diff --git a/src/carml/v0.6.0/Microsoft.Network/virtualNetworks/.bicep/nested_roleAssignments.bicep b/src/carml/v0.6.0/Microsoft.Network/virtualNetworks/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index ed410681..00000000 --- a/src/carml/v0.6.0/Microsoft.Network/virtualNetworks/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,70 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a') - 'Avere Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c025889f-8102-4ebf-b32c-fc0c6f0c6bd9') - 'Backup Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5e467623-bb1f-42f4-a55d-6e525e11384b') - 'Backup Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00c29273-979b-4161-815c-10b084fb9324') - 'Cosmos DB Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '230815da-be43-4aae-9cb4-875f7bd000aa') - 'DevTest Labs User': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76283e04-6283-4c54-8f91-bcf1374a3c64') - 'DocumentDB Account Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5bd9cd88-fe45-4216-938b-f97437e15450') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Network Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7') - 'Private DNS Zone Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'Site Recovery Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '6670b86e-a3f7-4917-ac9b-5d6ab1be4567') - 'Site Recovery Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '494ae006-db33-4328-bf46-533a6560a3ca') - 'SQL Managed Instance Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4939a1f6-9ae0-4e48-a1e0-f2cbe897382d') - 'SQL Security Manager': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '056cd41c-7e88-42e1-933e-88ba6a50c9c3') - 'Storage Account Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '17d1049b-9a84-46fb-8f53-869881c3d3ab') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') - 'Virtual Machine Administrator Login': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1c0163c0-47e6-4577-8991-ea5c82e286e4') - 'Virtual Machine Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c') - 'Virtual Machine User Login': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fb879df8-f326-4884-b1cf-06f3ad86be52') -} - -resource virtualNetwork 'Microsoft.Network/virtualNetworks@2021-05-01' existing = { - name: last(split(resourceId, '/')) -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(virtualNetwork.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: virtualNetwork -}] diff --git a/src/carml/v0.6.0/Microsoft.Network/virtualNetworks/.parameters/min.parameters.json b/src/carml/v0.6.0/Microsoft.Network/virtualNetworks/.parameters/min.parameters.json deleted file mode 100644 index 2d506427..00000000 --- a/src/carml/v0.6.0/Microsoft.Network/virtualNetworks/.parameters/min.parameters.json +++ /dev/null @@ -1,14 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-vnet-min-001" - }, - "addressPrefixes": { - "value": [ - "10.0.0.0/16" - ] - } - } -} diff --git a/src/carml/v0.6.0/Microsoft.Network/virtualNetworks/.parameters/parameters.json b/src/carml/v0.6.0/Microsoft.Network/virtualNetworks/.parameters/parameters.json deleted file mode 100644 index 6cb5292c..00000000 --- a/src/carml/v0.6.0/Microsoft.Network/virtualNetworks/.parameters/parameters.json +++ /dev/null @@ -1,96 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-vnet-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "addressPrefixes": { - "value": [ - "10.0.0.0/16" - ] - }, - "subnets": { - "value": [ - { - "name": "GatewaySubnet", - "addressPrefix": "10.0.255.0/24" - }, - { - "name": "<>-az-subnet-x-001", - "addressPrefix": "10.0.0.0/24", - "networkSecurityGroupId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/networkSecurityGroups/adp-<>-az-nsg-x-001", - "serviceEndpoints": [ - { - "service": "Microsoft.Storage" - }, - { - "service": "Microsoft.Sql" - } - ], - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ], - "routeTableId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/routeTables/adp-<>-az-udr-x-001" - }, - { - "name": "<>-az-subnet-x-002", - "addressPrefix": "10.0.3.0/24", - "delegations": [ - { - "name": "netappDel", - "properties": { - "serviceName": "Microsoft.Netapp/volumes" - } - } - ] - }, - { - "name": "<>-az-subnet-x-003", - "addressPrefix": "10.0.6.0/24", - "privateEndpointNetworkPolicies": "Disabled", - "privateLinkServiceNetworkPolicies": "Enabled" - } - ] - }, - "dnsServers": { - "value": [ - "10.0.1.4", - "10.0.1.5" - ] - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - } - } -} diff --git a/src/carml/v0.6.0/Microsoft.Network/virtualNetworks/.parameters/vnetPeering.parameters.json b/src/carml/v0.6.0/Microsoft.Network/virtualNetworks/.parameters/vnetPeering.parameters.json deleted file mode 100644 index f8faae31..00000000 --- a/src/carml/v0.6.0/Microsoft.Network/virtualNetworks/.parameters/vnetPeering.parameters.json +++ /dev/null @@ -1,52 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-vnet-peer-001" - }, - "addressPrefixes": { - "value": [ - "10.0.0.0/24" - ] - }, - "subnets": { - "value": [ - { - "name": "GatewaySubnet", - "addressPrefix": "10.0.0.0/26" - } - ] - }, - "virtualNetworkPeerings": { - "value": [ - { - "remoteVirtualNetworkId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-peer01", - "allowForwardedTraffic": true, - "allowGatewayTransit": false, - "allowVirtualNetworkAccess": true, - "useRemoteGateways": false, - "remotePeeringEnabled": true, - "remotePeeringName": "customName", - "remotePeeringAllowVirtualNetworkAccess": true, - "remotePeeringAllowForwardedTraffic": true - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - } - } -} diff --git a/src/carml/v0.6.0/Microsoft.Network/virtualNetworks/deploy.bicep b/src/carml/v0.6.0/Microsoft.Network/virtualNetworks/deploy.bicep deleted file mode 100644 index 94524b8b..00000000 --- a/src/carml/v0.6.0/Microsoft.Network/virtualNetworks/deploy.bicep +++ /dev/null @@ -1,265 +0,0 @@ -@description('Required. The Virtual Network (vNet) Name.') -param name string - -@description('Optional. Location for all resources.') -param location string = resourceGroup().location - -@description('Required. An Array of 1 or more IP Address Prefixes for the Virtual Network.') -param addressPrefixes array - -@description('Optional. An Array of subnets to deploy to the Virtual Network.') -param subnets array = [] - -@description('Optional. DNS Servers associated to the Virtual Network.') -param dnsServers array = [] - -@description('Optional. Resource ID of the DDoS protection plan to assign the VNET to. If it\'s left blank, DDoS protection will not be configured. If it\'s provided, the VNET created by this template will be attached to the referenced DDoS protection plan. The DDoS protection plan can exist in the same or in a different subscription.') -param ddosProtectionPlanId string = '' - -@description('Optional. Virtual Network Peerings configurations.') -param virtualNetworkPeerings array = [] - -@description('Optional. Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely.') -@minValue(0) -@maxValue(365) -param diagnosticLogsRetentionInDays int = 365 - -@description('Optional. Resource ID of the diagnostic storage account.') -param diagnosticStorageAccountId string = '' - -@description('Optional. Resource ID of the diagnostic log analytics workspace.') -param diagnosticWorkspaceId string = '' - -@description('Optional. Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to.') -param diagnosticEventHubAuthorizationRuleId string = '' - -@description('Optional. Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category.') -param diagnosticEventHubName string = '' - -@allowed([ - '' - 'CanNotDelete' - 'ReadOnly' -]) -@description('Optional. Specify the type of lock.') -param lock string = '' - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Tags of the resource.') -param tags object = {} - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -@description('Optional. The name of logs that will be streamed.') -@allowed([ - 'VMProtectionAlerts' -]) -param diagnosticLogCategoriesToEnable array = [ - 'VMProtectionAlerts' -] - -@description('Optional. The name of metrics that will be streamed.') -@allowed([ - 'AllMetrics' -]) -param diagnosticMetricsToEnable array = [ - 'AllMetrics' -] - -@description('Optional. The name of the diagnostic setting, if deployed.') -param diagnosticSettingsName string = '${name}-diagnosticSettings' - -var diagnosticsLogs = [for category in diagnosticLogCategoriesToEnable: { - category: category - enabled: true - retentionPolicy: { - enabled: true - days: diagnosticLogsRetentionInDays - } -}] - -var diagnosticsMetrics = [for metric in diagnosticMetricsToEnable: { - category: metric - timeGrain: null - enabled: true - retentionPolicy: { - enabled: true - days: diagnosticLogsRetentionInDays - } -}] - -var dnsServers_var = { - dnsServers: array(dnsServers) -} - -var ddosProtectionPlan = { - id: ddosProtectionPlanId -} - -var enableReferencedModulesTelemetry = false - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name, location)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource virtualNetwork 'Microsoft.Network/virtualNetworks@2021-05-01' = { - name: name - location: location - tags: tags - properties: { - addressSpace: { - addressPrefixes: addressPrefixes - } - ddosProtectionPlan: !empty(ddosProtectionPlanId) ? ddosProtectionPlan : null - dhcpOptions: !empty(dnsServers) ? dnsServers_var : null - enableDdosProtection: !empty(ddosProtectionPlanId) - subnets: [for subnet in subnets: { - name: subnet.name - properties: { - addressPrefix: subnet.addressPrefix - addressPrefixes: contains(subnet, 'addressPrefixes') ? subnet.addressPrefixes : [] - applicationGatewayIpConfigurations: contains(subnet, 'applicationGatewayIpConfigurations') ? subnet.applicationGatewayIpConfigurations : [] - delegations: contains(subnet, 'delegations') ? subnet.delegations : [] - ipAllocations: contains(subnet, 'ipAllocations') ? subnet.ipAllocations : [] - natGateway: contains(subnet, 'natGatewayId') ? { - 'id': subnet.natGatewayId - } : json('null') - networkSecurityGroup: contains(subnet, 'networkSecurityGroupId') ? { - 'id': subnet.networkSecurityGroupId - } : json('null') - privateEndpointNetworkPolicies: contains(subnet, 'privateEndpointNetworkPolicies') ? subnet.privateEndpointNetworkPolicies : null - privateLinkServiceNetworkPolicies: contains(subnet, 'privateLinkServiceNetworkPolicies') ? subnet.privateLinkServiceNetworkPolicies : null - routeTable: contains(subnet, 'routeTableId') ? { - 'id': subnet.routeTableId - } : json('null') - serviceEndpoints: contains(subnet, 'serviceEndpoints') ? subnet.serviceEndpoints : [] - serviceEndpointPolicies: contains(subnet, 'serviceEndpointPolicies') ? subnet.serviceEndpointPolicies : [] - } - }] - } -} - -//NOTE Start: ------------------------------------ -// The below module (virtualNetwork_subnets) is a duplicate of the child resource (subnets) defined in the parent module (virtualNetwork). -// The reason it exists so that deployment validation tests can be performed on the child module (subnets), in case that module needed to be deployed alone outside of this template. -// The reason for duplication is due to the current design for the (virtualNetworks) resource from Azure, where if the child module (subnets) does not exist within it, causes -// an issue, where the child resource (subnets) gets all of its properties removed, hence not as 'idempotent' as it should be. See https://github.com/Azure/azure-quickstart-templates/issues/2786 for more details. -// You can safely remove the below child module (virtualNetwork_subnets) in your consumption of the module (virtualNetworks) to reduce the template