set-ModuleReadMe.ps1 +++ b/utilities/pipelines/sharedScripts/Set-ModuleReadMe.ps1 @@ -180,20 +180,79 @@ function Set-ParametersSection { [string[]] $ColumnsInOrder = @('Required', 'Conditional', 'Optional', 'Generated') ) - # Collect sources for parameter usage section - $parameterUsageContentMap = @{} - if (Test-Path (Join-Path $PSScriptRoot 'moduleReadMeSource')) { - if ($resourceUsageSourceFiles = Get-ChildItem (Join-Path $PSScriptRoot 'moduleReadMeSource') -Recurse -Filter 'resourceUsage-*') { - foreach ($sourceFile in $resourceUsageSourceFiles.FullName) { - $parameterName = (Split-Path $sourceFile -LeafBase).Replace('resourceUsage-', '') - - $parameterUsageContentMap[$parameterName] = Get-Content $sourceFile -Raw - } - } + # Invoking recursive function to resolve parameters + $newSectionContent = Set-DefinitionSection -TemplateFileContent $TemplateFileContent -ColumnsInOrder $ColumnsInOrder + + # Build result + if ($PSCmdlet.ShouldProcess('Original file with new parameters content', 'Merge')) { + $updatedFileContent = Merge-FileWithNewContent -oldContent $ReadMeFileContent -newContent $newSectionContent -SectionStartIdentifier $SectionStartIdentifier -contentType 'nextH2' } - # Get all descriptions - $descriptions = $TemplateFileContent.parameters.Values.metadata.description + return $updatedFileContent +} + +<# +.SYNOPSIS +Update parts of the 'parameters' section of the given readme file, if user defined types are used + +.DESCRIPTION +Adds user defined types to the 'parameters' section of the given readme file + +.PARAMETER TemplateFileContent +Mandatory. The template file content object to crawl data from + +.PARAMETER Properties +Optional. Hashtable of the user defined properties + +.PARAMETER ParentName +Optional. Name of the parameter, that has the user defined types + +.PARAMETER ParentIdentifierLink +Optional. Link of the parameter, that has the user defined types + +.PARAMETER ColumnsInOrder +Optional. The order of parameter categories to show in the readme parameters section. + +.EXAMPLE +Set-DefinitionSection -TemplateFileContent @{ resource = @{}; ... } -ColumnsInOrder @('Required', 'Optional') + +Top-level invocation. Will start from the TemplateFile's parameters object and recursively crawl through all children. Tables will be ordered by 'Required' first and 'Optional' after. + +.EXAMPLE +Set-DefinitionSection -TemplateFileContent @{ resource = @{}; ... } -Properties @{ @{ name = @{ type = 'string'; 'allowedValues' = @('A1','A2','A3','A4','A5','A6'); 'nullable' = $true; (...) } -ParentName 'diagnosticSettings' -ParentIdentifierLink '#parameter-diagnosticsettings' + +.NOTES +The function is recursive and will also output grand, great grand children, ... . +#> +function Set-DefinitionSection { + param ( + [Parameter(Mandatory = $true)] + [hashtable] $TemplateFileContent, + + [Parameter(Mandatory = $false)] + [hashtable] $Properties, + + [Parameter(Mandatory = $false)] + [string] $ParentName, + + [Parameter(Mandatory = $false)] + [string] $ParentIdentifierLink, + + [Parameter(Mandatory = $false)] + [string[]] $ColumnsInOrder = @('Required', 'Conditional', 'Optional', 'Generated') + ) + + if (-not $Properties) { + # Top-level invocation + # Get all descriptions + $descriptions = $TemplateFileContent.parameters.Values.metadata.description + # Add name as property for later reference + $TemplateFileContent.parameters.Keys | ForEach-Object { $TemplateFileContent.parameters[$_]['name'] = $_ } + } else { + $descriptions = $Properties.Values.metadata.description + # Add name as property for later reference + $Properties.Keys | ForEach-Object { $Properties[$_]['name'] = $_ } + } # Get the module parameter categories $paramCategories = $descriptions | ForEach-Object { $_.Split('.')