size and duplication. -//NOTE End : ------------------------------------ - -module virtualNetwork_subnets 'subnets/deploy.bicep' = [for (subnet, index) in subnets: { - name: '${uniqueString(deployment().name, location)}-subnet-${index}' - params: { - virtualNetworkName: virtualNetwork.name - name: subnet.name - addressPrefix: subnet.addressPrefix - addressPrefixes: contains(subnet, 'addressPrefixes') ? subnet.addressPrefixes : [] - applicationGatewayIpConfigurations: contains(subnet, 'applicationGatewayIpConfigurations') ? subnet.applicationGatewayIpConfigurations : [] - delegations: contains(subnet, 'delegations') ? subnet.delegations : [] - ipAllocations: contains(subnet, 'ipAllocations') ? subnet.ipAllocations : [] - natGatewayId: contains(subnet, 'natGatewayId') ? subnet.natGatewayId : '' - networkSecurityGroupId: contains(subnet, 'networkSecurityGroupId') ? subnet.networkSecurityGroupId : '' - privateEndpointNetworkPolicies: contains(subnet, 'privateEndpointNetworkPolicies') ? subnet.privateEndpointNetworkPolicies : '' - privateLinkServiceNetworkPolicies: contains(subnet, 'privateLinkServiceNetworkPolicies') ? subnet.privateLinkServiceNetworkPolicies : '' - roleAssignments: contains(subnet, 'roleAssignments') ? subnet.roleAssignments : [] - routeTableId: contains(subnet, 'routeTableId') ? subnet.routeTableId : '' - serviceEndpointPolicies: contains(subnet, 'serviceEndpointPolicies') ? subnet.serviceEndpointPolicies : [] - serviceEndpoints: contains(subnet, 'serviceEndpoints') ? subnet.serviceEndpoints : [] - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -}] - -// Local to Remote peering -module virtualNetwork_peering_local 'virtualNetworkPeerings/deploy.bicep' = [for (peering, index) in virtualNetworkPeerings: { - name: '${uniqueString(deployment().name, location)}-virtualNetworkPeering-local-${index}' - params: { - localVnetName: virtualNetwork.name - remoteVirtualNetworkId: peering.remoteVirtualNetworkId - name: contains(peering, 'name') ? peering.name : '${name}-${last(split(peering.remoteVirtualNetworkId, '/'))}' - allowForwardedTraffic: contains(peering, 'allowForwardedTraffic') ? peering.allowForwardedTraffic : true - allowGatewayTransit: contains(peering, 'allowGatewayTransit') ? peering.allowGatewayTransit : false - allowVirtualNetworkAccess: contains(peering, 'allowVirtualNetworkAccess') ? peering.allowVirtualNetworkAccess : true - doNotVerifyRemoteGateways: contains(peering, 'doNotVerifyRemoteGateways') ? peering.doNotVerifyRemoteGateways : true - useRemoteGateways: contains(peering, 'useRemoteGateways') ? peering.useRemoteGateways : false - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -}] - -// Remote to local peering (reverse) -module virtualNetwork_peering_remote 'virtualNetworkPeerings/deploy.bicep' = [for (peering, index) in virtualNetworkPeerings: if (contains(peering, 'remotePeeringEnabled') ? peering.remotePeeringEnabled == true : false) { - name: '${uniqueString(deployment().name, location)}-virtualNetworkPeering-remote-${index}' - scope: resourceGroup(split(peering.remoteVirtualNetworkId, '/')[2], split(peering.remoteVirtualNetworkId, '/')[4]) - params: { - localVnetName: last(split(peering.remoteVirtualNetworkId, '/')) - remoteVirtualNetworkId: virtualNetwork.id - name: contains(peering, 'remotePeeringName') ? peering.remotePeeringName : '${last(split(peering.remoteVirtualNetworkId, '/'))}-${name}' - allowForwardedTraffic: contains(peering, 'remotePeeringAllowForwardedTraffic') ? peering.remotePeeringAllowForwardedTraffic : true - allowGatewayTransit: contains(peering, 'remotePeeringAllowGatewayTransit') ? peering.remotePeeringAllowGatewayTransit : false - allowVirtualNetworkAccess: contains(peering, 'remotePeeringAllowVirtualNetworkAccess') ? peering.remotePeeringAllowVirtualNetworkAccess : true - doNotVerifyRemoteGateways: contains(peering, 'remotePeeringDoNotVerifyRemoteGateways') ? peering.remotePeeringDoNotVerifyRemoteGateways : true - useRemoteGateways: contains(peering, 'remotePeeringUseRemoteGateways') ? peering.remotePeeringUseRemoteGateways : false - enableDefaultTelemetry: enableReferencedModulesTelemetry - } -}] - -resource virtualNetwork_lock 'Microsoft.Authorization/locks@2017-04-01' = if (!empty(lock)) { - name: '${virtualNetwork.name}-${lock}-lock' - properties: { - level: any(lock) - notes: lock == 'CanNotDelete' ? 'Cannot delete resource or child resources.' : 'Cannot modify the resource or child resources.' - } - scope: virtualNetwork -} - -resource virtualNetwork_diagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = if (!empty(diagnosticStorageAccountId) || !empty(diagnosticWorkspaceId) || !empty(diagnosticEventHubAuthorizationRuleId) || !empty(diagnosticEventHubName)) { - name: diagnosticSettingsName - properties: { - storageAccountId: !empty(diagnosticStorageAccountId) ? diagnosticStorageAccountId : null - workspaceId: !empty(diagnosticWorkspaceId) ? diagnosticWorkspaceId : null - eventHubAuthorizationRuleId: !empty(diagnosticEventHubAuthorizationRuleId) ? diagnosticEventHubAuthorizationRuleId : null - eventHubName: !empty(diagnosticEventHubName) ? diagnosticEventHubName : null - metrics: diagnosticsMetrics - logs: diagnosticsLogs - } - scope: virtualNetwork -} - -module virtualNetwork_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name, location)}-VNet-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: virtualNetwork.id - } -}] - -@description('The resource group the virtual network was deployed into.') -output resourceGroupName string = resourceGroup().name - -@description('The resource ID of the virtual network.') -output resourceId string = virtualNetwork.id - -@description('The name of the virtual network.') -output name string = virtualNetwork.name - -@description('The names of the deployed subnets.') -output subnetNames array = [for subnet in subnets: subnet.name] - -@description('The resource IDs of the deployed subnets.') -output subnetResourceIds array = [for subnet in subnets: az.resourceId('Microsoft.Network/virtualNetworks/subnets', name, subnet.name)] - -@description('The location the resource was deployed into.') -output location string = virtualNetwork.location diff --git a/src/carml/v0.6.0/Microsoft.Network/virtualNetworks/readme.md b/src/carml/v0.6.0/Microsoft.Network/virtualNetworks/readme.md deleted file mode 100644 index 0cc0bb96..00000000 --- a/src/carml/v0.6.0/Microsoft.Network/virtualNetworks/readme.md +++ /dev/null @@ -1,692 +0,0 @@ -# Virtual Networks `[Microsoft.Network/virtualNetworks]` - -This template deploys a virtual network (vNet). - -## Navigation - -- [Resource types](#resource-types) -- [Parameters](#parameters) -- [Considerations](#considerations) -- [Outputs](#outputs) -- [Deployment examples](#deployment-examples) - -## Resource types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/locks` | [2017-04-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2017-04-01/locks) | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Insights/diagnosticSettings` | [2021-05-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Insights/2021-05-01-preview/diagnosticSettings) | -| `Microsoft.Network/virtualNetworks` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/virtualNetworks) | -| `Microsoft.Network/virtualNetworks/subnets` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/virtualNetworks/subnets) | -| `Microsoft.Network/virtualNetworks/virtualNetworkPeerings` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/virtualNetworks/virtualNetworkPeerings) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `addressPrefixes` | array | An Array of 1 or more IP Address Prefixes for the Virtual Network. | -| `name` | string | The Virtual Network (vNet) Name. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `ddosProtectionPlanId` | string | `''` | | Resource ID of the DDoS protection plan to assign the VNET to. If it's left blank, DDoS protection will not be configured. If it's provided, the VNET created by this template will be attached to the referenced DDoS protection plan. The DDoS protection plan can exist in the same or in a different subscription. | -| `diagnosticEventHubAuthorizationRuleId` | string | `''` | | Resource ID of the diagnostic event hub authorization rule for the Event Hubs namespace in which the event hub should be created or streamed to. | -| `diagnosticEventHubName` | string | `''` | | Name of the diagnostic event hub within the namespace to which logs are streamed. Without this, an event hub is created for each log category. | -| `diagnosticLogCategoriesToEnable` | array | `[VMProtectionAlerts]` | `[VMProtectionAlerts]` | The name of logs that will be streamed. | -| `diagnosticLogsRetentionInDays` | int | `365` | | Specifies the number of days that logs will be kept for; a value of 0 will retain data indefinitely. | -| `diagnosticMetricsToEnable` | array | `[AllMetrics]` | `[AllMetrics]` | The name of metrics that will be streamed. | -| `diagnosticSettingsName` | string | `[format('{0}-diagnosticSettings', parameters('name'))]` | | The name of the diagnostic setting, if deployed. | -| `diagnosticStorageAccountId` | string | `''` | | Resource ID of the diagnostic storage account. | -| `diagnosticWorkspaceId` | string | `''` | | Resource ID of the diagnostic log analytics workspace. | -| `dnsServers` | array | `[]` | | DNS Servers associated to the Virtual Network. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `location` | string | `[resourceGroup().location]` | | Location for all resources. | -| `lock` | string | `''` | `[, CanNotDelete, ReadOnly]` | Specify the type of lock. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `subnets` | _[subnets](subnets/readme.md)_ array | `[]` | | An Array of subnets to deploy to the Virtual Network. | -| `tags` | object | `{object}` | | Tags of the resource. | -| `virtualNetworkPeerings` | _[virtualNetworkPeerings](virtualNetworkPeerings/readme.md)_ array | `[]` | | Virtual Network Peerings configurations. | - - -### Parameter Usage: `subnets` - -Below you can find an example for the subnet property's usage. For all remaining properties, please refer to the _[subnets](subnets/readme.md)_ readme. - -
- -Template JSON format - -```json -"subnets": { - "value": [ - { - "name": "GatewaySubnet", - "addressPrefix": "10.0.255.0/24" - }, - { - "name": "<>-az-subnet-x-001", - "addressPrefix": "10.0.0.0/24", - "networkSecurityGroupId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/networkSecurityGroups/adp-<>-az-nsg-x-001", - "serviceEndpoints": [ - { - "service": "Microsoft.Storage" - }, - { - "service": "Microsoft.Sql" - } - ], - "routeTableId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/routeTables/adp-<>-az-udr-x-001", - "delegations": [ - { - "name": "netappDel", - "properties": { - "serviceName": "Microsoft.Netapp/volumes" - } - } - ], - "privateEndpointNetworkPolicies": "Disabled", - "privateLinkServiceNetworkPolicies": "Enabled" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -subnets: [ - { - name: 'GatewaySubnet' - addressPrefix: '10.0.255.0/24' - } - { - name: '<>-az-subnet-x-001' - addressPrefix: '10.0.0.0/24' - networkSecurityGroupId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/networkSecurityGroups/adp-<>-az-nsg-x-001' - serviceEndpoints: [ - { - service: 'Microsoft.Storage' - } - { - service: 'Microsoft.Sql' - } - ] - routeTableId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/routeTables/adp-<>-az-udr-x-001' - delegations: [ - { - name: 'netappDel' - properties: { - serviceName: 'Microsoft.Netapp/volumes' - } - } - ] - privateEndpointNetworkPolicies: 'Disabled' - privateLinkServiceNetworkPolicies: 'Enabled' - } -] -``` - -
-