[0] } | Select-Object -Unique @@ -202,34 +261,66 @@ function Set-ParametersSection { $sortedParamCategories = $ColumnsInOrder | Where-Object { $paramCategories -contains $_ } # Add all others that exist but are not specified in the columnsInOrder parameter $sortedParamCategories += $paramCategories | Where-Object { $ColumnsInOrder -notcontains $_ } - - # Add name as property for later reference - $TemplateFileContent.parameters.Keys | ForEach-Object { $TemplateFileContent.parameters[$_]['name'] = $_ } - $newSectionContent = [System.Collections.ArrayList]@() - $parameterList = @{} + $tableSectionContent = [System.Collections.ArrayList]@() + $listSectionContent = [System.Collections.ArrayList]@() - # Create parameter blocks foreach ($category in $sortedParamCategories) { # 1. Prepare # Filter to relevant items - [array] $categoryParameters = $TemplateFileContent.parameters.Values | Where-Object { $_.metadata.description -like "$category. *" } | Sort-Object -Property 'Name' -Culture 'en-US' + if (-not $Properties) { + # Top-level invocation + [array] $categoryParameters = $TemplateFileContent.parameters.Values | Where-Object { $_.metadata.description -like "$category. *" } | Sort-Object -Property 'Name' -Culture 'en-US' + } else { + $categoryParameters = $Properties.Values | Where-Object { $_.metadata.description -like "$category. *" } | Sort-Object -Property 'Name' -Culture 'en-US' + } - # 2. Create header including optional columns & initiate the parameter list - $newSectionContent += @( + $tableSectionContent += @( ('**{0} parameters**' -f $category), '', '| Parameter | Type | Description |', '| :-- | :-- | :-- |' ) - # 3. Add individual parameters foreach ($parameter in $categoryParameters) { - $isRequired = Get-IsParameterRequired -TemplateFileContent $TemplateFileContent -Parameter $parameter + ###################### + # Gather details # + ###################### + + $paramIdentifier = (-not [String]::IsNullOrEmpty($ParentName)) ? '{0}.{1}' -f $ParentName, $parameter.name : $parameter.name + $paramHeader = '### Parameter: `{0}`' -f $paramIdentifier + $paramIdentifierLink = (-not [String]::IsNullOrEmpty($ParentIdentifierLink)) ? ('{0}{1}' -f $ParentIdentifierLink, $parameter.name).ToLower() : ('#{0}' -f $paramHeader.TrimStart('#').Trim().ToLower()) -replace '[:|`]' -replace ' ', '-' - # Default values + # definition type (if any) + if ($parameter.Keys -contains '$ref') { + $identifier = Split-Path $parameter.'$ref' -Leaf + $definition = $TemplateFileContent.definitions[$identifier] + $type = $definition['type'] + $rawAllowedValues = $definition['allowedValues'] + } else { + $definition = $null + $type = $parameter.type + $rawAllowedValues = $parameter.allowedValues + } + + $isRequired = (Get-IsParameterRequired -TemplateFileContent $TemplateFileContent -Parameter $parameter) ? 'Yes' : 'No' + $description = $parameter.ContainsKey('metadata') ? $parameter['metadata']['description'] : $null + + ##################### + # Table content # + ##################### + + # build table for definition properties + $tableSectionContent += ('| [`{0}`]({1}) | {2} | {3} |' -f $parameter.name, $paramIdentifierLink, $type, $description.substring("$category. ".Length)) + + #################### + # List content # + #################### + + # Format default values + # ===================== if ($parameter.defaultValue -is [array]) { if ($parameter.defaultValue.count -eq 0) { $defaultValue = '[]' @@ -253,18 +344,23 @@ function Set-ParametersSection { $defaultValue = $parameter.defaultValue } - # User defined type - if ($null -eq $parameter.type -and $parameter.ContainsKey('$ref')) { - $identifier = Split-Path $parameter.'