- -### Parameter Usage: `virtualNetworkPeerings` - -As the virtual network peering array allows you to deploy not only a one-way but also two-way peering (i.e reverse), you can use the following **additional** properties on top of what is documented in _[virtualNetworkPeerings](virtualNetworkPeerings/readme.md)_. - -| Parameter Name | Type | Default Value | Possible Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `remotePeeringEnabled` | bool | `false` | | Optional. Set to true to also deploy the reverse peering for the configured remote virtual networks to the local network | -| `remotePeeringName` | string | `'${last(split(peering.remoteVirtualNetworkId, '/'))}-${name}'` | | Optional. The Name of Vnet Peering resource. If not provided, default value will be - | -| `remotePeeringAllowForwardedTraffic` | bool | `true` | | Optional. Whether the forwarded traffic from the VMs in the local virtual network will be allowed/disallowed in remote virtual network. | -| `remotePeeringAllowGatewayTransit` | bool | `false` | | Optional. If gateway links can be used in remote virtual networking to link to this virtual network. | -| `remotePeeringAllowVirtualNetworkAccess` | bool | `true` | | Optional. Whether the VMs in the local virtual network space would be able to access the VMs in remote virtual network space. | -| `remotePeeringDoNotVerifyRemoteGateways` | bool | `true` | | Optional. If we need to verify the provisioning state of the remote gateway. | -| `remotePeeringUseRemoteGateways` | bool | `false` | | Optional. If remote gateways can be used on this virtual network. If the flag is set to `true`, and allowGatewayTransit on local peering is also `true`, virtual network will use gateways of local virtual network for transit. Only one peering can have this flag set to `true`. This flag cannot be set if virtual network already has a gateway. | - -