$ref' -Leaf - $definition = $TemplateFileContent.definitions[$identifier] - $type = $definition['type'] - $rawAllowedValues = $definition['allowedValues'] + if (-not [String]::IsNullOrEmpty($defaultValue)) { + if (($defaultValue -split '\n').count -eq 1) { + $formattedDefaultValue = '- Default: `{0}`' -f $defaultValue + } else { + $formattedDefaultValue = @( + '- Default:', + ' ```Bicep', + ($defaultValue -split '\n' | ForEach-Object { " $_" } | Out-String).TrimEnd(), + ' ```' + ) + } } else { - $type = $parameter.type - $rawAllowedValues = $parameter.allowedValues + $formattedDefaultValue = $null } - # Allowed values + # Format allowed values + # ===================== if ($rawAllowedValues -is [array]) { $bicepJSONAllowedParameterObject = @{ $parameter.name = ($rawAllowedValues ?? @()) } # Wrapping on object to work with formatted Bicep script $bicepRawformattedAllowed = ConvertTo-FormattedBicep -JSONParameters $bicepJSONAllowedParameterObject @@ -278,37 +374,6 @@ function Set-ParametersSection { $allowedValues = $rawAllowedValues } - # Prepare the links to local headers - $paramHeader = '### Parameter: `{0}`' -f $parameter.name - $paramIdentifier = ('#{0}' -f $paramHeader.TrimStart('#').Trim().ToLower()) -replace '[:|`]' -replace ' ', '-' - - # Add external single quotes to all default values of type string except for those using functions - $description = $parameter.metadata.description.Replace("`r`n", '

').Replace("`n", '

') - # Further, replace all "empty string" default values with actual visible quotes - if ([regex]::Match($allowedValues, '^(\[\s*,.+)|(\[.+,\s*,)|(.+,\s*\])$').Captures.Count -gt 0) { - $allowedValues = $allowedValues -replace '\[\s*,', "[''," -replace ',\s*,', ", ''," -replace ',\s*\]', ", '']" - } - - # Update parameter table content based on parameter category - ## Remove category from parameter description - $description = $description.substring("$category. ".Length) - $newSectionContent += ('| [`{0}`]({1}) | {2} | {3} |' -f $parameter.name, $paramIdentifier, $type, $description) - - if (-not [String]::IsNullOrEmpty($defaultValue)) { - if (($defaultValue -split '\n').count -eq 1) { - $formattedDefaultValue = '- Default: `{0}`' -f $defaultValue - } else { - $formattedDefaultValue = @( - '- Default:', - ' ```Bicep', - ($defaultValue -split '\n' | ForEach-Object { " $_" } | Out-String).TrimEnd(), - ' ```' - ) - } - } else { - $formattedDefaultValue = $null - } - if (-not [String]::IsNullOrEmpty($allowedValues)) { if (($allowedValues -split '\n').count -eq 1) { $formattedAllowedValues = '- Default: `{0}`' -f $allowedValues @@ -316,7 +381,7 @@ function Set-ParametersSection { $formattedAllowedValues = @( '- Allowed:', ' ```Bicep', - ($allowedValues -split '\n' | Where-Object { -not [String]::IsNullOrEmpty($_) } | ForEach-Object { " $_" } | Out-String).TrimEnd(), + ($allowedValues -split '\n' | Where-Object { -not [String]::IsNullOrEmpty($_) } | ForEach-Object { " $_" } | Out-String).TrimEnd(), ' ```' ) } @@ -324,138 +389,42 @@ function Set-ParametersSection { $formattedAllowedValues = $null } - $parameterList += @{ - $paramIdentifier = @( - $paramHeader, - '', - $description, - ('- Required: {0}' -f ($isRequired ? 'Yes' : 'No')), - ('- Type: {0}' -f $type), - ((-not [String]::IsNullOrEmpty($formattedDefaultValue)) ? $formattedDefaultValue : $null), - ((-not [String]::IsNullOrEmpty($formattedAllowedValues)) ? $formattedAllowedValues : $null), - '', - (($parameterUsageContentMap.Keys -contains $parameter.name) ? $parameterUsageContentMap[$parameter.name] : $null) - ) | Where-Object { $null -ne $_ } - } - - if (($parameter.Keys -contains '$ref') -or ($parameter.Keys -contains 'items' -and $parameter.items.Keys -contains '$ref')) { - # Has a user-defined type - $identifier = ($parameter.Keys -contains '$ref') ? (Split-Path $parameter.'$ref' -Leaf) : (Split-Path $parameter.items.'