- -Parameter JSON format - -```json -"virtualNetworkPeerings": { - "value": [ - { - "remoteVirtualNetworkId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-peer01", - "allowForwardedTraffic": true, - "allowGatewayTransit": false, - "allowVirtualNetworkAccess": true, - "useRemoteGateways": false, - "remotePeeringEnabled": true, - "remotePeeringName": "customName", - "remotePeeringAllowVirtualNetworkAccess": true, - "remotePeeringAllowForwardedTraffic": true - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -virtualNetworkPeerings: [ - { - remoteVirtualNetworkId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-peer01' - allowForwardedTraffic: true - allowGatewayTransit: false - allowVirtualNetworkAccess: true - useRemoteGateways: false - remotePeeringEnabled: true - remotePeeringName: 'customName' - remotePeeringAllowVirtualNetworkAccess: true - remotePeeringAllowForwardedTraffic: true - } -] -``` - -
-

- -### Parameter Usage: `addressPrefixes` - -The `addressPrefixes` parameter accepts a JSON Array of string values containing the IP Address Prefixes for the Virtual Network (vNet). - -Here's an example of specifying a single Address Prefix: - - -

- -Parameter JSON format - -```json -"addressPrefixes": { - "value": [ - "10.1.0.0/16" - ] -} -``` - -
- -
- -Bicep format - -```bicep -addressPrefixes: [ - '10.1.0.0/16' -] -``` - -
-

- -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -### Parameter Usage: `tags` - -Tag names and tag values can be provided as needed. A tag can be left without a value. - -

- -Parameter JSON format - -```json -"tags": { - "value": { - "Environment": "Non-Prod", - "Contact": "test.user@testcompany.com", - "PurchaseOrder": "1234", - "CostCenter": "7890", - "ServiceName": "DeploymentValidation", - "Role": "DeploymentValidation" - } -} -``` - -
- -
- -Bicep format - -```bicep -tags: { - Environment: 'Non-Prod' - Contact: 'test.user@testcompany.com' - PurchaseOrder: '1234' - CostCenter: '7890' - ServiceName: 'DeploymentValidation' - Role: 'DeploymentValidation' -} -``` - -
-

- -## Considerations - -The network security group and route table resources must reside in the same resource group as the virtual network. - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `location` | string | The location the resource was deployed into. | -| `name` | string | The name of the virtual network. | -| `resourceGroupName` | string | The resource group the virtual network was deployed into. | -| `resourceId` | string | The resource ID of the virtual network. | -| `subnetNames` | array | The names of the deployed subnets. | -| `subnetResourceIds` | array | The resource IDs of the deployed subnets. | - -## Deployment examples - -

Example 1

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-vnet-min-001" - }, - "addressPrefixes": { - "value": [ - "10.0.0.0/16" - ] - } - } -} - -``` - -
- -
- -via Bicep module - -```bicep -module virtualNetworks './Microsoft.Network/virtualNetworks/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-virtualNetworks' - params: { - name: '<>-az-vnet-min-001' - addressPrefixes: [ - '10.0.0.0/16' - ] - } -} -``` - -
-

- -

Example 2

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-vnet-x-001" - }, - "lock": { - "value": "CanNotDelete" - }, - "addressPrefixes": { - "value": [ - "10.0.0.0/16" - ] - }, - "subnets": { - "value": [ - { - "name": "GatewaySubnet", - "addressPrefix": "10.0.255.0/24" - }, - { - "name": "<>-az-subnet-x-001", - "addressPrefix": "10.0.0.0/24", - "networkSecurityGroupId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/networkSecurityGroups/adp-<>-az-nsg-x-001", - "serviceEndpoints": [ - { - "service": "Microsoft.Storage" - }, - { - "service": "Microsoft.Sql" - } - ], - "roleAssignments": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ], - "routeTableId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/routeTables/adp-<>-az-udr-x-001" - }, - { - "name": "<>-az-subnet-x-002", - "addressPrefix": "10.0.3.0/24", - "delegations": [ - { - "name": "netappDel", - "properties": { - "serviceName": "Microsoft.Netapp/volumes" - } - } - ] - }, - { - "name": "<>-az-subnet-x-003", - "addressPrefix": "10.0.6.0/24", - "privateEndpointNetworkPolicies": "Disabled", - "privateLinkServiceNetworkPolicies": "Enabled" - } - ] - }, - "dnsServers": { - "value": [ - "10.0.1.4", - "10.0.1.5" - ] - }, - "roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "principalIds": [ - "<>" - ] - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - } - } -} - -``` - -
- -
- -via Bicep module - -```bicep -module virtualNetworks './Microsoft.Network/virtualNetworks/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-virtualNetworks' - params: { - name: '<>-az-vnet-x-001' - lock: 'CanNotDelete' - addressPrefixes: [ - '10.0.0.0/16' - ] - subnets: [ - { - name: 'GatewaySubnet' - addressPrefix: '10.0.255.0/24' - } - { - name: '<>-az-subnet-x-001' - addressPrefix: '10.0.0.0/24' - networkSecurityGroupId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/networkSecurityGroups/adp-<>-az-nsg-x-001' - serviceEndpoints: [ - { - service: 'Microsoft.Storage' - } - { - service: 'Microsoft.Sql' - } - ] - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - routeTableId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/routeTables/adp-<>-az-udr-x-001' - } - { - name: '<>-az-subnet-x-002' - addressPrefix: '10.0.3.0/24' - delegations: [ - { - name: 'netappDel' - properties: { - serviceName: 'Microsoft.Netapp/volumes' - } - } - ] - } - { - name: '<>-az-subnet-x-003' - addressPrefix: '10.0.6.0/24' - privateEndpointNetworkPolicies: 'Disabled' - privateLinkServiceNetworkPolicies: 'Enabled' - } - ] - dnsServers: [ - '10.0.1.4' - '10.0.1.5' - ] - roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - principalIds: [ - '<>' - ] - } - ] - diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001' - diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey' - diagnosticEventHubName: 'adp-<>-az-evh-x-001' - } -} -``` - -
-

- -

Example 3

- -
- -via JSON Parameter file - -```json -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#", - "contentVersion": "1.0.0.0", - "parameters": { - "name": { - "value": "<>-az-vnet-peer-001" - }, - "addressPrefixes": { - "value": [ - "10.0.0.0/24" - ] - }, - "subnets": { - "value": [ - { - "name": "GatewaySubnet", - "addressPrefix": "10.0.0.0/26" - } - ] - }, - "virtualNetworkPeerings": { - "value": [ - { - "remoteVirtualNetworkId": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-peer01", - "allowForwardedTraffic": true, - "allowGatewayTransit": false, - "allowVirtualNetworkAccess": true, - "useRemoteGateways": false, - "remotePeeringEnabled": true, - "remotePeeringName": "customName", - "remotePeeringAllowVirtualNetworkAccess": true, - "remotePeeringAllowForwardedTraffic": true - } - ] - }, - "diagnosticLogsRetentionInDays": { - "value": 7 - }, - "diagnosticStorageAccountId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001" - }, - "diagnosticWorkspaceId": { - "value": "/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001" - }, - "diagnosticEventHubAuthorizationRuleId": { - "value": "/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey" - }, - "diagnosticEventHubName": { - "value": "adp-<>-az-evh-x-001" - } - } -} - -``` - -
- -
- -via Bicep module - -```bicep -module virtualNetworks './Microsoft.Network/virtualNetworks/deploy.bicep' = { - name: '${uniqueString(deployment().name)}-virtualNetworks' - params: { - name: '<>-az-vnet-peer-001' - addressPrefixes: [ - '10.0.0.0/24' - ] - subnets: [ - { - name: 'GatewaySubnet' - addressPrefix: '10.0.0.0/26' - } - ] - virtualNetworkPeerings: [ - { - remoteVirtualNetworkId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Network/virtualNetworks/adp-<>-az-vnet-x-peer01' - allowForwardedTraffic: true - allowGatewayTransit: false - allowVirtualNetworkAccess: true - useRemoteGateways: false - remotePeeringEnabled: true - remotePeeringName: 'customName' - remotePeeringAllowVirtualNetworkAccess: true - remotePeeringAllowForwardedTraffic: true - } - ] - diagnosticLogsRetentionInDays: 7 - diagnosticStorageAccountId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.Storage/storageAccounts/adp<>azsax001' - diagnosticWorkspaceId: '/subscriptions/<>/resourcegroups/validation-rg/providers/microsoft.operationalinsights/workspaces/adp-<>-az-law-x-001' - diagnosticEventHubAuthorizationRuleId: '/subscriptions/<>/resourceGroups/validation-rg/providers/Microsoft.EventHub/namespaces/adp-<>-az-evhns-x-001/AuthorizationRules/RootManageSharedAccessKey' - diagnosticEventHubName: 'adp-<>-az-evh-x-001' - } -} -``` - -
-