$ref' -Leaf) - $definition = $TemplateFileContent.definitions[$identifier] - $properties = ($definition.Keys -contains 'items' ? $definition['items']['properties'] : $definition['properties']) - $parameterList[$paramIdentifier] += Set-DefinitionSection -TemplateFileContent $TemplateFileContent -Properties $properties -ParentName $parameter.name -ParentIdentifierLink $paramIdentifier - } - } - $newSectionContent += '' - } - - $sortedFlatParamList = [System.Collections.ArrayList]@() - foreach ($key in ($parameterList.Keys | Sort-Object)) { - $sortedFlatParamList += $parameterList[$key] - } - $newSectionContent += $sortedFlatParamList - - # Build result - if ($PSCmdlet.ShouldProcess('Original file with new parameters content', 'Merge')) { - $updatedFileContent = Merge-FileWithNewContent -oldContent $ReadMeFileContent -newContent $newSectionContent -SectionStartIdentifier $SectionStartIdentifier -contentType 'nextH2' - } - - return $updatedFileContent -} - -<# -.SYNOPSIS -Update parts of the 'parameters' section of the given readme file, if user defined types are used - -.DESCRIPTION -Adds user defined types to the 'parameters' section of the given readme file - -.PARAMETER TemplateFileContent -Mandatory. The template file content object to crawl data from - -.PARAMETER Properties -Mandatory. Hashtable of the user defined properties - -.PARAMETER ParentName -Mandatory. Name of the parameter, that has the user defined types + # Build list item + # =============== + $listSectionContent += @( + $paramHeader, + ($parameter.ContainsKey('metadata') ? '' : $null), + ($parameter.ContainsKey('metadata') ? $parameter['metadata']['description'].substring("$category. ".Length) : $null), + ($parameter.ContainsKey('metadata') ? '' : $null), + ('- Required: {0}' -f $isRequired), + ('- Type: {0}' -f $type), + ((-not [String]::IsNullOrEmpty($formattedDefaultValue)) ? $formattedDefaultValue : $null), + ((-not [String]::IsNullOrEmpty($formattedAllowedValues)) ? $formattedAllowedValues : $null) + '' + ) | Where-Object { $null -ne $_ } -.PARAMETER ParentIdentifierLink -Mandatory. Link of the parameter, that has the user defined types + #recursive call for children + if ($definition) { + if ($definition.ContainsKey('items') -and $definition['items'].ContainsKey('properties')) { + $childProperties = $definition['items']['properties'] + $sectionContent = Set-DefinitionSection -TemplateFileContent $TemplateFileContent -Properties $childProperties -ParentName $paramIdentifier -ParentIdentifierLink $paramIdentifierLink -ColumnsInOrder $ColumnsInOrder -.EXAMPLE -Set-DefinitionSection -TemplateFileContent @{ resource = @{}; ... } -Properties @{ resource = @{}; ... } -ParentName 'diagnosticSettings' -ParentIdentifierLink '#parameter-diagnosticsettings' + $listSectionContent += $sectionContent -.NOTES -The function is recursive and will also output grand, great grand children, ... . -#> -function Set-DefinitionSection { - param ( - [Parameter(Mandatory)] - [hashtable] $TemplateFileContent, - - [Parameter(Mandatory)] - [hashtable] $Properties, - - [Parameter(Mandatory)] - [string] $ParentName, + } elseif ($definition.type -eq 'object' -and $definition['properties']) { + $childProperties = $definition['properties'] + $sectionContent = Set-DefinitionSection -TemplateFileContent $TemplateFileContent -Properties $childProperties -ParentName $paramIdentifier -ParentIdentifierLink $paramIdentifierLink -ColumnsInOrder $ColumnsInOrder - [Parameter(Mandatory)] - [string] $ParentIdentifierLink - ) - $newSectionContent = @( - '', - '| Name | Required | Type | Description |', - '| :-- | :-- | :--| :-- |' - ) - $tableSectionContent = [System.Collections.ArrayList]@() - $listSectionContent = [System.Collections.ArrayList]@() - - foreach ($parameterName in $Properties.Keys | Sort-Object) { - $parameterValue = $Properties[$parameterName] - $paramIdentifier = '{0}.{1}' -f $ParentName, $parameterName - $paramIdentifierLink = ('{0}{1}' -f $ParentIdentifierLink, $parameterName).ToLower() - - # definition type (if any) - if ($parameterValue.Keys -contains '$ref') { - $definition = $TemplateFileContent.definitions[(Split-Path $parameterValue.'$ref' -Leaf)] - } else { - $definition = $null + $listSectionContent += $sectionContent + } + } } - $isRequired = (Get-IsParameterRequired -TemplateFileContent $TemplateFileContent -Parameter $parameterValue) ? 'Yes' : 'No' - $type = ($parameterValue.Keys -contains '$ref') ? $definition.type : $parameterValue['type'] - $description = $parameterValue.ContainsKey('metadata') ? $parameterValue['metadata']['description'] : $null - - # build table for definition properties - $tableSectionContent += ('| [`{0}`]({1}) | {2} | {3} | {4} |' -f $parameterName, $paramIdentifierLink, $isRequired, $type, $description) - $allowedValues = ($parameterValue.ContainsKey('allowedValues')) ? (($parameterValue['allowedValues'] -is [array]) ? ('[{0}]' -f (($parameterValue['allowedValues'] | Sort-Object) -join ', ')) : (($parameterValue['allowedValues'] -is [hashtable]) ? '{object}' : $parameterValue['allowedValues'])) : $null - - #build flat list for definition properties - $listSectionContent += @( - '', - ('### Parameter: `{0}`' -f $paramIdentifier), - ($parameterValue.ContainsKey('metadata') ? '' : $null), - ($parameterValue.ContainsKey('metadata') ? $parameterValue['metadata']['description'] : $null), - ($parameterValue.ContainsKey('metadata') ? '' : $null), - ('- Required: {0}' -f $isRequired), - ('- Type: {0}' -f $type), - (($null -ne $allowedValues) ? ('- Allowed: `{0}`' -f $allowedValues) : $null) - ) | Where-Object { $null -ne $_ } - - #recursive call for children - if ($parameterValue.ContainsKey('items') -and $parameterValue['items'].ContainsKey('properties')) { - $childProperties = $parameterValue['items']['properties'] - $listSectionContent += Set-DefinitionSection -TemplateFileContent $TemplateFileContent -Properties $childProperties -ParentName $paramIdentifier -ParentIdentifierLink $paramIdentifierLink - } elseif ($parameterValue.type -eq 'object' -and $parameterValue['properties']) { - $childProperties = $parameterValue['properties'] - $listSectionContent += Set-DefinitionSection -TemplateFileContent $TemplateFileContent -Properties $childProperties -ParentName $paramIdentifier -ParentIdentifierLink $paramIdentifierLink - } + $tableSectionContent += '' } $newSectionContent += $tableSectionContent $newSectionContent += $listSectionContent - $newSectionContent += '' - return $newSectionContent } @@ -1181,6 +1150,17 @@ function Set-UsageExamplesSection { ############################ ## Process test files ## ############################ + + # Prepare data (using thread-safe multithreading) to consume later + $buildTestFileMap = [System.Collections.Concurrent.ConcurrentDictionary[string, object]]::new() + $testFilePaths | ForEach-Object -Parallel { + $folderName = Split-Path (Split-Path -Path $_) -Leaf + $buildTemplate = bicep build $_ --stdout | ConvertFrom-Json -AsHashtable + + $dict = $using:buildTestFileMap + $null = $dict.TryAdd($folderName, $buildTemplate) + } + $pathIndex = 1 $usageExampleSectionHeaders = @() $testFilesContent = @() @@ -1188,7 +1168,8 @@ function Set-UsageExamplesSection { # Read content $rawContentArray = Get-Content -Path $testFilePath - $compiledTestFileContent = bicep build $testFilePath --stdout | ConvertFrom-Json -AsHashtable + $folderName = Split-Path (Split-Path -Path $testFilePath) -Leaf + $compiledTestFileContent = $buildTestFileMap[$folderName] $rawContent = Get-Content -Path $testFilePath -Encoding 'utf8' | Out-String # Format example header diff --git a/utilities/tools/Test-ModuleLocally.ps1 b/utilities/tools/Test-ModuleLocally.ps1 index cc291faa18..ea87659b02 100644 --- a/utilities/tools/Test-ModuleLocally.ps1 +++ b/utilities/tools/Test-ModuleLocally.ps1 @@ -34,7 +34,7 @@ Optional. A hashtable parameter that contains custom tokens to be replaced in th $TestModuleLocallyInput = @{ TemplateFilePath = 'C:\network\route-table\main.bicep' - ModuleTestFilePath = 'C:\network\route-table\.test\parameters.json' + ModuleTestFilePath = 'C:\network\route-table\.test\parameters.json' PesterTest = $false DeploymentTest = $false ValidationTest = $true