diff --git a/src/carml/v0.6.0/Microsoft.Network/virtualNetworks/subnets/.bicep/nested_roleAssignments.bicep b/src/carml/v0.6.0/Microsoft.Network/virtualNetworks/subnets/.bicep/nested_roleAssignments.bicep deleted file mode 100644 index 36751d8e..00000000 --- a/src/carml/v0.6.0/Microsoft.Network/virtualNetworks/subnets/.bicep/nested_roleAssignments.bicep +++ /dev/null @@ -1,70 +0,0 @@ -@sys.description('Required. The IDs of the principals to assign the role to.') -param principalIds array - -@sys.description('Required. The name of the role to assign. If it cannot be found you can specify the role definition ID instead.') -param roleDefinitionIdOrName string - -@sys.description('Required. The resource ID of the resource to apply the role assignment to.') -param resourceId string - -@sys.description('Optional. The principal type of the assigned principal ID.') -@allowed([ - 'ServicePrincipal' - 'Group' - 'User' - 'ForeignGroup' - 'Device' - '' -]) -param principalType string = '' - -@sys.description('Optional. The description of the role assignment.') -param description string = '' - -var builtInRoleNames = { - 'Owner': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '8e3af657-a8ff-443c-a75c-2fe8c4bcb635') - 'Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b24988ac-6180-42a0-ab88-20f7382dd24c') - 'Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'acdd72a7-3385-48ef-bd42-f606fba81ae7') - 'Avere Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4f8fab4f-1852-4a58-a46a-8eaf358af14a') - 'Avere Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c025889f-8102-4ebf-b32c-fc0c6f0c6bd9') - 'Backup Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5e467623-bb1f-42f4-a55d-6e525e11384b') - 'Backup Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '00c29273-979b-4161-815c-10b084fb9324') - 'Cosmos DB Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '230815da-be43-4aae-9cb4-875f7bd000aa') - 'DevTest Labs User': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '76283e04-6283-4c54-8f91-bcf1374a3c64') - 'DocumentDB Account Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '5bd9cd88-fe45-4216-938b-f97437e15450') - 'Log Analytics Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '92aaf0da-9dab-42b6-94a3-d43ce8d16293') - 'Log Analytics Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '73c42c96-874c-492b-b04d-ab87d138a893') - 'Managed Application Contributor Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '641177b8-a67a-45b9-a033-47bc880bb21e') - 'Managed Application Operator Role': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'c7393b34-138c-406f-901b-d8cf2b17e6ae') - 'Managed Applications Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b9331d33-8a36-4f8c-b097-4f54124fdb44') - 'Monitoring Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '749f88d5-cbae-40b8-bcfc-e573ddc772fa') - 'Monitoring Metrics Publisher': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '3913510d-42f4-4e42-8a64-420c390055eb') - 'Monitoring Reader': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '43d0d8ad-25c7-4714-9337-8ba259a9fe05') - 'Network Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4d97b98b-1d4f-4787-a291-c67834d212e7') - 'Private DNS Zone Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'b12aa53e-6015-4669-85d0-8515ebb3ae7f') - 'Resource Policy Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '36243c78-bf99-498c-9df9-86d9f8d28608') - 'Site Recovery Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '6670b86e-a3f7-4917-ac9b-5d6ab1be4567') - 'Site Recovery Operator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '494ae006-db33-4328-bf46-533a6560a3ca') - 'SQL Managed Instance Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '4939a1f6-9ae0-4e48-a1e0-f2cbe897382d') - 'SQL Security Manager': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '056cd41c-7e88-42e1-933e-88ba6a50c9c3') - 'Storage Account Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '17d1049b-9a84-46fb-8f53-869881c3d3ab') - 'User Access Administrator': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '18d7d88d-d35e-4fb5-a5c3-7773c20a72d9') - 'Virtual Machine Administrator Login': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '1c0163c0-47e6-4577-8991-ea5c82e286e4') - 'Virtual Machine Contributor': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', '9980e02c-c2be-4d73-94e8-173b1dc7cf3c') - 'Virtual Machine User Login': subscriptionResourceId('Microsoft.Authorization/roleDefinitions', 'fb879df8-f326-4884-b1cf-06f3ad86be52') -} - -resource subnet 'Microsoft.Network/virtualNetworks/subnets@2021-03-01' existing = { - name: '${split(resourceId, '/')[8]}/${split(resourceId, '/')[10]}' -} - -resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-10-01-preview' = [for principalId in principalIds: { - name: guid(subnet.id, principalId, roleDefinitionIdOrName) - properties: { - description: description - roleDefinitionId: contains(builtInRoleNames, roleDefinitionIdOrName) ? builtInRoleNames[roleDefinitionIdOrName] : roleDefinitionIdOrName - principalId: principalId - principalType: !empty(principalType) ? any(principalType) : null - } - scope: subnet -}] diff --git a/src/carml/v0.6.0/Microsoft.Network/virtualNetworks/subnets/deploy.bicep b/src/carml/v0.6.0/Microsoft.Network/virtualNetworks/subnets/deploy.bicep deleted file mode 100644 index c894752a..00000000 --- a/src/carml/v0.6.0/Microsoft.Network/virtualNetworks/subnets/deploy.bicep +++ /dev/null @@ -1,124 +0,0 @@ -@description('Optional. The Name of the subnet resource.') -param name string - -@description('Conditional. The name of the parent virtual network. Required if the template is used in a standalone deployment.') -param virtualNetworkName string - -@description('Required. The address prefix for the subnet.') -param addressPrefix string - -@description('Optional. The resource ID of the network security group to assign to the subnet.') -param networkSecurityGroupId string = '' - -@description('Optional. The resource ID of the route table to assign to the subnet.') -param routeTableId string = '' - -@description('Optional. The service endpoints to enable on the subnet.') -param serviceEndpoints array = [] - -@description('Optional. The delegations to enable on the subnet.') -param delegations array = [] - -@description('Optional. The resource ID of the NAT Gateway to use for the subnet.') -param natGatewayId string = '' - -@description('Optional. enable or disable apply network policies on private endpoint in the subnet.') -@allowed([ - 'Disabled' - 'Enabled' - '' -]) -param privateEndpointNetworkPolicies string = '' - -@description('Optional. enable or disable apply network policies on private link service in the subnet.') -@allowed([ - 'Disabled' - 'Enabled' - '' -]) -param privateLinkServiceNetworkPolicies string = '' - -@description('Optional. List of address prefixes for the subnet.') -param addressPrefixes array = [] - -@description('Optional. Application gateway IP configurations of virtual network resource.') -param applicationGatewayIpConfigurations array = [] - -@description('Optional. Array of IpAllocation which reference this subnet.') -param ipAllocations array = [] - -@description('Optional. An array of service endpoint policies.') -param serviceEndpointPolicies array = [] - -@description('Optional. Array of role assignment objects that contain the \'roleDefinitionIdOrName\' and \'principalId\' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: \'/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11\'.') -param roleAssignments array = [] - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource virtualNetwork 'Microsoft.Network/virtualNetworks@2021-05-01' existing = { - name: virtualNetworkName -} - -resource subnet 'Microsoft.Network/virtualNetworks/subnets@2021-05-01' = { - name: name - parent: virtualNetwork - properties: { - addressPrefix: addressPrefix - networkSecurityGroup: !empty(networkSecurityGroupId) ? { - id: networkSecurityGroupId - } : null - routeTable: !empty(routeTableId) ? { - id: routeTableId - } : null - natGateway: !empty(natGatewayId) ? { - id: natGatewayId - } : null - serviceEndpoints: serviceEndpoints - delegations: delegations - privateEndpointNetworkPolicies: !empty(privateEndpointNetworkPolicies) ? any(privateEndpointNetworkPolicies) : null - privateLinkServiceNetworkPolicies: !empty(privateLinkServiceNetworkPolicies) ? any(privateLinkServiceNetworkPolicies) : null - addressPrefixes: addressPrefixes - applicationGatewayIpConfigurations: applicationGatewayIpConfigurations - ipAllocations: ipAllocations - serviceEndpointPolicies: serviceEndpointPolicies - } -} - -module subnet_rbac '.bicep/nested_roleAssignments.bicep' = [for (roleAssignment, index) in roleAssignments: { - name: '${uniqueString(deployment().name, subnet.id)}-Subnet-Rbac-${index}' - params: { - description: contains(roleAssignment, 'description') ? roleAssignment.description : '' - principalIds: roleAssignment.principalIds - principalType: contains(roleAssignment, 'principalType') ? roleAssignment.principalType : '' - roleDefinitionIdOrName: roleAssignment.roleDefinitionIdOrName - resourceId: subnet.id - } -}] - -@description('The resource group the virtual network peering was deployed into.') -output resourceGroupName string = resourceGroup().name - -@description('The name of the virtual network peering.') -output name string = subnet.name - -@description('The resource ID of the virtual network peering.') -output resourceId string = subnet.id - -@description('The address prefix for the subnet.') -output subnetAddressPrefix string = subnet.properties.addressPrefix - -@description('List of address prefixes for the subnet.') -output subnetAddressPrefixes array = !empty(addressPrefixes) ? subnet.properties.addressPrefixes : [] diff --git a/src/carml/v0.6.0/Microsoft.Network/virtualNetworks/subnets/readme.md b/src/carml/v0.6.0/Microsoft.Network/virtualNetworks/subnets/readme.md deleted file mode 100644 index d399554d..00000000 --- a/src/carml/v0.6.0/Microsoft.Network/virtualNetworks/subnets/readme.md +++ /dev/null @@ -1,192 +0,0 @@ -# Virtual Network Subnets `[Microsoft.Network/virtualNetworks/subnets]` - -This module deploys a virtual network subnet. - -## Navigation - -- [Resource Types](#Resource-Types) -- [Parameters](#Parameters) -- [Considerations](#Considerations) -- [Outputs](#Outputs) - -## Resource Types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Authorization/roleAssignments` | [2020-10-01-preview](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Authorization/2020-10-01-preview/roleAssignments) | -| `Microsoft.Network/virtualNetworks/subnets` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/virtualNetworks/subnets) | - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `addressPrefix` | string | The address prefix for the subnet. | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `virtualNetworkName` | string | The name of the parent virtual network. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Allowed Values | Description | -| :-- | :-- | :-- | :-- | :-- | -| `addressPrefixes` | array | `[]` | | List of address prefixes for the subnet. | -| `applicationGatewayIpConfigurations` | array | `[]` | | Application gateway IP configurations of virtual network resource. | -| `delegations` | array | `[]` | | The delegations to enable on the subnet. | -| `enableDefaultTelemetry` | bool | `True` | | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `ipAllocations` | array | `[]` | | Array of IpAllocation which reference this subnet. | -| `name` | string | | | The Name of the subnet resource. | -| `natGatewayId` | string | `''` | | The resource ID of the NAT Gateway to use for the subnet. | -| `networkSecurityGroupId` | string | `''` | | The resource ID of the network security group to assign to the subnet. | -| `privateEndpointNetworkPolicies` | string | `''` | `[Disabled, Enabled, ]` | enable or disable apply network policies on private endpoint in the subnet. | -| `privateLinkServiceNetworkPolicies` | string | `''` | `[Disabled, Enabled, ]` | enable or disable apply network policies on private link service in the subnet. | -| `roleAssignments` | array | `[]` | | Array of role assignment objects that contain the 'roleDefinitionIdOrName' and 'principalId' to define RBAC role assignments on this resource. In the roleDefinitionIdOrName attribute, you can provide either the display name of the role definition, or its fully qualified ID in the following format: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11'. | -| `routeTableId` | string | `''` | | The resource ID of the route table to assign to the subnet. | -| `serviceEndpointPolicies` | array | `[]` | | An array of service endpoint policies. | -| `serviceEndpoints` | array | `[]` | | The service endpoints to enable on the subnet. | - - -### Parameter Usage: `delegations` - -

- -Parameter JSON format - -```json -"delegations": [ - { - "name": "sqlMiDel", - "properties": { - "serviceName": "Microsoft.Sql/managedInstances" - } - } -] -``` - -
- -
- -Bicep format - -```bicep -delegations: [ - { - name: 'sqlMiDel' - properties: { - serviceName: 'Microsoft.Sql/managedInstances' - } - } -] -``` - -
-

- -### Parameter Usage: `serviceEndpoints` - -

- -Parameter JSON format - -```json -"serviceEndpoints": [ - "Microsoft.EventHub", - "Microsoft.Sql", - "Microsoft.Storage", - "Microsoft.KeyVault" -] -``` - -
- - -
- -Bicep format - -```bicep -serviceEndpoints: [ - 'Microsoft.EventHub' - 'Microsoft.Sql' - 'Microsoft.Storage' - 'Microsoft.KeyVault' -] -``` - -
-

- -### Parameter Usage: `roleAssignments` - -Create a role assignment for the given resource. If you want to assign a service principal / managed identity that is created in the same deployment, make sure to also specify the `'principalType'` parameter and set it to `'ServicePrincipal'`. This will ensure the role assignment waits for the principal's propagation in Azure. - -

- -Parameter JSON format - -```json -"roleAssignments": { - "value": [ - { - "roleDefinitionIdOrName": "Reader", - "description": "Reader Role Assignment", - "principalIds": [ - "12345678-1234-1234-1234-123456789012", // object 1 - "78945612-1234-1234-1234-123456789012" // object 2 - ] - }, - { - "roleDefinitionIdOrName": "/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11", - "principalIds": [ - "12345678-1234-1234-1234-123456789012" // object 1 - ], - "principalType": "ServicePrincipal" - } - ] -} -``` - -
- -
- -Bicep format - -```bicep -roleAssignments: [ - { - roleDefinitionIdOrName: 'Reader' - description: 'Reader Role Assignment' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - '78945612-1234-1234-1234-123456789012' // object 2 - ] - } - { - roleDefinitionIdOrName: '/providers/Microsoft.Authorization/roleDefinitions/c2f4ef07-c644-48eb-af81-4b1b4947fb11' - principalIds: [ - '12345678-1234-1234-1234-123456789012' // object 1 - ] - principalType: 'ServicePrincipal' - } -] -``` - -
-

- -## Considerations - -The `privateEndpointNetworkPolicies` property must be set to disabled for subnets that contain private endpoints. It confirms that NSGs rules will not apply to private endpoints (currently not supported, [reference](https://docs.microsoft.com/en-us/azure/private-link/private-endpoint-overview#limitations)). Default Value when not specified is "Enabled". - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the virtual network peering. | -| `resourceGroupName` | string | The resource group the virtual network peering was deployed into. | -| `resourceId` | string | The resource ID of the virtual network peering. | -| `subnetAddressPrefix` | string | The address prefix for the subnet. | -| `subnetAddressPrefixes` | array | List of address prefixes for the subnet. | diff --git a/src/carml/v0.6.0/Microsoft.Network/virtualNetworks/subnets/version.json b/src/carml/v0.6.0/Microsoft.Network/virtualNetworks/subnets/version.json deleted file mode 100644 index 56f8d9ca..00000000 --- a/src/carml/v0.6.0/Microsoft.Network/virtualNetworks/subnets/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/src/carml/v0.6.0/Microsoft.Network/virtualNetworks/version.json b/src/carml/v0.6.0/Microsoft.Network/virtualNetworks/version.json deleted file mode 100644 index 56f8d9ca..00000000 --- a/src/carml/v0.6.0/Microsoft.Network/virtualNetworks/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/src/carml/v0.6.0/Microsoft.Network/virtualNetworks/virtualNetworkPeerings/deploy.bicep b/src/carml/v0.6.0/Microsoft.Network/virtualNetworks/virtualNetworkPeerings/deploy.bicep deleted file mode 100644 index 2b03c2c9..00000000 --- a/src/carml/v0.6.0/Microsoft.Network/virtualNetworks/virtualNetworkPeerings/deploy.bicep +++ /dev/null @@ -1,66 +0,0 @@ -@description('Optional. The Name of Vnet Peering resource. If not provided, default value will be localVnetName-remoteVnetName.') -param name string = '${localVnetName}-${last(split(remoteVirtualNetworkId, '/'))}' - -@description('Conditional. The name of the parent Virtual Network to add the peering to. Required if the template is used in a standalone deployment.') -param localVnetName string - -@description('Required. The Resource ID of the VNet that is this Local VNet is being peered to. Should be in the format of a Resource ID.') -param remoteVirtualNetworkId string - -@description('Optional. Whether the forwarded traffic from the VMs in the local virtual network will be allowed/disallowed in remote virtual network. Default is true.') -param allowForwardedTraffic bool = true - -@description('Optional. If gateway links can be used in remote virtual networking to link to this virtual network. Default is false.') -param allowGatewayTransit bool = false - -@description('Optional. Whether the VMs in the local virtual network space would be able to access the VMs in remote virtual network space. Default is true.') -param allowVirtualNetworkAccess bool = true - -@description('Optional. If we need to verify the provisioning state of the remote gateway. Default is true.') -param doNotVerifyRemoteGateways bool = true - -@description('Optional. If remote gateways can be used on this virtual network. If the flag is set to true, and allowGatewayTransit on remote peering is also true, virtual network will use gateways of remote virtual network for transit. Only one peering can have this flag set to true. This flag cannot be set if virtual network already has a gateway. Default is false.') -param useRemoteGateways bool = false - -@description('Optional. Enable telemetry via the Customer Usage Attribution ID (GUID).') -param enableDefaultTelemetry bool = true - -resource defaultTelemetry 'Microsoft.Resources/deployments@2021-04-01' = if (enableDefaultTelemetry) { - name: 'pid-47ed15a6-730a-4827-bcb4-0fd963ffbd82-${uniqueString(deployment().name)}' - properties: { - mode: 'Incremental' - template: { - '$schema': 'https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#' - contentVersion: '1.0.0.0' - resources: [] - } - } -} - -resource virtualNetwork 'Microsoft.Network/virtualNetworks@2021-05-01' existing = { - name: localVnetName -} - -resource virtualNetworkPeering 'Microsoft.Network/virtualNetworks/virtualNetworkPeerings@2021-05-01' = { - name: name - parent: virtualNetwork - properties: { - allowForwardedTraffic: allowForwardedTraffic - allowGatewayTransit: allowGatewayTransit - allowVirtualNetworkAccess: allowVirtualNetworkAccess - doNotVerifyRemoteGateways: doNotVerifyRemoteGateways - useRemoteGateways: useRemoteGateways - remoteVirtualNetwork: { - id: remoteVirtualNetworkId - } - } -} - -@description('The resource group the virtual network peering was deployed into.') -output resourceGroupName string = resourceGroup().name - -@description('The name of the virtual network peering.') -output name string = virtualNetworkPeering.name - -@description('The resource ID of the virtual network peering.') -output resourceId string = virtualNetworkPeering.id diff --git a/src/carml/v0.6.0/Microsoft.Network/virtualNetworks/virtualNetworkPeerings/readme.md b/src/carml/v0.6.0/Microsoft.Network/virtualNetworks/virtualNetworkPeerings/readme.md deleted file mode 100644 index cc666c6e..00000000 --- a/src/carml/v0.6.0/Microsoft.Network/virtualNetworks/virtualNetworkPeerings/readme.md +++ /dev/null @@ -1,54 +0,0 @@ -# VirtualNetworkPeering `[Microsoft.Network/virtualNetworks/virtualNetworkPeerings]` - -This template deploys Virtual Network Peering. - -## Navigation - -- [Resource types](#Resource-types) -- [Parameters](#Parameters) -- [Outputs](#Outputs) - -## Resource types - -| Resource Type | API Version | -| :-- | :-- | -| `Microsoft.Network/virtualNetworks/virtualNetworkPeerings` | [2021-05-01](https://docs.microsoft.com/en-us/azure/templates/Microsoft.Network/2021-05-01/virtualNetworks/virtualNetworkPeerings) | - -### Resource dependency - -The following resources are required to be able to deploy this resource. - -- Local Virtual Network (Identified by the `localVnetName` parameter). -- Remote Virtual Network (Identified by the `remoteVirtualNetworkId` parameter) - -## Parameters - -**Required parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `remoteVirtualNetworkId` | string | The Resource ID of the VNet that is this Local VNet is being peered to. Should be in the format of a Resource ID. | - -**Conditional parameters** -| Parameter Name | Type | Description | -| :-- | :-- | :-- | -| `localVnetName` | string | The name of the parent Virtual Network to add the peering to. Required if the template is used in a standalone deployment. | - -**Optional parameters** -| Parameter Name | Type | Default Value | Description | -| :-- | :-- | :-- | :-- | -| `allowForwardedTraffic` | bool | `True` | Whether the forwarded traffic from the VMs in the local virtual network will be allowed/disallowed in remote virtual network. Default is true. | -| `allowGatewayTransit` | bool | `False` | If gateway links can be used in remote virtual networking to link to this virtual network. Default is false. | -| `allowVirtualNetworkAccess` | bool | `True` | Whether the VMs in the local virtual network space would be able to access the VMs in remote virtual network space. Default is true. | -| `doNotVerifyRemoteGateways` | bool | `True` | If we need to verify the provisioning state of the remote gateway. Default is true. | -| `enableDefaultTelemetry` | bool | `True` | Enable telemetry via the Customer Usage Attribution ID (GUID). | -| `name` | string | `[format('{0}-{1}', parameters('localVnetName'), last(split(parameters('remoteVirtualNetworkId'), '/')))]` | The Name of Vnet Peering resource. If not provided, default value will be localVnetName-remoteVnetName. | -| `useRemoteGateways` | bool | `False` | If remote gateways can be used on this virtual network. If the flag is set to true, and allowGatewayTransit on remote peering is also true, virtual network will use gateways of remote virtual network for transit. Only one peering can have this flag set to true. This flag cannot be set if virtual network already has a gateway. Default is false. | - - -## Outputs - -| Output Name | Type | Description | -| :-- | :-- | :-- | -| `name` | string | The name of the virtual network peering. | -| `resourceGroupName` | string | The resource group the virtual network peering was deployed into. | -| `resourceId` | string | The resource ID of the virtual network peering. | diff --git a/src/carml/v0.6.0/Microsoft.Network/virtualNetworks/virtualNetworkPeerings/version.json b/src/carml/v0.6.0/Microsoft.Network/virtualNetworks/virtualNetworkPeerings/version.json deleted file mode 100644 index 56f8d9ca..00000000 --- a/src/carml/v0.6.0/Microsoft.Network/virtualNetworks/virtualNetworkPeerings/version.json +++ /dev/null @@ -1,4 +0,0 @@ -{ - "$schema": "https://raw.githubusercontent.com/dotnet/Nerdbank.GitVersioning/master/src/NerdBank.GitVersioning/version.schema.json", - "version": "0.4" -} diff --git a/src/self/subResourceWrapper/deploy.bicep b/src/self/subResourceWrapper/deploy.bicep index db0e5372..21b0702d 100644 --- a/src/self/subResourceWrapper/deploy.bicep +++ b/src/self/subResourceWrapper/deploy.bicep @@ -359,7 +359,7 @@ module tagResourceGroup '../../carml/v0.6.0/Microsoft.Resources/tags/deploy.bice } } -module createLzVnet '../../carml/v0.6.0/Microsoft.Network/virtualNetworks/deploy.bicep' = if (virtualNetworkEnabled && !empty(virtualNetworkName) && !empty(virtualNetworkAddressSpace) && !empty(virtualNetworkLocation) && !empty(virtualNetworkResourceGroupName)) { +module createLzVnet 'br/public:avm/res/network/virtual-network:0.1.0' = if (virtualNetworkEnabled && !empty(virtualNetworkName) && !empty(virtualNetworkAddressSpace) && !empty(virtualNetworkLocation) && !empty(virtualNetworkResourceGroupName)) { dependsOn: [ createResourceGroupForLzNetworking ] @@ -371,8 +371,8 @@ module createLzVnet '../../carml/v0.6.0/Microsoft.Network/virtualNetworks/deploy location: virtualNetworkLocation addressPrefixes: virtualNetworkAddressSpace dnsServers: virtualNetworkDnsServers - ddosProtectionPlanId: virtualNetworkDdosPlanId - virtualNetworkPeerings: (virtualNetworkEnabled && virtualNetworkPeeringEnabled && !empty(hubVirtualNetworkResourceIdChecked) && !empty(virtualNetworkName) && !empty(virtualNetworkAddressSpace) && !empty(virtualNetworkLocation) && !empty(virtualNetworkResourceGroupName)) ? [ + ddosProtectionPlanResourceId: virtualNetworkDdosPlanId + peerings: (virtualNetworkEnabled && virtualNetworkPeeringEnabled && !empty(hubVirtualNetworkResourceIdChecked) && !empty(virtualNetworkName) && !empty(virtualNetworkAddressSpace) && !empty(virtualNetworkLocation) && !empty(virtualNetworkResourceGroupName)) ? [ { allowForwardedTraffic: true allowVirtualNetworkAccess: true @@ -386,7 +386,7 @@ module createLzVnet '../../carml/v0.6.0/Microsoft.Network/virtualNetworks/deploy remotePeeringUseRemoteGateways: false } ] : [] - enableDefaultTelemetry: enableTelemetryForCarml + enableTelemetry: disableTelemetry } } @@ -535,7 +535,7 @@ module createDsStorageAccount '../../carml/v0.6.0/Storage/storage-account/deploy } } -module createDsVnet '../../carml/v0.6.0/Microsoft.Network/virtualNetworks/deploy.bicep' = if (!empty(resourceProviders)) { +module createDsVnet 'br/public:avm/res/network/virtual-network:0.1.0' = if (!empty(resourceProviders)) { scope: resourceGroup(subscriptionId, deploymentScriptResourceGroupName) name: deploymentNames.createdsVnet params: { @@ -564,9 +564,11 @@ module createDsVnet '../../carml/v0.6.0/Microsoft.Network/virtualNetworks/deploy ] } ] - enableDefaultTelemetry: enableTelemetryForCarml + enableTelemetry: disableTelemetry } } + + module registerResourceProviders 'br/public:avm/res/resources/deployment-script:0.1.0' = if (!empty(resourceProviders)) { scope: resourceGroup(subscriptionId, deploymentScriptResourceGroupName) name: deploymentNames.registerResourceProviders